Zoek.exe v5.0.0.0 Updated 15-01-2015 Tool run by dannywintjens on zo 18-01-2015 at 22:26:35,17. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\dannywintjens\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-18-193157.log 71463 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Services deleted successfully C:\Program Files\Common Files\Services deleted successfully C:\PROGRA~3\firebird deleted successfully C:\PROGRA~3\Gyazo deleted successfully C:\PROGRA~3\Safeweb deleted successfully C:\PROGRA~3\Z-Software deleted successfully C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\Users\dannywintjens\AppData\Roaming\CrystalSpace deleted successfully C:\Users\dannywintjens\AppData\Roaming\HpUpdate deleted successfully C:\Users\dannywintjens\AppData\Roaming\VoipBuster deleted successfully C:\Users\dannywintjens\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\dannywintjens\AppData\Local\Fallout3 deleted successfully C:\Users\dannywintjens\AppData\Local\LogMeIn Hamachi deleted successfully C:\Users\dannywintjens\AppData\Local\SpacialAudio deleted successfully C:\Users\dannywintjens\AppData\Local\Windows Live Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2480803176-3389462879-1122066420-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{E4935D75-87EE-40C6-B430-7434FB685DEC} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\DANNYW~1\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default ---- Lines trovi removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M6F95EFD3-71A8-48E6-8E8C-6DB51F7CCC6B&SearchSour user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M6F95EFD3-71A8-48E6-8E8C-6DB51F7CCC6B&Sear ---- FireFox user.js and prefs.js backups ---- user_18-01-2015_2323_.backup prefs_18-01-2015_2323_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\Users\dannywintjens\AppData\Local\playnowradio deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\install.exe deleted C:\Users\dannywintjens\AppData\Roaming\System Speedup deleted C:\Users\dannywintjens\AppData\Roaming\Adobe32 deleted C:\Users\dannywintjens\AppData\Roaming\systweak deleted C:\PROGRA~3\Systweak deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\dannywintjens\AppData\Local\SearchProtect deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\dannywintjens\AppData\LocalLow\ADSRemoval deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\SET761C.tmp deleted C:\Windows\Syswow64\SET7E4C.tmp deleted C:\Windows\Syswow64\SET7F8F.tmp deleted C:\Windows\Syswow64\SET8540.tmp deleted C:\Windows\Syswow64\SET8735.tmp deleted C:\Windows\Syswow64\SET938D.tmp deleted C:\Windows\Syswow64\SETACAC.tmp deleted C:\Windows\Syswow64\SETD35B.tmp deleted C:\Windows\Syswow64\SETDD7D.tmp deleted C:\Users\dannywintjens\Documents\Optimizer Pro deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\DANNYW~1\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M6F95EFD3-71A8-48E6-8E8C-6DB51F7CCC6B&SearchSource=55&CUI=&UM=6&UP=SP723F71E7-04DF-4020-852F-40388AB9A103&SSPV="); user_pref("browser.search.selectedEngine", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [19-11-2014 04:19] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [19-11-2014 04:19] ==== Firefox Extensions ====================== ProfilePath: C:\Users\DANNYW~1\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default - Advanced SystemCare Surfing Protection - C:\Users\dannywintjens\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default\extensions\iobitascsurfingprotection@iobit.com - Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - Undetermined - iobitascsurfingprotection@iobit.com - Undetermined - wrc@avast.com - Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\dannywintjens\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default 5950D438CD3DDF2DD50D9FA4E07A6C1C - C:\Users\dannywintjens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player ABE2E50533899C45DFA03E1D8767648F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\dannywintjens\AppData\Local\Torch deleted Fake profile C:\Users\dannywintjens\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\dannywintjens\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Torch deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Torch deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[04-08-2014 11:17] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21-11-2014 13:52] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14-07-2014 18:22] pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[19-11-2014 00:24] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[20-03-2014 17:06] Google Slides - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek HD for YouTube™ - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf Google Docs - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Adblock for Youtube - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk Google Search - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Facebook Customizer (by Adblock Plus) - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm avast SafePrice - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Google Sheets - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avast Online Security - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Adblock For Youtube - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdofdiiecohafjapmddfpbgjcpelonk Skype Click to Call - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia RoboForm - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob ==== Chromium Fix ====================== C:\Users\dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?ocid=iehp" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?ocid=iehp" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2480803176-3389462879-1122066420-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-2480803176-3389462879-1122066420-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2480803176-3389462879-1122066420-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSKAppManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OHZBSYB will be deleted at reboot C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEH4G25P will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\dannywintjens\AppData\Local\Mozilla\Firefox\Profiles\c3sqde0w.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1495 folders=256 477399720 bytes) ==== Empty Temp Folders ====================== C:\Users\dannywintjens\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DANNYW~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OHZBSYB" not found "C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEH4G25P" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on ma 19-01-2015 at 5:15:53,94 ======================