Zoek.exe v5.0.0.0 Updated 10-November-2014 Tool run by Acer on di 11-11-2014 at 17:37:22,73. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Acer\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 11-11-2014 17:40:01 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\Acer\AppData\Roaming\vlc deleted successfully C:\Users\Acer\AppData\Local\A6T9gArjHNK deleted successfully C:\Users\Acer\AppData\Local\PACE Anti-Piracy deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1270060042-2372682471-691686803-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_USERS\S-1-5-21-1270060042-2372682471-691686803-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_USERS\S-1-5-21-1270060042-2372682471-691686803-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Acer\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ttnfd deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] ==== Deleting Files \ Folders ====================== C:\fe0a45b220e342b2b246636a026851 not found C:\Program Files (x86)\SupTab not found C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 deleted C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\Users\Acer\AppData\Roaming\WB.CFG deleted C:\Users\Acer\AppData\Roaming\eCyber deleted C:\Users\Acer\AppData\Local\nwhb-v9.4.15.crx deleted C:\Users\Acer\AppData\Local\nsb1EA1.tmp deleted C:\Users\Acer\AppData\Local\nsl2125.tmp deleted C:\Users\Acer\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted C:\WINDOWS\patsearch.bin deleted C:\windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Public\Desktop\YAC.lnk deleted C:\Users\Acer\AppData\Roaming\BOQPYFR.exe deleted C:\Users\Acer\AppData\Roaming\WY.exe deleted "c:\windows\Installer\1d270c.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3912 MB CPU Info: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz CPU Speed: 1919,9 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth-apparaat (Personal Area Network) | Qualcomm Atheros AR5BMD222 Wireless-netwerkadapter CD / DVD Drives: No optical drives found. Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 451,8GB Hard Disks - Free: C: 331,4GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer Hummingbird2 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 38.0.2125.111 Internet Explorer Version: 11.0.9600.17351 Google Chrome version: 38.0.2125.111 Adobe Reader version: 11.0.9.29 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Acer\AppData\Local\Temp ==== 2014-11-11 07:38:19 12722E7F74BDC71B80DBD9AA67539E93 43008 ----a-w- C:\Users\Acer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6mtzxn.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2014-11-10 11:12:41 F7A5EDB11A6BDD2E73FC1DDA4C64A068 49320 ----a-w- C:\WINDOWS\Sysnative\drivers\iSafeNetFilter.sys 2014-11-10 11:12:40 6DB506C282E6AABD391C2AC281D793D3 45224 ----a-w- C:\WINDOWS\Sysnative\drivers\iSafeKrnlBoot.sys 2014-10-16 12:46:38 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-10-16 12:46:33 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-11-10 10:30:25 -------- d-----w- C:\Program Files\trend micro 2014-10-24 07:58:05 -------- d-----w- C:\Program Files\iPod 2014-10-24 07:58:04 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2014-11-10 11:12:32 -------- d-----w- C:\PROGRA~2\Elex-tech 2014-10-24 07:58:04 -------- d-----w- C:\PROGRA~2\iTunes ======= C: ===== ====== C:\Users\Acer\AppData\Roaming ====== 2014-11-10 11:12:32 -------- d-----w- C:\Users\Acer\AppData\Roaming\Elex-tech ====== C:\Users\Acer ====== 2014-11-10 12:53:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Acer\Desktop\RSITx64.exe 2014-11-10 12:52:49 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2014-11-10 11:40:07 E7AAAB8BA25A7986A4FFFB60D18623C6 32601272 ----a-w- C:\Users\Acer\Downloads\Windows-KB890830-x64-V5.17.exe 2014-11-10 11:11:43 ABA8C5BE41977880AB825C8F2CE45DAD 911704 ----a-w- C:\Users\Acer\Downloads\yet_another_cleaner_aed.exe 2014-11-04 12:31:54 EC8759D9FBF9764CF399E5C804BDD323 2 ----a-w- C:\ProgramData\anwbmotor2010.cfg 2014-10-24 08:00:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-24 07:58:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes ====== C: exe-files == 2014-11-10 12:53:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Acer\Desktop\RSITx64.exe 2014-11-10 11:40:07 E7AAAB8BA25A7986A4FFFB60D18623C6 32601272 ----a-w- C:\Users\Acer\Downloads\Windows-KB890830-x64-V5.17.exe 2014-11-10 11:12:35 B97E05F0F93EDCDA1E5A03E2C62F545F 156520 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe 2014-11-10 11:12:35 9AAB1154685774C5151F8AD096D63A1C 484648 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeVirusScanner.exe 2014-11-10 11:12:35 9A8EE66207D62CEBBDB8D29E6D347C69 403752 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\feedback.exe 2014-11-10 11:12:35 68CC0FCD9F2DEE51416E96D433D2340E 296232 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeBugReport.exe 2014-11-10 11:12:35 612D5DD66655569A390B64FE4B555451 424232 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp.exe 2014-11-10 11:12:35 2F57BDD81A02ECD6CF276D99B4D0222C 436520 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp64.exe 2014-11-10 11:12:35 08E390FBBD23B035ECF4F2D813305BE0 605672 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\YacLuckySpin.exe 2014-11-10 11:12:34 F8BD1190744B68C78524CAB92A282E54 337704 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe 2014-11-10 11:12:34 F7B41A288C4B5C49D336B00B394F7995 809256 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe 2014-11-10 11:12:34 D6F8C233DCC5DAA237A1F185D1BAF342 306472 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe 2014-11-10 11:12:34 A03A95B389479B2ADE3A288FA2EA11D1 118048 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe 2014-11-10 11:12:34 