Zoek.exe v5.0.0.1 Updated 06-October-2015 Tool run by Nelleke on do 08-10-2015 at 8:41:48,20. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Nelleke\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-09-28-145949.log 43175 bytes C:\zoek-results2015-10-01-080023.log 7462 bytes C:\zoek-results2015-10-01-112814.log 12091 bytes ==== Empty Folders Check ====================== C:\Users\Nelleke\AppData\Local\MediaShow deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7icxe948.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_08-10-2015_0904_.backup ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\b6hp15ti.default ---- FireFox user.js and prefs.js backups ---- user_08-10-2015_0904_.backup prefs_08-10-2015_0904_.backup ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\fiejsl2o.default-1357987608005 ---- FireFox user.js and prefs.js backups ---- user_08-10-2015_0904_.backup prefs_08-10-2015_0904_.backup ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\mwdbv0eh.default ---- FireFox user.js and prefs.js backups ---- user_08-10-2015_0904_.backup prefs_08-10-2015_0904_.backup ProfilePath: C:\Users\Nelleke\AppData\Roaming\Thunderbird\Profiles\2j53e4is.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_08-10-2015_0904_.backup ==== Deleting Files \ Folders ====================== C:\Users\Nelleke\AppData\Roaming\Visan not found "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Nelleke)" not found "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Nelleke" not found ==== Folders Found ====================== 2015-02-08 14:54:06 2015-02-08 14:54:06 -------- d-----w- C:\ProgramData\Visan 2015-02-08 14:54:06 2015-02-08 14:54:06 -------- d-----w- C:\Users\All Users\Visan 2015-10-01 10:57:51 2015-10-01 10:57:51 -------- d---a-w- C:\zoek_backup\C_Users_Nelleke_AppData_Roaming_Visan ==== Files Found ====================== ==== Registry Search Results for "Visan" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Visan] [HKEY_LOCAL_MACHINE\SOFTWARE\Visan\HP Photo Creations] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32] @="C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\plugins\\npRLSecurePluginLayer.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32] @="C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\plugins\\npRLSecurePluginLayer.dll" [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Microsoft\Internet Explorer\LowRegistry\Visan] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Microsoft\Internet Explorer\LowRegistry\Visan\HP Photo Creations] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Creations] "DisplayIcon"="\"C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\AppIcons\\HP Photo Creations.ico\"" [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5] "Path"="C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\plugins\\npRLSecurePluginLayer.dll" [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan\Debug] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan\HP Photo Creations] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan\Rocketlife] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan\Rocketlife\vendors] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan\Rocketlife\vendors\hpfe6fd34b208847e8f8254b9be96e8c4c] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan\Rocketlife\vendors\hpfe6fd34b208847e8f8254b9be96e8c4c\messager] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Visan\Rocketlife\vendors\hpfe6fd34b208847e8f8254b9be96e8c4c\metrics] [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32] @="C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\plugins\\npRLSecurePluginLayer.dll" [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001\Software\Classes\Wow6432Node\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32] @="C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\plugins\\npRLSecurePluginLayer.dll" [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32] @="C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\plugins\\npRLSecurePluginLayer.dll" [HKEY_USERS\S-1-5-21-2849121425-4159316806-1266491598-1001_Classes\Wow6432Node\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32] @="C:\\Users\\Nelleke\\AppData\\Roaming\\Visan\\plugins\\npRLSecurePluginLayer.dll" ==== Registry Search Results for "WSAllMyTubechrome" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\WSAllMyTubechrome] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\PROTOCOLS\Handler\WSAllMyTubechrome] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\b6hp15ti.default user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\fiejsl2o.default-1357987608005 user_pref("browser.startup.homepage", "http://www.allemaal-series.org/browse.php"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.selectedEngine", ""); ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\mwdbv0eh.default user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\b6hp15ti.default - Undetermined - %ProfilePath%\extensions\compatibility@addons.mozilla.org - HP Smart Print - %ProfilePath%\extensions\hpwebprint@hpwebprint.com - Catered to You - %ProfilePath%\extensions\{a9acaf1d-f7d1-436b-97cd-f861229d457e}.xpi ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\fiejsl2o.default-1357987608005 - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org - Lunapic Image Edit - %ProfilePath%\extensions\corp@lunapic.com.xpi - Catered to You - %ProfilePath%\extensions\{a9acaf1d-f7d1-436b-97cd-f861229d457e}.xpi ProfilePath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\mwdbv0eh.default - WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - Catered to You - %ProfilePath%\extensions\{a9acaf1d-f7d1-436b-97cd-f861229d457e}.xpi ProfilePath: C:\Users\Nelleke\AppData\Roaming\Thunderbird\Profiles\2j53e4is.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Nelleke\AppData\Roaming\Mozilla\Firefox\Profiles\fiejsl2o.default-1357987608005 7D127425BBE91DF37448A7F44C1DDA52 - C:\Users\Nelleke\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Nelleke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin EECE85E006E195B1B227A8EB0874BDA8 - C:\Users\Nelleke\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Nelleke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Nelleke\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b90183ad-1cf4-4d7b-9461-b89083957547} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b90183ad-1cf4-4d7b-9461-b89083957547} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nelleke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Gast\AppData\Local\Mozilla\Firefox\Profiles\7icxe948.default\Cache emptied successfully C:\Users\Nelleke\AppData\Local\Mozilla\Firefox\Profiles\fiejsl2o.default-1357987608005\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=663 folders=205 479903227 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Gast\AppData\Local\temp emptied successfully C:\Users\Nelleke\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Nelleke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 08-10-2015 at 21:40:16,29 ======================