Zoek.exe v5.0.0.0 Updated 06-August-2014 Tool run by PATRICK on vr 05/09/2014 at 9:34:30,25. Running in: Normal Mode No Internet Access Detected Launched: C:\Users\PATRICK\AppData\Local\Temp\Rar$EXa0.010\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-07-21-083624.log 22104 bytes C:\zoek-results2014-09-01-124151.log 523 bytes C:\zoek-results2014-09-01-133858.log 15230 bytes C:\zoek-results2014-09-04-072647.log 13195 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PrivDogService"=- [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "PrivDog@AdTrustMedia.com"=- ==== Deleting Files \ Folders ====================== C:\Users\PATRICK\Searches deleted "C:\Users\PATRICK\AppData\Roaming\Mozilla\Firefox\Profiles\n5db0g9x.default-1405878230274\extensions\PrivDog@AdTrustMedia.com.xpi" deleted "C:\windows\wininit.ini" not deleted "C:\windows\SysNative\config\systemprofile\Searches\desktop.ini" not deleted "C:\windows\SysNative\config\systemprofile\Searches\Indexed Locations.search-ms" not deleted "C:\Users\PATRICK\AppData\Local\AdTrustMedia\PrivDog\PrivDog_ie_setup.exe" not deleted "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe" not deleted "C:\Users\PATRICK\AppData\Local\AdTrustMedia" not deleted "C:\Program Files (x86)\AdTrustMedia" not deleted "C:\windows\SysNative\config\systemprofile\Searches" not deleted "C:\Users\PATRICK\AppData\Local\AdTrustMedia\PrivDog" not deleted "C:\Program Files (x86)\AdTrustMedia\PrivDog" not deleted "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15" not deleted ==== Files Recently Created / Modified ====================== ====== C:\windows ==== 2014-08-16 17:15:25 F64DF154AF6B80760F3ED5BDD2527502 46 ----a-w- C:\windows\wininit.ini ====== C:\Users\PATRICK\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2014-08-28 07:23:00 568D6F1C730EC3A9B381F01020D600DC 4148224 ----a-w- C:\windows\Sysnative\win32k.sys ====== C:\windows\Sysnative\drivers ===== 2014-08-13 07:35:33 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\windows\Sysnative\drivers\dxgkrnl.sys 2014-08-13 07:33:47 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\windows\Sysnative\drivers\usbport.sys 2014-08-13 07:33:47 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\windows\Sysnative\drivers\usbd.sys 2014-08-13 07:33:47 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\windows\Sysnative\drivers\usbhub.sys 2014-08-13 07:33:47 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\windows\Sysnative\drivers\usbehci.sys 2014-08-13 07:33:47 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\windows\Sysnative\drivers\tcpip.sys 2014-08-13 07:33:47 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\windows\Sysnative\drivers\usbuhci.sys 2014-08-13 07:33:46 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\windows\Sysnative\drivers\WUDFPf.sys 2014-08-13 07:33:46 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\windows\Sysnative\drivers\USBHUB3.SYS 2014-08-13 07:33:46 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\windows\Sysnative\drivers\WUDFRd.sys ====== C:\windows\Tasks ====== 2014-08-16 16:53:42 CD82E9405FA493E2602AFB65E2FE0867 3028 ----a-w- C:\windows\Sysnative\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} 2014-08-16 16:53:40 -------- d-----w- C:\windows\Sysnative\Tasks\COMODO ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2014-08-16 16:52:48 -------- d-----w- C:\Program Files\COMODO ======= C:\PROGRA~2 ===== 2014-08-16 16:53:02 -------- d-----w- C:\PROGRA~2\AdTrustMedia ======= C: ===== ====== C:\Users\PATRICK\AppData\Roaming ====== 2014-09-05 05:07:52 -------- d-----w- C:\Users\PATRICK\AppData\Local\Adobe 2014-09-04 07:26:46 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-09-04 07:26:46 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-08-17 07:32:50 -------- d-----w- C:\Users\PATRICK\AppData\Local\AdTrustMedia 2014-08-16 16:53:01 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Locallow\COMODO 2014-08-16 16:52:41 -------- d-----w- C:\Users\PATRICK\AppData\Local\Comodo ====== C:\Users\PATRICK ====== 2014-08-16 16:52:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2014-08-16 16:52:25 -------- d-----w- C:\ProgramData\Comodo Downloader 2014-08-16 16:51:28 -------- d-----w- C:\ProgramData\Comodo 2014-08-14 06:58:31 -------- d-----r- C:\windows\SysNative\config\systemprofile\Searches ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui" "OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe" "OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe" "BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27/08/2014 11:37] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\windows\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\windows\SysNative\tasks\User_Feed_Synchronization-{E6FB1735-DA8A-431B-9428-C11287962EB6}" [C:\windows\system32\msfeedssync.exe] "C:\windows\SysNative\tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" [C:\Program Files\COMODO\COMODO Internet Security\cistray.exe] "C:\windows\SysNative\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\windows\SysNative\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\PATRICK\AppData\Roaming\Mozilla\Firefox\Profiles\n5db0g9x.default-1405878230274 9EE20E6E2E3F94714D44F739B9A228F4 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ ==== Chrome Look ====================== Comodo DragDrop Service - PATRICK\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo Comodo Web Inspector - PATRICK\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn Comodo Share Page Service - PATRICK\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf Google Wallet - PATRICK\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-29906-12136-18/4" ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\PATRICK\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\PATRICK\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\PATRICK\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=10 folders=8 31306147 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\PATRICK\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at reboot C:\windows\Temp will be emptied at reboot