Zoek.exe v5.0.0.0 Updated 07-August-2014 Tool run by Patrick on za 09/08/2014 at 10:50:41,27. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Patrick\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 9/08/2014 10:59:15 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\COMMON~1\Sony Shared deleted successfully C:\PROGRA~2\COMMON~1\Windows Live deleted successfully C:\Program Files\Enigma Software Group deleted successfully C:\Program Files\Common Files\Sony Shared deleted successfully C:\PROGRA~3\ArcSoft deleted successfully C:\PROGRA~3\Avid deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Pinnacle Studio Plus deleted successfully C:\PROGRA~3\ProcessLasso deleted successfully C:\PROGRA~3\Web Page Maker deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\PROGRA~3\{4C666A82-BD7D-4FC2-9B50-106D4D6CBD26} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully C:\Users\Patrick\AppData\Roaming\Vso deleted successfully C:\Users\UpdatusUser\AppData\Roaming\Genie9 deleted successfully C:\Users\Patrick\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully C:\Users\Patrick\AppData\Local\Downloaded Installations deleted successfully C:\Users\Patrick\AppData\Local\LooksBuilder deleted successfully C:\Users\Patrick\AppData\Local\STARGAZE_IMAGE_CACHE deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3130560279-3158009234-3752583673-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_USERS\S-1-5-21-3130560279-3158009234-3752583673-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0E0AC29F-ADB8-4B78-9DAD-AD91705A1B12} deleted successfully HKEY_USERS\S-1-5-21-3130560279-3158009234-3752583673-1001\Software\Microsoft\Internet Explorer\SearchScopes\{61E2AABB-11C2-4586-A39E-AC782E001F70} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\PROGRA~3\{4C666A82-BD7D-4FC2-9B50-106D4D6CBD26} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found C:\Program Files (x86)\Wise\Wise Care 365 deleted C:\Users\Patrick\AppData\Roaming\Wise Care 365 deleted C:\Users\Patrick\AppData\Roaming\Wise Auto Shutdown deleted C:\PROGRA~2\GUTFA85.tmp deleted C:\PROGRA~2\GUMFA74.tmp deleted C:\PROGRA~2\MyFree Codec deleted C:\PROGRA~2\Wondershare deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\install.exe deleted C:\Users\Patrick\AppData\Roaming\Wondershare deleted C:\Users\Patrick\AppData\Roaming\ProcessLassopl_rsrc_temp.dll deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Patrick\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted C:\Users\Patrick\Searches deleted C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\windows\tasks\Wise Care 365 PC Checkup Task.job deleted C:\windows\tasks\Wise Care 365.job deleted C:\windows\tasks\Wise Turbo Checker.job deleted C:\windows\SysNative\tasks\Wise Care 365 deleted C:\windows\SysNative\tasks\Wise Care 365 PC Checkup Task deleted C:\windows\SysNative\tasks\Wise Turbo Checker deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\windows\Syswow64\InstallUtil.InstallLog deleted C:\windows\SysWow64\searchplugins deleted C:\windows\SysWow64\Extensions deleted C:\Users\Patrick\AppData\Roaming\Mozilla\Profiles\h865fvz2.Default User\searchplugins\avg-secure-search.xml deleted C:\Users\Patrick\AppData\Roaming\Mozilla\Profiles\h865fvz2.Default User\bProtector_extensions.sqlite deleted ==== Files Recently Created / Modified ====================== ====== C:\windows ==== 2014-07-28 10:51:16 2931B543E664436A948F76C625E7B551 3939328 ----a-w- C:\windows\Photo! 3D ScreenSaver.scr ====== C:\Users\Patrick\AppData\Local\Temp ==== 2014-08-06 15:48:25 D1B8356365D58B249B8E9E883E115B6A 454656 ----a-w- C:\Users\Patrick\AppData\Local\Temp\Quarantine.exe ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== ====== C:\windows\Sysnative\drivers ===== 2014-07-21 10:36:48 436E1F795F0495B2715116A4EC176803 12760 ----a-w- C:\windows\Sysnative\drivers\PSVolAcc.sys 2014-07-21 10:28:00 D4EB14FDE03002DE63800E378450262F 165360 ----a-w- C:\windows\Sysnative\drivers\psmounterex.sys 2014-07-10 16:26:20 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\windows\Sysnative\drivers\afd.sys ====== C:\windows\Tasks ====== 2014-07-28 16:40:55 4930990FD8368C25DB31A0255DA9242E 3088 ----a-w- C:\windows\Sysnative\Tasks\Process Lasso Management Console (GUI) 2014-07-28 16:40:55 0842E26E052FE44F24F183B3C6D4E105 3094 ----a-w- C:\windows\Sysnative\Tasks\Process Lasso Core Engine Only ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2014-08-08 16:38:29 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-07-29 08:03:04 -------- d-----w- C:\PROGRA~2\ThunderSoft 2014-07-28 11:35:19 -------- d-----w- C:\PROGRA~2\Cartoon Recorder 2014-07-28 10:08:06 -------- d-----w- C:\PROGRA~2\Photo! ======= C: ===== 2014-08-03 15:32:47 338DDA7FB4FF5595EE06EF1A15619955 110907 ----a-w- C:\reflectv5.3-7109-x64-0.dmp ====== C:\Users\Patrick\AppData\Roaming ====== 2014-08-07 18:46:14 9FB69B0DB75774A9DBDA1F3DFFD8E836 180768 ----a-w- C:\Users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-07 18:44:02 E74759915D98D6A2AB1DFD4E2FEAD1BA 464216 ----a-w- C:\windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-08-04 17:36:22 -------- d-----w- C:\Users\Patrick\AppData\Local\Zemana 2014-07-29 08:03:29 -------- d-----w- C:\Users\Patrick\AppData\Roaming\ThunderSoft 2014-07-28 13:42:58 E700C7080942685BB13138D0F9F0400F 8419 ----a-w- C:\Users\Patrick\AppData\Local\recently-used.xbel 2014-07-28 11:17:00 -------- d-----w- C:\Users\Patrick\AppData\Local\gtk-2.0 2014-07-28 10:51:16 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Photo! 