Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by HANNAH on zo 11-09-2016 at 22:13:40,69. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\HANNAH\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-09-06-191904.log 236223 bytes ==== Empty Folders Check ====================== C:\Users\HANNAH\AppData\Local\ActiveSync deleted successfully C:\Users\HANNAH\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn not found "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_isearch.avg.com_0.localstorage" not found "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_isearch.avg.com_0.localstorage-journal" not found "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage" not found "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal" not found C:\Program Files\Common Files\AVG Secure Search deleted C:\Program Files\Common Files\AV\AVG AntiVirus Free Edition 2014 deleted C:\Program Files (x86)\AVG deleted C:\ProgramData\AVG2014 deleted C:\Users\HANNAH\AppData\Local\Avg deleted C:\Users\HANNAH\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp deleted C:\Windows.old\Windows\Temp\avgdiag2 deleted C:\Windows.old\Windows\Temp\avgtbcleaner deleted C:\Windows.old\Windows\Temp\avg_a03624 deleted C:\Windows.old\Windows\Temp\avg_a04680 deleted C:\Windows.old\Windows\Temp\avg_a10940 deleted C:\Windows.old\Windows\Temp\avg_a21080 deleted C:\Windows.old\Windows\Temp\avg_a22468 deleted C:\Windows.old\Windows\Temp\avg_a24536 deleted C:\Windows.old\Windows\Temp\avg_a24840 deleted C:\Windows.old\Windows\Temp\avg_a24928 deleted C:\Windows.old\Windows\Temp\avg_a27356 deleted C:\Windows.old\Windows\Temp\avg_a27756 deleted C:\Windows.old\Windows\Temp\avg_a29460 deleted C:\Windows.old\Windows\Temp\avg_a30540 deleted C:\Windows.old\Windows\Temp\avg_a32300 deleted C:\Windows.old\Windows\Temp\avg_a48716 deleted C:\Windows.old\Windows\Temp\avg_a52868 deleted C:\Windows.old\Windows\Temp\avg_a54224 deleted C:\Windows.old\Windows\Temp\avg_a54324 deleted C:\Windows.old\Windows\Temp\avg_a73076 deleted C:\Windows.old\Windows\Temp\avg_a82092 deleted "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_free.avg.com_0.localstorage" deleted "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_free.avg.com_0.localstorage-journal" deleted "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.avg.com_0.localstorage" deleted "C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.avg.com_0.localstorage-journal" deleted "C:\Users\HANNAH\AppData\Local\MFAData\logs\avguiru.log" deleted "C:\Windows\Prefetch\AVG-SECURE-SEARCH-INSTALLER.E-9FD7A96B.pf" deleted ==== Registry Search Results for "{B658800C-F66E-4EF3-AB85-6C0C227862A9}" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol] "CLSID"="{B658800C-F66E-4EF3-AB85-6C0C227862A9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ViProtocol.ViProtocolOLE\CLSID] @="{B658800C-F66E-4EF3-AB85-6C0C227862A9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1\CLSID] @="{B658800C-F66E-4EF3-AB85-6C0C227862A9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\PROTOCOLS\Handler\viprotocol] "CLSID"="{B658800C-F66E-4EF3-AB85-6C0C227862A9}" ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [04-09-2016 18:39] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [04-09-2016 18:39] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[13-06-2016 11:18] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[25-05-2016 10:31] GoUnzip - HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\enknlcpanodakgmfgjhndmgjcailkaak SiteAdvisor - HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho MyImageConverter - HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfiafkffigghkooapnbkjgdhnelhbie Chrome Web Store Payments - HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gounzip.dl.myway.com_0.localstorage deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gounzip.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hp.myway.com_0.localstorage deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hp.myway.com_0.localstorage-journal deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myimageconverter.dl.myway.com_0.localstorage deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_myimageconverter.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage-journal deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\enknlcpanodakgmfgjhndmgjcailkaak deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enknlcpanodakgmfgjhndmgjcailkaak_0.localstorage deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enknlcpanodakgmfgjhndmgjcailkaak_0.localstorage-journal deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfiafkffigghkooapnbkjgdhnelhbie deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llfiafkffigghkooapnbkjgdhnelhbie_0.localstorage deleted successfully C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llfiafkffigghkooapnbkjgdhnelhbie_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz= ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\HANNAH\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\HANNAH\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\HANNAH\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\HANNAH\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\HANNAH\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7389 folders=2100 1850275466 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot