Hello, TwinHeadedEagle:
The zoek-results logfile information is listed below:
Zoek.exe v5.0.0.0 Updated 13-February-2015
Tool run by Mellow Tron on Tue 03/03/2015 at 15:49:55.80.
Microsoft Windows 8.1 with Bing 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Mellow Tron\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
3/3/2015 3:51:40 PM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Users\Mellow Tron\AppData\Local\Adobe deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-250915532-1012066336-2676839925-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} deleted successfully
HKEY_USERS\S-1-5-21-250915532-1012066336-2676839925-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E672B9B0-2FCD-44AA-8A58-E82A5D137F53} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\MELLOW~1\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20150303_0409_.backup
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Toolbar Cleaner deleted
C:\PROGRA~2\pandasecuritytb deleted
C:\Users\Public\Pokki deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Mellow Tron\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Mellow Tron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\Mellow Tron\AppData\LocalLow\pandasecuritytb deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\MELLOW~1\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default\searchplugins\Web Search.xml deleted
C:\Users\MELLOW~1\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default\pandasecuritytb deleted
C:\Users\MELLOW~1\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted
"C:\Windows\Installer\1999e.msi" deleted
"C:\Windows\Installer\3100a.msi" deleted
"C:\Users\Mellow Tron\AppData\Roaming\NetServices" deleted
"C:\Users\Mellow Tron\AppData\Roaming\Organic" deleted
"C:\ProgramData\Overdrive" deleted
"C:\ProgramData\Percussion Kit" deleted
"C:\ProgramData\Piano Hard" deleted
"C:\ProgramData\PPD Plugins" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\MELLOW~1\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default
user_pref("browser.startup.homepage", "
https://www.google.com");
user_pref("browser.newtab.url", "
https://www.google.com");
user_pref("browser.search.defaultenginename", "Secure Search");
user_pref("browser.search.selectedEngine", "Secure Search");
user_pref("keyword.URL", "
https://search.yahoo.com/search?fr=mcafee&type=B114US662D20140923&p=");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [02/16/2015 07:03 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\MELLOW~1\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- Undetermined - C:\Users\Mellow Tron\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
- Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
- Undetermined - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Mellow Tron\AppData\Roaming\Mozilla\Firefox\Profiles\y51c4jh3.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Mellow Tron\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Could not determine latest Stable Version)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[01/28/2015 03:25 PM]
Google Voice Search Hotword (Beta) - Mellow Tron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
SiteAdvisor - Mellow Tron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
==== Chromium Startpages ======================
C:\Users\Mellow Tron\AppData\Local\Google\Chrome\User Data\Default\Preferences
"host_referral_list": [ 2, [ "
http://ad.doubleclick.net/", [ "
http://googleads4.g.doubleclick.net/", 1.9116540321185707, "
http://pubads.g.doubleclick.net/", 1.2616918812779077, "
http://s0.2mdn.net/", 1.0160389746261722, "
http://www.youtube.com/", 1.1104788209434726 ] ], [ "
http://assets.tumblr.com/", [ "
http://assets.tumblr.com/", 2.744939781399981 ] ], [ "
http://fonts.googleapis.com/", [ "
http://fonts.gstatic.com/", 2.744939781399981 ] ], [ "
http://homepage-web.com/", [ "
http://geo.homepage-web.com/", 0.9347002865441547, "
http://homepage-web.com/", 2.8360564249844007, "
http://www.google-analytics.com/", 1.0705114392898865 ] ], [ "
http://links.laughingsquid.com/", [ "
http://assets.tumblr.com/", 1.9116540321185707, "
http://geo.yahoo.com/", 1.9116540321185707, "
http://log.pinterest.com/", 1.9116540321185707, "