3D Album 2014-07-19 09:35:08 -------- d-----w- C:\Users\Patrick\AppData\Local\Adobe ====== C:\Users\Patrick ====== 2014-08-07 19:13:39 54606E9A6FE402749179C767A6A1FDA8 1475072 ----a-w- C:\Users\Patrick\Desktop\adwcleaner_3.303.exe 2014-08-04 17:36:21 -------- dc-h--w- C:\ProgramData\{727C5CC8-3A5E-4517-BA8B-35A93F9B2EBD} 2014-08-03 09:26:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer 2014-08-03 08:55:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365 2014-07-29 08:03:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft 2014-07-28 10:08:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo! 2014-07-15 09:45:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Auto Shutdown ====== C: exe-files == 2014-08-09 08:48:57 05B19D2BA03314E86ED15CA4B9A0318B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3130560279-3158009234-3752583673-1001\$IMJ5CKQ.exe 2014-08-08 16:38:30 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Patrick.exe 2014-08-08 16:37:39 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\$Recycle.Bin\S-1-5-21-3130560279-3158009234-3752583673-1001\$RMJ5CKQ.exe 2014-08-07 19:25:42 CB97C42F7B16CBE6BFD946145C3CEA20 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3130560279-3158009234-3752583673-1001\$IMFW51Q.exe 2014-08-07 19:13:39 54606E9A6FE402749179C767A6A1FDA8 1475072 ----a-w- C:\Users\Patrick\Desktop\adwcleaner_3.303.exe 2014-08-07 19:13:25 A1CD385492D724639D86F5118871708D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3130560279-3158009234-3752583673-1001\$IOF7VJY.exe 2014-08-07 19:13:01 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\$Recycle.Bin\S-1-5-21-3130560279-3158009234-3752583673-1001\$RMFW51Q.exe 2014-08-07 18:56:25 54606E9A6FE402749179C767A6A1FDA8 1475072 ----a-w- C:\$Recycle.Bin\S-1-5-21-3130560279-3158009234-3752583673-1001\$ROF7VJY.exe 2014-08-06 15:48:25 D1B8356365D58B249B8E9E883E115B6A 454656 ----a-w- C:\Users\Patrick\AppData\Local\Temp\Quarantine.exe 2014-08-04 17:36:21 949DB2E88FE5B7F63F8FE21A52F097D4 2692152 -c--a-w- C:\ProgramData\{727C5CC8-3A5E-4517-BA8B-35A93F9B2EBD}\Setup.exe 2014-08-04 08:10:14 10E17209C73CCF2FAA7388B8DBB3BA8A 5972528 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgcrema.exe 2014-08-03 09:26:29 5F48AE55A3804C494976DAC2548049F7 1439880 ----a-w- C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe 2014-08-03 09:26:29 49BFB5EF6C4539FAF3AB43B42B66B9CA 1240712 ----a-w- C:\Program Files (x86)\Wise\Wise Memory Optimizer\unins000.exe 2014-08-02 11:47:07 B313836AFC4A0CA4483E029D4ACD87FE 394152 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005e5e\updatus.18742786_RUNASUSER.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3130560279-3158009234-3752583673-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Blue Jet Button"="C:\Program Files (x86)\Blue Jet Button\bjb.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "AntiLogger"="C:\Program Files (x86)\AntiLogger\AntiLogger.exe /minimized" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Blue Jet Button"="C:\Program Files (x86)\Blue Jet Button\bjb.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll, C:\\windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "BitTorrent"="\"C:\\Users\\Patrick\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED" "Spotify Web Helper"="\"C:\\Users\\Patrick\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent] "command"="rundll32.exe \"C:\\Program Files (x86)\\Intel\\Bluetooth\\btmshell.dll\",TrayApp" "hkey"="HKLM" "item"="BTMTrayAgent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE4] "command"="\"C:\\Program Files (x86)\\ScanSoft\\OmniPageSE4\\OpwareSE4.exe\"" "hkey"="HKLM" "item"="OpwareSE4" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSBkgdUpdate] "command"="\"C:\\Program Files (x86)\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "hkey"="HKLM" "item"="SSBkgdUpdate" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "hkey"="HKLM" "item"="SynTPEnh" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/07/2014 16:49] C:\windows\tasks\CCleanerClean.job --a------ C:\Program Files\C:leaner\C:leaner.exe [] C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3130560279-3158009234-3752583673-1001Core.job --a------ C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [07/03/2014 18:56] C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3130560279-3158009234-3752583673-1001UA.job --a------ C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [07/03/2014 18:56] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/04/2013 