Zoek.exe v5.0.0.1 Updated 27-December-2015 Tool run by BReese76 on Sun 12/27/2015 at 14:33:37.62. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\BReese76\Desktop\zoek.exe [Scan all users] [Checkboxes used] ==== System Restore Info ====================== 12/27/2015 2:36:09 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~3\DeepSkyStacker deleted successfully C:\PROGRA~3\Ralink deleted successfully C:\PROGRA~3\ZoomBrowser deleted successfully C:\Users\BReese76\AppData\Roaming\Nebulosity3 deleted successfully C:\Users\BReese76\AppData\Roaming\TP deleted successfully C:\Users\BReese76\AppData\Roaming\uTorrent deleted successfully C:\Users\BReese76\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\BReese76\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\BReese76\AppData\Local\EmieSiteList deleted successfully C:\Users\BReese76\AppData\Local\EmieUserList deleted successfully C:\Users\BReese76\AppData\Local\ms-drivers deleted successfully C:\Users\BReese76\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Internet Explorer\SearchScopes\{342759B5-7F60-4D1A-A079-BD182224E1E7} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,DuckDuckGo,Twitter,Wikipedia (en)"); user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org afx.ms ajax.aspnetcdn.com ajax.googleapis.com bootstrapcdn.com code.jquery.com fi user_pref("services.sync.account", "chicken_lover98@yahoo.com"); user_pref("services.sync.username", "chicken_lover98@yahoo.com"); ---- FireFox user.js and prefs.js backups ---- prefs_20151227_0247_.backup ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\0zco5nm8.default-1422849603642 prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Deleting Files \ Folders ====================== C:\Users\BReese76\AppData\Roaming\calibre deleted C:\PROGRA~2\Yahoo! deleted C:\ATF-Cleaner.exe deleted C:\install.exe deleted C:\Users\BReese76\AppData\Roaming\Yahoo! deleted C:\PROGRA~3\Yahoo! deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysWow64\AI_RecycleBin deleted C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\jetpack deleted "C:\PROGRA~3\Package Cache" deleted ==== Orphaned Tasks deleted from Registry ====================== avast Emergency Update deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [12/16/2015 10:01 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default - Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} - Hard Refresh - %ProfilePath%\extensions\hardrefresh@ttg.org.xpi - Undetermined - %ProfilePath%\extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi - Save File to - %ProfilePath%\extensions\savefileto@mozdev.org.xpi - Download Status Bar - %ProfilePath%\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi - Password Exporter - %ProfilePath%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\0zco5nm8.default-1422849603642 - Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} - XKit7.4.5 - %ProfilePath%\extensions\xkit@studioxenix.com.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\0zco5nm8.default-1422849603642 14AD8FF601CC88564086011496B58D75 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit) Profilepath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default 14AD8FF601CC88564086011496B58D75 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit) 5DF56521E8985BFD8F21A3D97A4D4574 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gdiepnleooeediljndacognlaenjeaga - No path found[] gihfmmedoddijgnhkgfgnkeohkpbipol - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/16/2015 10:01 PM] Google Cast - BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd AdBlock - BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Avast Online Security - BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki GIFit - BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoojcphcmgcplkpckkjpdlloooifgec ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{A3F3D8FE-86AE-4813-B96F-A656930924FD} - http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} - http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF HKLM\Wow6432Node\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} - http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:49176;https=127.0.0.1:49176" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF84C8.tmp will be deleted at reboot C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF8804.tmp will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\BReese76\AppData\Local\Mozilla\Firefox\Profiles\7movo481.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=59 folders=52 38459553 bytes) ==== Empty Temp Folders ====================== C:\Users\BReese76\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\BReese76\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF84C8.tmp" not found "C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPF8804.tmp" not found "C:\Users\BReese76\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMZ96YLH\core.insightexpressai.com" not found "C:\Users\BReese76\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMZ96YLH\fdp-a.akamaihd.net" not found "C:\Users\BReese76\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMZ96YLH\images-na.ssl-images-amazon.com" not found "C:\Users\BReese76\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMZ96YLH\launch.newsinc.com" not found "C:\Users\BReese76\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMZ96YLH\mp.piano-media.com" not found "C:\Users\BReese76\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMZ96YLH\services2.capitalone.com" not found ==== EOF on Sun 12/27/2015 at 14:54:14.96 ======================