Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Rizzotto on vr 25/04/2014 at 9:22:16,98. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Rizzotto\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-04-23-142133.log 3879 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Rizzotto\AppData\Roaming\Mozilla\Firefox\Profiles\4mpanrw5.default user.js not found ---- Lines conduit removed from prefs.js ---- user_pref("browser.newtab.url", "http://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M8D9862F2-EE77-4616-872B-0B450D79B1DB&Searc user_pref("browser.startup.homepage", "http://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M8D9862F2-EE77-4616-872B-0B450D79B1DB ---- FireFox user.js and prefs.js backups ---- prefs_20142504_0940_.backup ProfilePath: C:\Users\Rizzotto\AppData\Roaming\Mozilla\Firefox\Profiles\vip4n2zm.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20142504_0940_.backup ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\SearchProtect deleted C:\Users\Rizzotto\AppData\Local\SearchProtect deleted C:\ProgramData\McAfee deleted C:\ProgramData\McAfee Security Scan deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus deleted C:\windows\SysNative\config\systemprofile\AppData\Roaming\McAfee deleted C:\WINDOWS\SysNative\sasnative64.exe deleted C:\Users\Rizzotto\AppData\Roaming\Mozilla\Firefox\Profiles\4mpanrw5.default\searchplugins\conduit-search.xml deleted "C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe" deleted "C:\Program Files (x86)\McAfee Security Scan" deleted "C:\Program Files (x86)\McAfee Security Scan\3.0.285" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\Rizzotto\AppData\Roaming\Mozilla\Firefox\Profiles\4mpanrw5.default - leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Rizzotto\AppData\Roaming\Mozilla\Firefox\Profiles\4mpanrw5.default ABE2E50533899C45DFA03E1D8767648F - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash 159A7104C62348D4C505A31997869266 - C:\Users\Rizzotto\Desktop\GIO\iphone\iTools\iTools\Plugin\npiTools.dll - npiTools ????? / npiTools ????? ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M8D9862F2-EE77-4616-872B-0B450D79B1DB&SearchSource=55&CUI=&UM=5&UP=SP545B6973-7094-489C-AEF3-B391A37C6E2C&SSPV=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rizzotto\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Rizzotto\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Rizzotto\AppData\Local\Mozilla\Firefox\Profiles\4mpanrw5.default\Cache emptied successfully C:\Users\Rizzotto\AppData\Local\Mozilla\Firefox\Profiles\vip4n2zm.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Rizzotto\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=251 folders=102 101258326 bytes) ==== Empty Temp Folders ====================== C:\Users\Rizzotto\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Rizzotto\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 25/04/2014 at 9:49:03,26 ======================