Zoek.exe v5.0.0.0 Updated 30-06-2014 Tool run by user on wo 02-07-2014 at 2:41:11,39. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\user\Downloads\zoek (4).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results20-08-2013-2347.log 83500 bytes C:\zoek-results2013-08-20-221737.log 30780 bytes C:\zoek-results25-03-2013-1602.log 2899 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\McAfee Security Scan deleted successfully C:\PROGRA~2\Naver deleted successfully C:\PROGRA~3\systemk deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\user\AppData\Roaming\rmi deleted successfully C:\Users\user\AppData\Roaming\systweak deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2871622637-3147571663-1438806652-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-2871622637-3147571663-1438806652-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-2871622637-3147571663-1438806652-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_USERS\S-1-5-21-2871622637-3147571663-1438806652-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully HKEY_USERS\S-1-5-21-2871622637-3147571663-1438806652-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.4.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater15.4.0 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Softonic for Windows"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Common Files\AVG Secure Search not found C:\ProgramData\systemk not found C:\Users\user\AppData\Roaming\systweak not found C:\PROGRA~2\Linkey deleted C:\Program Files (x86)\PricePeep deleted C:\ProgramData\McAfee Security Scan deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\chrome.manifest" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\install.rdf" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\content\button.css" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\content\overlay.xul" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\bright_green_19_19.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\default_19_19.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\hard_green_19_19.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\icon.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\icon64.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\orange_19_19.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\red_19_19.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin\yellow_19_19.png" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\content\js\common.js" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\content\js\LinkeyManager.js" deleted "C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\content" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\skin" deleted "C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default\extensions\extension@linkeyproject.com\content\js" deleted "C:\Program Files\McAfee Security Scan" not deleted "C:\Program Files\McAfee Security Scan\3.8.150" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\user\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-06-11 21:28:26 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-06-11 21:28:26 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2014-06-17 01:19:15 E2FB07A5BEA1345435E9A828F783C0A8 3120 ----a-w- C:\Windows\Sysnative\Tasks\{2B98F828-5BC8-4895-9A3E-703842EDC721} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-17 01:47:15 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\user\AppData\Roaming ====== ====== C:\Users\user ====== ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2871622637-3147571663-1438806652-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "PC Speed Maximizer"="C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe" "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Tiny download manager"="C:\Users\user\AppData\Local\DM\TinyDM.exe /M" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "PC Speed Maximizer"="C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe" "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Tiny download manager"="C:\Users\user\AppData\Local\DM\TinyDM.exe /M" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13-05-2014 22:30] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2871622637-3147571663-1438806652-1000Core.job --a------ C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [22-01-2013 22:40] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2871622637-3147571663-1438806652-1000UA.job --a------ C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [22-01-2013 22:40] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-12-2012 17:10] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-12-2012 17:10] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2871622637-3147571663-1438806652-1000Core" [C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2871622637-3147571663-1438806652-1000UA" [C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\{8F404E05-E4AD-435B-84A3-933B4E65B200}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsWLM] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25-07-2013 16:54] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default - PricePeep - %ProfilePath%\extensions\pricepeep@getpricepeep.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7onkgtuy.default A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash FF0D6F82A0EC13952E83B9439100E45D - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\user\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[31-01-2013 03:22] Google Docs - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast WebRep - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda Gmail - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia MSS+ Extension - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh Adblock for Youtube - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk Allin1Convert - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl PricePeep - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb DvdVideoSoft Free Youtube Download - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Google Wallet - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2871622637-3147571663-1438806652-1000\Software\Mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=65 folders=13 20085157 bytes) ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Program Files\McAfee Security Scan" not found ==== EOF on wo 02-07-2014 at 2:54:21,24 ======================