Zoek.exe v5.0.0.1 Updated 25-October-2015 Tool run by pietj_000 on do 29-10-2015 at 7:21:05,53. Microsoft Windows 10 Pro 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: G:\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-10-29-061922.log 1063 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files\FileZilla FTP Client\fzshellext_64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\InstallShield Installation Information deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\IDM deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Abstract Build\AppData\Local\28346 deleted successfully C:\Users\Abstract Build\AppData\Local\calibre-cache deleted successfully C:\Users\Abstract Build\AppData\Local\NetworkTiles deleted successfully C:\Users\Abstract Build\AppData\Local\PeerDistRepub deleted successfully C:\Users\pietj_000\AppData\Local\NetworkTiles deleted successfully C:\Users\pietj_000\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdateSvc deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Abstract Build\AppData\Roaming\Mozilla\Firefox\Profiles\a32ju2px.default-1428145101168 ---- Lines yahoo removed from prefs.js ---- user_pref("keyword.URL", "https://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "14fd037cceafe057cf250223c43dbc74"); ---- FireFox user.js and prefs.js backups ---- user_29-10-2015_0738_.backup prefs_29-10-2015_0738_.backup ProfilePath: C:\Users\Abstract Build\AppData\Roaming\Mozilla\Firefox\Profiles\sdwdcxps.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("browser.startup.homepage", "http://es.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_23¶m1=1& ---- FireFox user.js and prefs.js backups ---- prefs_29-10-2015_0738_.backup ProfilePath: C:\Users\pietj_000\AppData\Roaming\Mozilla\Firefox\Profiles\ir5qx2rn.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_29-10-2015_0738_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "ProductUpdater"=-