Zoek.exe v5.0.0.0 Updated 05-September-2014 Tool run by Dave on vr 05-09-2014 at 11:00:34,74. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dave\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-09-04-203540.log 76445 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default user.js not found ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.cntry", "NL"); user_pref("extensions.Softonic.cv", "cv5"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.dfltlng", "en"); user_pref("extensions.Softonic.dfltsrch", "false"); user_pref("extensions.Softonic.envrmnt", "production"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.hdrMd5", "C70D8A53C2E05E1DF886660AE26DA867"); user_pref("extensions.Softonic.hmpg", false); user_pref("extensions.Softonic.hrdid", "0ad6956500000000000006265e88a329"); user_pref("extensions.Softonic.id", "0ad6956500000000000006265e88a329"); user_pref("extensions.Softonic.instlDay", "15927"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.instlday", "15927"); user_pref("extensions.Softonic.instlref", "MON00001"); user_pref("extensions.Softonic.isdcmntcmplt", "false"); user_pref("extensions.Softonic.keywordurl", ""); user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.412:08:14"); user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); user_pref("extensions.Softonic.monitorreport", true); user_pref("extensions.Softonic.newTab", false); user_pref("extensions.Softonic.newtab", "false"); user_pref("extensions.Softonic.newtaburl", ""); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prtnrid", "softonic"); user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"101\",\"name\":\"Radio Mambo 106 FM\",\"url\":\"http://www.mambo.it/player/mambo.asx\",\" user_pref("extensions.Softonic.savedVrsnTs", "1"); user_pref("extensions.Softonic.sg", "az"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.smplgrp", "none"); user_pref("extensions.Softonic.srch", ""); user_pref("extensions.Softonic.srchprvdr", ""); user_pref("extensions.Softonic.storage\\storage\\mpvinpagemutex", "1b9a448310b8ae4b41cb67481fcc9a51@@@Fri Feb 28 2014 10:57:45 GMT+0100"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.tlbrid", "base"); user_pref("extensions.Softonic.tlbrsrchurl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.vrsn", "1.6.7.4"); user_pref("extensions.Softonic.vrsnTs", "1.6.7.412:08:14"); user_pref("extensions.Softonic.vrsni", "1.6.7.4"); user_pref("extensions.Softonic.vrsnts", "1.6.7.412:08:14"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.412:08:14"); ---- Lines Softonic modified from prefs.js ---- user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"faststartff@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\Dave\\\\ ---- Lines claro removed from prefs.js ---- user_pref("extensions.claro.admin", false); user_pref("extensions.claro.aflt", "babsst"); user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); user_pref("extensions.claro.autoRvrt", "false"); user_pref("extensions.claro.dfltLng", "en"); user_pref("extensions.claro.excTlbr", false); user_pref("extensions.claro.id", "0ad6956500000000000006265e88a329"); user_pref("extensions.claro.instlDay", "15654"); user_pref("extensions.claro.instlRef", "sst"); user_pref("extensions.claro.prdct", "claro"); user_pref("extensions.claro.prtnrId", "claro"); user_pref("extensions.claro.tlbrId", "claro"); user_pref("extensions.claro.tlbrSrchUrl", ""); user_pref("extensions.claro.vrsn", "1.8.3.10"); user_pref("extensions.claro.vrsni", "1.8.3.10"); user_pref("extensions.claro_i.newTab", false); user_pref("extensions.claro_i.smplGrp", "none"); user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:10:38"); ---- Lines claro modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"faststartff@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\Dave\\\\ ---- Lines Torntv modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"faststartff@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\Dave\\\\ ---- Lines trovi removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=bb73f1aa-85d6-4b57-9787-3aa5eb6ed26f&SearchSourc user_pref("browser.search.defaultenginename", "Trovi search"); user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=bb73f1aa-85d6-4b57-9787-3aa5eb6ed26f&Searc ---- Lines delta modified from prefs.js ---- user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000- ---- Lines bandoo modified from prefs.js ---- user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000- ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); ---- Lines ask.com modified from prefs.js ---- user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000- ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000- ---- Lines gophoto.it modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"faststartff@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\Dave\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_05-09-2014_1126_.backup ProfilePath: C:\Users\Loressa\AppData\Roaming\Mozilla\Firefox\Profiles\wrid2cuz.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_05-09-2014_1126_.backup ==== Deleting Files \ Folders ====================== C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default\extensions\ffxtlbra@softonic.com not found C:\Windows\system32\tasks\SDMsgUpdate (TE) deleted C:\Program Files\BearShare Applications deleted C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default\bprotector_extensions.rdf deleted C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default\bprotector_extensions.sqlite deleted C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default\bprotector_prefs.js deleted C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default\.autoreg deleted "C:\Windows\tasks\SDMsgUpdate (TE).job" deleted "C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default\extensions\gophoto@gophoto.it.xpi" deleted ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== Profilepath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\i7n7m5u6.default 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash FB5621842FDABF9F8359775573498FBC - C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox 99F97C9FE748C37528C338A423577FCB - C:\Users\Dave\AppData\Roaming\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin ==== Chrome Look ====================== DropToS - Dave\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo Torch Helper - Dave\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Torch Music - Dave\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed ==== Chromium Startpages ====================== C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://mysearch.avg.com?cid={27C7E3FA-D424-409B-9FF8-DA2A2A3D8179}&mid=321579db0b0447d2a81fd156505aac32-ef4455af782fa72b28249ad9eed73c4771006a07&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-07-26 21:53:44&v=18.1.8.643&pid=safeguard&sg=&sap=hp", "startup_urls": [ "https://www.google.nl/" ], C:\Users\Dave\AppData\Local\Torch\User Data\Default\Preferences "homepage": "http://home.torchbrowser.com/?systemid=448&appid=144&ua=Torch&clid={CD9E368C-0795-4571-9976-376B34367A96}", "urls_to_restore_on_startup": [ "http://home.torchbrowser.com/?systemid=448&appid=144&ua=Torch&clid={CD9E368C-0795-4571-9976-376B34367A96}" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_nl" ==== Reset Google Chrome ====================== C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Dave\AppData\Local\Torch\User Data\Default\Preferences was reset successfully C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Dave\AppData\Local\Torch\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Loressa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Loressa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\i7n7m5u6.default\Cache emptied successfully C:\Users\Loressa\AppData\Local\Mozilla\Firefox\Profiles\wrid2cuz.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Dave\AppData\Local\Torch\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4290 folders=853 4392867555 bytes) ==== Empty Temp Folders ====================== C:\Users\Dave\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Loressa\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Dave\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 05-09-2014 at 11:36:22,18 ======================