Zoek.exe v5.0.0.1 Updated 25-October-2015 Tool run by hermonneke on do 29-10-2015 at 9:53:12,31. Microsoft Windows 10 Home 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hermonneke\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 29-10-2015 10:00:42 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\McAfee Security Scan deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\HitmanPro deleted successfully C:\Program Files\Windows Media Player deleted successfully C:\PROGRA~3\CanonIJPLM deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\moekejose\AppData\Local deleted successfully C:\Users\hermonneke\AppData\Local\Amazon deleted successfully C:\Users\hermonneke\AppData\Local\CrashDumps deleted successfully C:\Users\hermonneke\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\hermonneke\AppData\Local\EmieSiteList deleted successfully C:\Users\hermonneke\AppData\Local\EmieUserList deleted successfully C:\Users\hermonneke\AppData\Local\NetworkTiles deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\CrashDumps deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\EmieSiteList deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\EmieUserList deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\NetworkTiles deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{0FD170F2-4280-4AAA-A5F4-CA831DCB9A1C} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{1060542A-8C39-4090-8AFA-62461D73329D} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{144A3BF6-08F0-4913-8D0E-5D19A25EDD2D} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{158334BC-8C28-46F0-A1FF-C04C1F9B6D92} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{1E33486A-A321-4FA9-ACC9-23DDAF4FA6E6} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{4604D229-87CC-464E-ADEF-DD36D14F199A} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{49063EE3-0C53-435C-B46D-2C16A92C1E67} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{4942DA75-F02A-4B27-8242-75A86F060EC2} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{51E3B185-1FCF-4FA3-A9B2-B74DB38DBBA8} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{536D487C-9FAE-4A39-8F20-9CBD51D9E344} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{57087EC9-6E50-49D4-A759-271434C388EC} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{6FCF6724-5748-4423-B078-ED36D9DBD1C1} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{89791A9A-39A7-4442-A145-BC8219EF0B13} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{91EB8C1A-19D8-4AA0-88E4-8A7F80DB3CA4} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{9492EEBB-8A06-4BC5-8DB6-46D8E2910507} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{997B75F4-3262-4BBB-96D5-24CF3900279E} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{A64A65DC-2AC2-4C8B-A86A-F4E4E298B7F2} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{ADE2C664-1887-460B-85D3-387CC21BD700} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{B158785B-460A-4333-A6EC-9D9E6DE679B1} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{B3CC5764-3B19-436F-82B0-1442CDAD73FE} deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\{F4DEE0BB-09E3-4611-BC72-FE8DB4F45B6C} deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\HERMON~1\AppData\Roaming\Mozilla\Firefox\Profiles\gvp0nt3e.default-1424006294058 user.js not found ---- Lines Clock Hand removed from prefs.js ---- user_pref("extensions.Clock Hand.asul", "1424338863038"); user_pref("extensions.Clock Hand.aul", "1424338561652"); user_pref("extensions.Clock Hand.irl", true); user_pref("extensions.Clock Hand.is", "isgiwhBE"); user_pref("extensions.Clock Hand.ug", "4A8D8CE6-6387-4AB8-B236-D1CD99FAAE5F"); ---- FireFox user.js and prefs.js backups ---- prefs_29-10-2015_1017_.backup ProfilePath: C:\Users\MOEKEJ~1.ERM\AppData\Roaming\Mozilla\Firefox\Profiles\44s8oze8.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_29-10-2015_1017_.backup ProfilePath: C:\Users\HERMON~1\AppData\Roaming\Mozilla\Firefox\Profiles\fxmz36qt.default-1445700006325 prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\McAfee Security Scan not found C:\PROGRA~2\DriverFinder deleted C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\hermonneke\AppData\LocalLow\pandasecuritytb deleted C:\Users\HERMON~1\AppData\Roaming\Mozilla\Firefox\Profiles\fxmz36qt.default-1445700006325\jetpack deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\MOEKEJ~1.ERM\AppData\Roaming\Mozilla\Firefox\Profiles\44s8oze8.default - Facebook Message Seen Disable - %ProfilePath%\extensions\{7b9de502-149c-8165-ec2c-db01128febfe}.xpi ProfilePath: C:\Users\HERMON~1\AppData\Roaming\Mozilla\Firefox\Profiles\fxmz36qt.default-1445700006325 - Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\hermonneke\AppData\Roaming\Mozilla\Firefox\Profiles\fxmz36qt.default-1445700006325 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013 F556A64AB2DB1BD834E7C89CE211516B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash Profilepath: C:\Users\hermonneke\AppData\Roaming\Mozilla\Firefox\Profiles\gvp0nt3e.default-1424006294058 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013 F556A64AB2DB1BD834E7C89CE211516B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bfmogjcijkfeahcajecmmegieipfbdcc - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[17-08-2011 23:51] Google Slides - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - hermonneke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Default_Page_URL"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.bing.com/search?FORM=IE8SRC&q=%s" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {53FB1DF5-7AE7-4B50-AF1A-C6ECEBB06B7C} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" {738BCF00-0B2C-4328-A658-5F16F648D0FA} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\hermonneke\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\hermonneke\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\hermonneke\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1366266881-1316404835-1703995236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53FB1DF5-7AE7-4B50-AF1A-C6ECEBB06B7C} deleted successfully HKEY_USERS\S-1-5-21-1366266881-1316404835-1703995236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-1366266881-1316404835-1703995236-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{53FB1DF5-7AE7-4B50-AF1A-C6ECEBB06B7C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53FB1DF5-7AE7-4B50-AF1A-C6ECEBB06B7C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\hermonneke\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\hermonneke\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\hermonneke\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\hermonneke\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\hermonneke\AppData\Local\Mozilla\Firefox\Profiles\fxmz36qt.default-1445700006325\cache2 emptied successfully C:\Users\hermonneke\AppData\Local\Mozilla\Firefox\Profiles\gvp0nt3e.default-1424006294058\cache2 emptied successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Mozilla\Firefox\Profiles\44s8oze8.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\hermonneke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\moekejose.ERMONNEKE-HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=31 folders=14 48042463 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\HERMON~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 29-10-2015 at 10:25:46,70 ======================