876A2F78C2FCC2FB63A54C17A1A1F6BC 173352 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeUpdate.exe 2014-11-10 11:12:34 32279392F606EEDE448C4E4AFFB00027 930728 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe 2014-11-10 11:12:34 21AC38F696EA20C39C956EF6A7DD4B11 301864 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iStart.exe 2014-11-10 11:12:34 11F6F9216D8F77EAC196B07D66E819EA 118048 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe 2014-11-10 11:11:43 ABA8C5BE41977880AB825C8F2CE45DAD 911704 ----a-w- C:\Users\Acer\Downloads\yet_another_cleaner_aed.exe 2014-11-10 10:30:25 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Acer.exe 2014-11-04 21:33:25 93680B96D6C7998998057BA457F2FFBF 35487064 ----a-w- C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe 2014-11-04 18:18:44 45040D9C994C89758A66F2EF8ED31034 97882 ----a-r- C:\Users\Acer\AppData\Local\Microsoft\Windows\FileHistory\Data\844\C\Users\Acer\Desktop\ANWB_Rijopleiding_PC_WindowsXP.exe === C: other files == 2014-11-10 11:12:41 F7A5EDB11A6BDD2E73FC1DDA4C64A068 49320 ----a-w- C:\Windows\System32\drivers\iSafeNetFilter.sys 2014-11-10 11:12:40 6DB506C282E6AABD391C2AC281D793D3 45224 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys 2014-11-10 11:12:35 F7A5EDB11A6BDD2E73FC1DDA4C64A068 49320 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys 2014-11-10 11:12:35 B3ABCBCFC524F2204FE7645D45619BF0 248488 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys 2014-11-10 11:12:35 781D9379B7A5D26A65F2AC6E68775811 65704 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys 2014-11-10 11:12:35 6DB506C282E6AABD391C2AC281D793D3 45224 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys 2014-11-10 11:12:35 073F9B99815F581DFC3318C4A98F7BAF 99496 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1270060042-2372682471-691686803-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Acer\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Acer\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "BtPreLoad"="C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Folders ====================== 2014-09-12 07:59:58 1064 ----a-w- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-09-01 20:35:00 2171 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk 2014-08-06 10:56:32 1230 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-12-2013 18:28] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-12-2013 18:28] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\WINDOWS\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\iuBrowserIEAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe"] "C:\WINDOWS\SysNative\tasks\iuEmailOutlookAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe"] "C:\WINDOWS\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\Smart Timer Task Scheduler" ["%ProgramFiles%\Smart Timer\Smart_Timer.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{54B4B36E-DCB3-4C11-98BE-D1FEEEDF01C0}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Theft Shield\AcerTheftShieldTask" [C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe] ==== Fake Chromium Profiles Check ====================== Fake profile C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aoejbmmillcdifgagjpdlaamnalbielp - C:\Users\Acer\AppData\Local\nwhb-v9.4.15.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions aoejbmmillcdifgagjpdlaamnalbielp - C:\Users\Acer\AppData\Local\nwhb-v9.4.15.crx[] Google Docs - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf TV - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh YouTube - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Free Smileys Emoticons - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl DolceGabbana - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih Google Wallet - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjbbjfdilbioabojmcplalojlmdngbjl_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjbbjfdilbioabojmcplalojlmdngbjl_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1415103718&from=ild&uid=ST500LT012-9WS142_W0V2WJLTXXXXW0V2WJLT&q={searchTerms}" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1415103718&from=ild&uid=ST500LT012-9WS142_W0V2WJLTXXXXW0V2WJLT&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1415103718&from=ild&uid=ST500LT012-9WS142_W0V2WJLTXXXXW0V2WJLT&q={searchTerms}" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1415103718&from=ild&uid=ST500LT012-9WS142_W0V2WJLTXXXXW0V2WJLT&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}" {0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {8CC47D91-18BA-4C5A-88BD-5A42FE7B867F} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1270060042-2372682471-691686803-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully ==== HijackThis Entries ====================== R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Acer\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background O4 - Startup: Dropbox.lnk = C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O4 - Global Startup: CineForm Status.lnk = C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Sleep memory optimizer (FFSOpzSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participações Ltda - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: PDF Architect 2 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\ws.exe O23 - Service: pdfforge CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Acer Theft Shield Service (USecuAppSvc) - Acer Incorporated - c:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=144 folders=45 20456548 bytes) ==== Empty Temp Folders ====================== C:\Users\Acer\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Acer\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 11-11-2014 at 18:02:34,30 ======================