http://media-cache-ak0.pinimg.com/", 4.133747835204755, "
http://media-cache-cd0.pinimg.com/", 1.9116540321185707, "
http://media-cache-ec0.pinimg.com/", 7.189127387572348, "
http://pixel.quantserve.com/", 1.9116540321185707, "
http://www.google-analytics.com/", 2.189415642879525, "
http://www.tumblr.com/", 2.189415642879525, "
https://secure.assets.tumblr.com/", 2.189415642879525 ] ], [ "
http://livepassdl.conviva.com/", [ "
http://livepassdl.conviva.com/", 1.9116540321185707 ] ], [ "
http://player.vimeo.com/", [ "
http://f.vimeocdn.com/", 2.467178170639026, "
http://i.vimeocdn.com/", 1.9116540321185707, "
http://livepassdl.conviva.com/", 2.189415642879525, "
http://www.google-analytics.com/", 2.189415642879525, "
https://f.vimeocdn.com/", 1.9116540321185707, "
https://gwd.lphbs.com/", 1.9116540321185707, "
https://livepassdl.conviva.com/", 1.9116540321185707 ] ], [ "
http://s.ytimg.com/", [ "
http://s.ytimg.com/", 2.189415642879525 ] ], [ "
http://www.google.com/", [ "
https://www.google.com/", 2.1457765990453503 ] ], [ "
http://www.okcupid.com/", [ "
https://www.okcupid.com/", 2.1457765990453503 ] ], [ "
http://www.rockcreek185.com/", [ "
http://capi.myleasestar.com/", 4.6892719737252095, "
http://cmsadmin.myleasestar.com/", 1.9116540321185707, "
http://fonts.googleapis.com/", 1.9116540321185707, "
http://www.google-analytics.com/", 2.189415642879525, "
http://www.rockcreek185.com/", 6.633604166050438, "
https://ajax.googleapis.com/", 2.467178170639026 ] ], [ "
http://www.youtube.com/", [ "
http://ad.doubleclick.net/", 2.189415642879525, "
http://pagead2.googlesyndication.com/", 1.9116540321185707, "
http://r10---sn-nx57yn7y.googlevideo.com/", 3.0227013921609354, "
http://s.youtube.com/", 2.189415642879525, "
http://s.ytimg.com/", 1.9116540321185707, "
http://www.google-analytics.com/", 1.9116540321185707, "
http://www.gstatic.com/", 2.189415642879525, "
http://www.youtube.com/", 3.0227013921609354, "
https://bs.serving-sys.com/", 1.9116540321185707, "
https://www.google.com/", 1.9116540321185707 ] ], [ "
https://accounts.google.com/", [ "
https://apis.google.com/", 1.5394534920388623, "
https://oauth.googleusercontent.com/", 1.5394534920388623, "
https://ssl.gstatic.com/", 1.5394534920388623 ] ], [ "
https://assets.tumblr.com/", [ "
https://assets.tumblr.com/", 1.9116540321185707 ] ], [ "
https://content.googleapis.com/", [ "
https://apis.google.com/", 1.5394534920388623, "
https://content.googleapis.com/", 1.5394534920388623 ] ], [ "
https://gwd.lphbs.com/", [ "
https://gwd.lphbs.com/", 1.9116540321185707 ] ], [ "
https://includes.okccdn.com/", [ "
https://cdn.okccdn.com/", 4.951792151643114, "
https://includes.okccdn.com/", 3.7046741282663302 ] ], [ "
https://mozorg.cdn.mozilla.net/", [ "
https://mozorg.cdn.mozilla.net/", 4.6892719737252095 ] ], [ "
https://plus.google.com/", [ "
https://apis.google.com/", 1.639624579272416, "
https://plus.google.com/", 1.639624579272416, "
https://ssl.gstatic.com/", 1.639624579272416 ] ], [ "
https://property.onesite.realpage.com/", [ "
https://ajax.aspnetcdn.com/", 1.9116540321185707, "
https://ajax.googleapis.com/", 1.9116540321185707, "
https://crossfiremedia.realpage.com/", 1.9116540321185707, "
https://property.onesite.realpage.com/", 19.68840629080513, "
https://www.google-analytics.com/", 1.9116540321185707 ] ], [ "
https://s.yimg.com/", [ "
https://ad.yieldmanager.com/", 1.5394534920388623, "
https://cdnk.interclick.com/", 1.5394534920388623, "
https://csc.beap.bc.yahoo.com/", 1.5394534920388623, "
https://csync.yahooapis.com/", 1.5394534920388623, "
https://d.agkn.com/", 1.2616918812779077, "
https://s.yimg.com/", 1.928986221647868, "
https://stags.bluekai.com/", 1.9116540321185707 ] ], [ "
https://s.ytimg.com/", [ "
https://s.ytimg.com/", 1.9116540321185707 ] ], [ "
https://secure.assets.tumblr.com/", [ "
https://assets.tumblr.com/", 1.6283372441623096, "
https://sb.scorecardresearch.com/", 2.467178170639026, "
https://secure.assets.tumblr.com/", 1.4450145627201088, "
https://ssl.google-analytics.com/", 2.467178170639026, "
https://www.google-analytics.com/", 1.9116540321185707 ] ], [ "
https://seg.sharethis.com/", [ "
https://sb.scorecardresearch.com/", 1.5394534920388623 ] ], [ "
https://uonline.unitusccu.com/", [ "