19:05] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/04/2013 19:05] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\SysNative\tasks\advSRS5" ["C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"] "C:\windows\SysNative\tasks\AnVir Task Manager" [C:\Program Files (x86)\AnVir Task Manager Pro\anvir.exe] "C:\windows\SysNative\tasks\CCleanerClean" [C:\Program Files\CCleaner\CCleaner.exe] "C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\SysNative\tasks\EasyBatteryManager" ["%ProgramFiles(x86)%\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe"] "C:\windows\SysNative\tasks\EasyDisplayMgr" ["C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe"] "C:\windows\SysNative\tasks\EasySettings" ["C:\Program Files (x86)\Samsung\Easy Settings\sSettings.exe"] "C:\windows\SysNative\tasks\EasySettings_config" ["C:\Program Files (x86)\Samsung\Easy Settings\sSettings.exe"] "C:\windows\SysNative\tasks\EasySpeedUpManager" ["%programfiles(x86)%\Samsung\Easy Settings\EasySpeedUpManager.exe"] "C:\windows\SysNative\tasks\EasySupportCenter" ["%ProgramFiles%\Samsung\Easy Support Center\SamoyedAgent.exe"] "C:\windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3130560279-3158009234-3752583673-1001Core" [C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3130560279-3158009234-3752583673-1001UA" [C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\windows\SysNative\tasks\MovieColorEnhancer" ["%programfiles(x86)%\Samsung\Easy Settings\MovieColorEnhancer.exe"] "C:\windows\SysNative\tasks\Process Lasso Core Engine Only" [C:\Program Files\Process Lasso\processgovernor.exe] "C:\windows\SysNative\tasks\Process Lasso Management Console (GUI)" [C:\Program Files\Process Lasso\processlasso.exe] "C:\windows\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"] "C:\windows\SysNative\tasks\SCCSpeedBoot" ["%programfiles(x86)%\Samsung\Easy Settings\SCCSpeedBoot.exe"] "C:\windows\SysNative\tasks\SmartDefragUpdate" [C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe] "C:\windows\SysNative\tasks\SmartSetting" ["%programfiles(x86)%\Samsung\Easy Settings\SmartSetting.exe"] "C:\windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe] "C:\windows\SysNative\tasks\WLANStartup" ["%programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe"] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\irh8nbzo.default - DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com - Super Start - %ProfilePath%\extensions\superstart@enjoyfreeware.org - FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} - Tweak Network - %ProfilePath%\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA} - Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi - Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi - Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Patrick\AppData\Roaming\TomTom\HOME\Profiles\a0rb66g0.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Profiles\h865fvz2.Default User - Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} - FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} - Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Undetermined - %ProfilePath%\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}.xpi - FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\1x3f4a2y.default - Undetermined - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} - Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com.xpi - Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi - Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Undetermined - %ProfilePath%\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}.xpi - FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\6wxj09rv.default 15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\irh8nbzo.default 4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Patrick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin AE7B288233C212C62CD544BF768C45E6 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll - Shockwave for Director / Shockwave for Director 71B61A08992B0F895288CAAB2B43E3F7 - C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player ==== Chrome Look ====================== Last updated at time on date - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Wallet - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://bocciapatrick.tk/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://bocciapatrick.tk/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{51E8390C-7714-4600-B15B-F91753A43268}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {51E8390C-7714-4600-B15B-F91753A43268} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Patrick\AppData\Local\Mozilla\Firefox\Profiles\irh8nbzo.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2070 folders=168 314451074 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Patrick\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Patrick\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Patrick\AppData\Roaming\Malwarebytes" not deleted ==== EOF on za 09/08/2014 at 11:26:33,63 ======================