Zoek.exe v5.0.0.0 Updated 31-12-2014 Tool run by Gringo on wo 07-01-2015 at 18:32:25,28. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gringo\Desktop\zoek.exe.com [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-07-133415.log 48795 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\TomTom DesktopSuite deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{353F8B64-A4FB-40C1-A19F-D7582368D393} deleted successfully HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B296A539-15FE-4DEF-9F15-F38537E622C2} deleted successfully HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D864C420-C2E5-4E13-A640-470E21315846} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Gringo\AppData\Roaming\Mozilla\Firefox\Profiles\wlzle221.default ---- Lines Softonic removed from prefs.js ---- user_pref("browser.search.order.1", "Search the web (Softonic)"); user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.cntry", "NL"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.dfltSrch", true); user_pref("extensions.Softonic.dnsErr", true); user_pref("extensions.Softonic.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,75 user_pref("extensions.Softonic.dspFFXOld", ""); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.ffxUnstlRst", false); user_pref("extensions.Softonic.hdrMd5", "F34A9A30C30C07BFA547CC5055905C79"); user_pref("extensions.Softonic.hmpg", true); user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=f49dd944000000000000c018856e788a"); user_pref("extensions.Softonic.hpFFXOld", "https://www.google.nl/"); user_pref("extensions.Softonic.hpOld0", "https://www.google.nl/"); user_pref("extensions.Softonic.id", "f49dd944000000000000c018856e788a"); user_pref("extensions.Softonic.instlDay", "15902"); user_pref("extensions.Softonic.instlRef", "MOY00011"); user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=f49dd944000000000000c018856e788a&q="); user_pref("extensions.Softonic.lastB", "https://www.google.nl/"); user_pref("extensions.Softonic.lastVrsnTs", "1.8.19.321:51:34"); user_pref("extensions.Softonic.newTab", true); user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=f49dd944000000000000c018856e788a"); user_pref("extensions.Softonic.pnu_2013desingbrand", "{\"newVrsn\":\"58\",\"lastVrsn\":\"58\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\ user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrt", "false"); user_pref("extensions.Softonic.sg", "none"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); user_pref("extensions.Softonic.tlbrId", "2013desingbrand"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=f49dd944000000000000c018856e788a&q="); user_pref("extensions.Softonic.vrsn", "1.8.19.3"); user_pref("extensions.Softonic.vrsnTs", "1.8.19.321:51:34"); user_pref("extensions.Softonic.vrsni", "1.8.19.3"); ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.hpOld0", "https://www.google.nl/"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=f49dd944000000000000c018856e788a&q="); user_pref("extensions.Softonic.id", "f49dd944000000000000c018856e788a"); user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); user_pref("extensions.Softonic.instlDay", "15902"); user_pref("extensions.Softonic.vrsn", "1.8.19.3"); user_pref("extensions.Softonic.vrsni", "1.8.19.3"); user_pref("extensions.Softonic.vrsnTs", "1.8.19.321:51:34"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "2013desingbrand"); user_pref("extensions.Softonic.instlRef", "MOY00011"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.ffxUnstlRst", false); user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.rvrt", "false"); user_pref("extensions.Softonic.hmpg", true); user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=f49dd944000000000000c018856e788a"); user_pref("extensions.Softonic.dfltSrch", true); user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=f49dd944000000000000c018856e788a&q="); user_pref("extensions.Softonic.dnsErr", true); user_pref("extensions.Softonic.newTab", true); user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=f49dd944000000000000c018856e788a"); ---- Lines {a3a5c777-f583-4fef-9380-ab4add1bc2a8} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\ ---- Lines {4ED1F68A-5463-4931-9384-8FFF5ED91D92} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- user_07-01-2015_1908_.backup prefs_07-01-2015_1908_.backup ProfilePath: C:\Users\Gringo\AppData\Roaming\TomTom\HOME\Profiles\1c5173ns.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_07-01-2015_1908_.backup ==== Deleting Files \ Folders ====================== C:\Users\Gringo\AppData\Roaming\Mozilla\Firefox\Profiles\wlzle221.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi deleted C:\PROGRA~2\Softonic deleted C:\PROGRA~2\RegClean Pro deleted C:\PROGRA~2\Wondershare deleted C:\Users\Gringo\AppData\Roaming\Wondershare deleted C:\Users\Gringo\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Gringo\Downloads\sysrc_trial_25044.exe deleted C:\Users\Gringo\AppData\LocalLow\Softonic deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Gringo\AppData\Roaming\Mozilla\Firefox\Profiles\wlzle221.default\extensions\firefoxdav@icloud.com deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\PROGRA~2\COMMON~1\Wondershare" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Gringo\AppData\Roaming\Mozilla\Firefox\Profiles\wlzle221.default user_pref("browser.startup.homepage", "https://www.google.nl/?gfe_rd=ctrl&ei=iOQEU72HCqqG8QfUzIDIDQ&gws_rd=cr"); user_pref("keyword.URL", "http://search.yahoo.com/search?fr=mcafee&p="); ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 11:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Gringo\AppData\Roaming\Mozilla\Firefox\Profiles\wlzle221.default - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - Undetermined - {a3a5c777-f583-4fef-9380-ab4add1bc2a8} - Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} ProfilePath: C:\Users\Gringo\AppData\Roaming\TomTom\HOME\Profiles\1c5173ns.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gringo\AppData\Roaming\Mozilla\Firefox\Profiles\wlzle221.default 424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash AE7B288233C212C62CD544BF768C45E6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] elchiiiejkobdbblfejjkbphbddgmljf - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\Softonic.crx[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[30-10-2014 14:36] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=f49dd944000000000000c018856e788a" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=f49dd944000000000000c018856e788a" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{2DD2ACFE-6BA1-44DF-9640-D57BBF294D60}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" {2DD2ACFE-6BA1-44DF-9640-D57BBF294D60} Google Url="https://www.google.com/search?q={searchTerms}" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_USERS\S-1-5-21-3353543139-39709760-3134028118-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gringo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gringo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUXAASX3 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Gringo\AppData\Local\Mozilla\Firefox\Profiles\wlzle221.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=581 folders=119 186594261 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gringo\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Gringo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Gringo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUXAASX3" not found ==== EOF on wo 07-01-2015 at 19:21:33,42 ======================