https://ajax.googleapis.com/", 1.4450145627201088, "
https://stats.g.doubleclick.net/", 2.3671831471264193, "
https://uonline.unitusccu.com/", 1.6283372441623096, "
https://www.unitusccu.com/", 1.2616918812779077 ] ], [ "
https://ws.sharethis.com/", [ "
https://ws.sharethis.com/", 1.4450145627201088 ] ], [ "
https://www.facebook.com/", [ "
https://fbstatic-a.akamaihd.net/", 0.8127710429362518 ] ], [ "
https://www.google.com/", [ "
https://apis.google.com/", 0.7323129302185636, "
https://plus.google.com/", 0.8822362687771469, "
https://ssl.gstatic.com/", 0.7323129302185636, "
https://www.google.com/", 7.60287306032498, "
https://www.gstatic.com/", 1.355871941906956 ] ], [ "
https://www.mozilla.org/", [ "
https://246059135.log.optimizely.com/", 2.744939781399981, "
https://cdn.optimizely.com/", 2.189415642879525, "
https://mozorg.cdn.mozilla.net/", 6.078080027529982, "
https://ssl.google-analytics.com/", 3.0227013921609354, "
https://www.google-analytics.com/", 1.9116540321185707 ] ], [ "
https://www.okcupid.com/", [ "
https://connect.facebook.com/", 2.1457765990453503, "
https://includes.okccdn.com/", 3.0811151165779385, "
https://s-static.ak.facebook.com/", 2.4575561048895462, "
https://www.facebook.com/", 2.1457765990453503, "
https://www.okcupid.com/", 2.7693356107337426 ] ], [ "
https://www.openoffice.org/", [ "
https://ssl.google-analytics.com/", 1.817215102799817, "
https://www.openoffice.org/", 7.99463633387868 ] ], [ "
https://www.tumblr.com/", [ "
https://assets.tumblr.com/", 3.3004630029218904 ] ], [ "
https://www.unitusccu.com/", [ "
https://cdn.syndication.twimg.com/", 1.9116540321185707, "
https://googleads.g.doubleclick.net/", 1.9116540321185707, "
https://l.sharethis.com/", 1.9116540321185707, "
https://platform.twitter.com/", 1.9116540321185707, "
https://s-static.ak.facebook.com/", 1.9116540321185707, "
https://seg.sharethis.com/", 1.9116540321185707, "
https://stats.g.doubleclick.net/", 1.9116540321185707, "
https://ws.sharethis.com/", 1.9116540321185707, "
https://www.facebook.com/", 2.189415642879525, "
https://www.google.com/", 1.9116540321185707 ] ], [ "
https://www.yahoo.com/", [ "
https://ad.doubleclick.net/", 2.372739241320273, "
https://ads.yahoo.com/", 1.2616918812779077, "
https://ci.beap.ad.yieldmanager.net/", 2.0949767135607713, "
https://d.agkn.com/", 2.189415642879525, "
https://s.yimg.com/", 23.410413525599306, "
https://sb.scorecardresearch.com/", 1.5394534920388623, "
https://www.yahoo.com/", 2.4616229934437204 ] ], [ "
https://www.youtube.com/", [ "
https://i.ytimg.com/", 2.744939781399981, "
https://s.ytimg.com/", 2.467178170639026, "
https://www.google.com/", 1.9116540321185707 ] ] ],
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://homepage-web.com/?s=acer&m=start"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{E672B9B0-2FCD-44AA-8A58-E82A5D137F53}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E672B9B0-2FCD-44AA-8A58-E82A5D137F53}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://homepage-web.com/?s=acer&m=start"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}"
{F6108CA0-A9E3-11E4-8274-F8A963DA41B1} Web Search Url="
http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-250915532-1012066336-2676839925-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\02F6486B12843E11F869800002C0A966 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6846F20-4821-11E3-8F96-0800200C9A66} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\02F6486B12843E11F869800002C0A966 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mellow Tron\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mellow Tron\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mellow Tron\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Mellow Tron\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Mellow Tron\AppData\Local\Mozilla\Firefox\Profiles\y51c4jh3.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Mellow Tron\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=10405 folders=289 574417626 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mellow Tron\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\MELLOW~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Tue 03/03/2015 at 16:19:36.64 ======================