Zoek.exe v5.0.0.0 Updated 08-September-2014 Tool run by eurosys on do 18/09/2014 at 22:59:59,00. Running in: Safe Mode MINIMAL No Internet Access Detected Launched: C:\Users\eurosys\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-09-17-223836.log 25381 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} deleted successfully HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "BrowserMngrDefaultScope"=- ==== Deleting Files \ Folders ====================== C:\Windows\SysNative\tasks\4975 deleted C:\Users\eurosys\AppData\Local\genienext deleted C:\Users\eurosys\daemonprocess.txt deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\StartSearch plugin deleted C:\PROGRA~2\Perion deleted C:\PROGRA~2\Conduit deleted C:\PROGRA~2\AVG Secure Search deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\found.000 deleted C:\Users\eurosys\AppData\Roaming\Babylon deleted C:\PROGRA~3\253DE0C.cpp deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\Tarma Installer deleted C:\Users\eurosys\AppData\Local\CRE deleted C:\Users\eurosys\AppData\Local\AVG Secure Search deleted C:\Users\eurosys\AppData\Local\Mobogenie deleted C:\Users\eurosys\AppData\Local\cache deleted C:\Users\eurosys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com deleted C:\Users\eurosys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\eurosys\AppData\LocalLow\AVG Secure Search deleted C:\Users\eurosys\AppData\LocalLow\BabylonToolbar deleted C:\Users\eurosys\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Users\eurosys\AppData\LocalLow\PriceGong deleted C:\Users\eurosys\AppData\LocalLow\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\eurosys\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com deleted "C:\Windows\SysNative\tasks\0" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "zulagames@ZulaGames.com"="C:\Users\eurosys\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "zulagames@ZulaGames.com"="C:\Users\eurosys\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\eurosys\AppData\Roaming\Thunderbird\Profiles\uf97myl6.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\eurosys\AppData\Roaming\Mozilla\Firefox\Profiles\4ow3q7c4.default FB5621842FDABF9F8359775573498FBC - C:\Users\eurosys\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 221B630B26951630BA834292AE2AF79E - C:\Users\eurosys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 42BA7372C3A5E7EFBEC986045CD1C102 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aanjjkgbodmfkdnkkhcjcghgnibdllak - C:\Users\eurosys\AppData\Local\CRE\aanjjkgbodmfkdnkkhcjcghgnibdllak.crx[] dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[] jifflliplgeajjdhmkcfnngfpgbjonjg - C:\Program Files (x86)\Perion\NewTab\NewTab.crx[] pbiamblgmkgbcgbcgejjgebalncpmhnp - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx[] pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions aanjjkgbodmfkdnkkhcjcghgnibdllak - C:\Users\eurosys\AppData\Local\CRE\aanjjkgbodmfkdnkkhcjcghgnibdllak.crx[] YouTube - eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf New Tab for Chrome - eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Google Wallet - eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda LiveVDO plugin - eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp Gmail - eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "https://www.google.be/", "startup_urls": [ "https://www.google.be/" ], ==== Chrome Fix ====================== C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_incredimailmediabarnederlands2.ourtoolbar.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_incredimailmediabarnederlands2.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tags.toolbarsmedia.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tags.toolbarsmedia.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_isearch.avg.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_isearch.avg.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.standard.be/home.htm?lng=nl" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_z3730&r=173602110707pe4g8y195w4721w318" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.babylon.com/?affID=113480&tt=bandext_3312_6&babsrc=NT_ss&mntrId=0cc5249d0000000000001c659d6e99e1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.babylon.com/?affID=113480&tt=bandext_3312_6&babsrc=NT_ss&mntrId=0cc5249d0000000000001c659d6e99e1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.standard.be/home.htm?lng=nl" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r=" {42331559-2BB4-4816-BD60-90E5721DFE70} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADSA_nlBE456" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADSA_nlBE456" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3860979855-3241607315-2205122588-1000\Software\Mozilla\Firefox\Extensions\zulagames@ZulaGames.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\zulagames@ZulaGames.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\eurosys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\eurosys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\eurosys\AppData\Local\Mozilla\Firefox\Profiles\4ow3q7c4.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\eurosys\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1942 folders=439 299708454 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\eurosys\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\eurosys\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 18/09/2014 at 23:58:30,97 ======================