Zoek.exe v5.0.0.0 Updated 21-09-2014 Tool run by Lammert on ma 22-09-2014 at 12:11:50,86. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Lammert\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-09-21-193658.log 24213 bytes C:\zoek-results2014-09-22-080619.log 5737 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1957243317-3068550055-347788307-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1957243317-3068550055-347788307-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully HKEY_USERS\S-1-5-21-1957243317-3068550055-347788307-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_USERS\S-1-5-21-1957243317-3068550055-347788307-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CB149E5F-B052-4A64-A74C-C4BD997CD829} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Lammert\AppData\Roaming\Mozilla\Firefox\Profiles\negfo2iy.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119585&babsrc=NT_ss&mntrId=76b736a6000000000000e006e60a4aae"); ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "76b736a6000000000000e006e60a4aae"); user_pref("extensions.delta.instlDay", "15824"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.16.16"); user_pref("extensions.delta.vrsni", "1.8.16.16"); user_pref("extensions.delta.vrsnTs", "1.8.16.1620:25:00"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "76b736a6000000000000e006e60a4aae"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15824"); user_pref("extensions.delta.vrsn", "1.8.16.16"); user_pref("extensions.delta.vrsni", "1.8.16.16"); user_pref("extensions.delta.vrsnTs", "1.8.16.1620:25:00"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines mindspark removed from prefs.js ---- user_pref("extensions.toolbar.mindspark._9tMembers_.weather.location", "10001"); user_pref("extensions.toolbar.mindspark.lastInstalled", "internetspeedtracker@mindspark.com"); ---- FireFox user.js and prefs.js backups ---- user_22-09-2014_1224_.backup prefs_22-09-2014_1224_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\BonanzaDealsLive deleted C:\install.exe deleted C:\Users\Lammert\AppData\Roaming\ExpressFiles deleted C:\Users\Lammert\AppData\Roaming\Babylon deleted C:\Users\Lammert\Documents\Music\Qtrax Media Library deleted C:\Users\Lammert\Downloads\Users\Lammert\Music\Qtrax Media Library deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Avg_Update_0414b deleted C:\PROGRA~3\simplitec deleted C:\PROGRA~3\eSafe deleted C:\PROGRA~3\BonanzaDealsLive deleted C:\Users\Lammert\AppData\Local\BonanzaDealsLive deleted C:\Users\Lammert\AppData\Local\iMesh deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Lammert\AppData\Roaming\Mozilla\Firefox\Profiles\negfo2iy.default\extensions\trash\9tffxtbr@InternetSpeedTracker_9t.com deleted C:\Users\Lammert\AppData\Roaming\Mozilla\Firefox\Profiles\negfo2iy.default\Invalidprefs.js deleted C:\Users\Lammert\AppData\Roaming\Mozilla\Firefox\Profiles\negfo2iy.default\jetpack deleted C:\Users\Public\Desktop\Freemake Video Downloader.lnk deleted C:\Users\Lammert\Desktop\Continue Easy File Downloader, Inc..lnk deleted "C:\Users\Lammert\Downloads\2010 Toolkit.exe" deleted "C:\Windows\Installer\448007.msi" deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\DatabaseLogRoot.exe" deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\InteractiveJREWindows.exe" deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\msvcp100.dll" deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\msvcr100.dll" not deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\QtCore4.dll" deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\QtNetwork4.dll" deleted "C:\Windows\Syswow64\ApplicationDOSMinimal\ApplicationDOSMinimal.exe" deleted "C:\Windows\Syswow64\ApplicationDOSMinimal\msvcp100.dll" deleted "C:\Windows\Syswow64\ApplicationDOSMinimal\msvcr100.dll" not deleted "C:\Windows\Syswow64\ApplicationDOSMinimal\QtCore4.dll" deleted "C:\Windows\Syswow64\ApplicationDOSMinimal\QtNetwork4.dll" deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows" not deleted "C:\Windows\Syswow64\ApplicationDOSMinimal" not deleted "C:\Users\Lammert\AppData\Roaming\OpenCandy" deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\desktop" not deleted "C:\Users\Lammert\AppData\Local\InteractiveJREWindows\service" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\Lammert\AppData\Roaming\Mozilla\Firefox\Profiles\negfo2iy.default - Undetermined - %ProfilePath%\extensions\trash - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Lammert\AppData\Roaming\Mozilla\Firefox\Profiles\negfo2iy.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 878208C8141EFEF1EBFF14A779B8EC0E - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:27442" "ProxyOverride"=";*origin.com;*ea.com;*akamaihd.net" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E8AC853-65BB-4C99-A09E-19B81851E14C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lammert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lammert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Lammert\Downloads\Users\Lammert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Lammert\Downloads\Users\Lammert\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=618 folders=188 270941003 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Lammert\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot