Its mighty nice of you to help all of these people and I appreciate it. Thanks! - Bill
Zoek.exe v5.0.0.0 Updated 11-November-2014
Tool run by bernynhel on Wed 11/12/2014 at 7:45:25.60.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\bernynhel\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/12/2014 7:54:01 AM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} deleted successfully
HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{51B21956-592C-47C3-AC00-D3DDB1AD0304} deleted successfully
HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A00AC02E-DC8D-4D61-AF5C-7D9EFC15D48C} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\70e6ca8c deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\70e6ca8c deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default
---- Lines astrmndasr removed from user.js ----
user_pref("extensions.astrmndasr.hmpg", true);
user_pref("extensions.astrmndasr.hmpgUrl", "
http://astromenda.com/?f=1&a=ast_gg...G0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=");
user_pref("extensions.astrmndasr.dfltSrch", true);
user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
user_pref("extensions.astrmndasr.dnsErr", true);
user_pref("extensions.astrmndasr_i.newTab", true);
user_pref("extensions.astrmndasr.newTabUrl", "
http://astromenda.com/?f=2&a=ast_gg...G0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=");
user_pref("extensions.astrmndasr.tlbrSrchUrl", "
http://astromenda.com/?f=3&a=ast_gg...0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=&q=");
user_pref("extensions.astrmndasr.id", "7C4FB507C486BE5A");
user_pref("extensions.astrmndasr.instlDay", "16364");
user_pref("extensions.astrmndasr.vrsn", "");
user_pref("extensions.astrmndasr.vrsni", "");
user_pref("extensions.astrmndasr_i.vrsnTs", "13:24:58");
user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
user_pref("extensions.astrmndasr.prdct", "astrmndasr");
user_pref("extensions.astrmndasr.aflt", "ast_ggfc_14_43_ch");
user_pref("extensions.astrmndasr_i.smplGrp", "none");
user_pref("extensions.astrmndasr.tlbrId", "");
user_pref("extensions.astrmndasr.instlRef", "142905_a");
user_pref("extensions.astrmndasr.dfltLng", "");
user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}");
user_pref("extensions.astrmndasr.excTlbr", false);
user_pref("extensions.astrmndasr.cr", "1543690085");
user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q");
user_pref("extensions.astrmndasr.AL", 4);
---- Lines Adanak removed from prefs.js ----
user_pref("extensions.Adanak.asul", "1407997964699");
user_pref("extensions.Adanak.aul", "1407996473239");
user_pref("extensions.Adanak.irl", true);
user_pref("extensions.Adanak.is", "EF23DDUS");
user_pref("extensions.Adanak.ug", "10788068-D4A3-4128-A1F2-6A11F6802B2B");
---- Lines Deal Keeper removed from prefs.js ----
user_pref("extensions.Deal Keeper.asul", "1407006451881");
user_pref("extensions.Deal Keeper.aul", "1406787845660");
user_pref("extensions.Deal Keeper.irl", true);
user_pref("extensions.Deal Keeper.is", "isgizzUS");
user_pref("extensions.Deal Keeper.ug", "7B91B718-C54B-4DDD-BB17-F02AA94FCDD4");
---- Lines astrmndant removed from prefs.js ----
user_pref("extensions.astrmndant.aflt", "ast_dnldstr_14_31_ff");
user_pref("extensions.astrmndant.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0SzyyEtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1
user_pref("extensions.astrmndant.cr", "289358700");
user_pref("extensions.astrmndant.data.1c4755f318c6fdb260c47f26d0a24f0ca", "1");
user_pref("extensions.astrmndant.data.activeDate", "20141013");
user_pref("extensions.astrmndant.data.aliveDate", "20141013");
user_pref("extensions.astrmndant.data.ch_dv2", "true");
user_pref("extensions.astrmndant.data.instlDate", "20140728");
user_pref("extensions.astrmndant.data.ntopen", "23554291");
user_pref("extensions.astrmndant.general.content", "favorites-6dd849c03955c143ef307f40b5ea2ca5");
user_pref("extensions.astrmndant.general.firstRun", false);
user_pref("extensions.astrmndant.general.guid", "34530e2a-5f73-4b14-babc-04f6776ac01a");
user_pref("extensions.astrmndant.general.version", "5.1");
user_pref("extensions.astrmndant.instlRef", "142905_b");
---- Lines astrmndant removed from user.js ----
user_pref("extensions.astrmndant.aflt", "ast_dnldstr_14_31_ff");
user_pref("extensions.astrmndant.instlRef", "142905_b");
user_pref("extensions.astrmndant.cr", "289358700");
user_pref("extensions.astrmndant.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0SzyyEtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyzzzz0F0EtCtDtGzz0EyCtBtGzztCtAtAtG0C0E0CzytGyDyC0EtDyD0AzyyD0DtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0A0EtAtB0BzytG0A0C0B0DtG0B0E0A0BtG0EyEzz0CtGyEtBtBzytByEyCyB0Czy0AyD2Q");
---- Lines Astromenda removed from prefs.js ----
user_pref("browser.search.selectedEngine", "Astromenda");
user_pref("browser.startup.homepage", "
http://astromenda.com/?f=1&a=ast_gg...yB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCt
---- Lines Customized removed from prefs.js ----
user_pref("extensions.testpilot.alreadyCustomizedToolbar", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
user_20141112_0808_.backup
prefs_20141112_0808_.backup
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Coupons deleted
C:\PROGRA~2\Tweaks deleted
C:\PROGRA~2\LuckyTab deleted
C:\Users\bernynhel\AppData\Roaming\WB.CFG deleted
C:\Users\bernynhel\AppData\Roaming\ZoomBrowser EX deleted
C:\Users\bernynhel\AppData\Roaming\PCCUStubInstaller deleted
C:\Users\bernynhel\AppData\Roaming\Astromenda deleted
C:\Users\bernynhel\AppData\Roaming\YourFileDownloader deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\Yahoo! deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener deleted
C:\windows\SysNative\tasks\LuckyTab deleted
C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted
C:\windows\SysNative\tasks\YourFile DownloaderUpdate deleted
C:\windows\SysNative\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\Users\bernynhel\Documents\Optimizer Pro deleted
C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\jetpack deleted
C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\staged deleted
C:\Users\Public\Desktop\FileOpener.lnk deleted
C:\Users\bernynhel\Desktop\Continue File Opener Installation.lnk deleted
C:\Users\bernynhel\AppData\Local\74433833dsisetup744406352.exe deleted
C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\astrmndant deleted
"C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\searchplugins\Astromenda.xml" deleted
"C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{849ded12-59e9-4dae-8f86-918b70d213dc}" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"
bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [07/11/2014 04:33 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default
- DoNotTrackMe - C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\
donottrackplus@abine.com
- Empty Cache Button - C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
- DoNotTrackMe - %ProfilePath%\extensions\
donottrackplus@abine.com
- Empty Cache Button - %ProfilePath%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
- Webroot - %ProfilePath%\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted
- Instrument Test - %ProfilePath%\extensions\
testpilot@labs.mozilla.com.xpi
- Undo Closed Tabs Button - %ProfilePath%\extensions\
undoclosedtabsbutton@supernova00.biz.xpi
- SaveAS - %ProfilePath%\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default
F733C59712465B0BD2130BB7C1A6D6E3 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll - Shockwave Flash
FDF7B2D69F2B7AF5B77124FCCB1DE2FC - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
==== Deleted Firefox Extensions ======================
C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8}.xpi deleted
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ccahoghmggldkcdjiebjkidpfongdfbl - No path found[]
fabcmochhfpldjekobfaaggijgohadih - No path found[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\BERNYN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[11/06/2014 08:37 PM]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Google Voice Search Hotword (Beta) - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Cast - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
OneTab - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Netflix - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh
Google Drive App Launcher - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
==== Chromium Fix ======================
C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_
www.ask.com_0.localstorage deleted successfully
C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_
www.ask.com_0.localstorage-journal deleted successfully
C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage deleted successfully
C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage-journal deleted successfully
C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{F6A0B469-F4F7-413E-932F-6A2D5629358F} Google Url="
http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNF"
{F784E0A2-C532-4D25-A174-9D1A84B2EFA7} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F784E0A2-C532-4D25-A174-9D1A84B2EFA7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\
ffpwdman@bitdefender.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bernynhel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bernynhel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\bernynhel\AppData\Local\Mozilla\Firefox\Profiles\b5119utl.default\Cache emptied successfully
C:\Users\bernynhel\AppData\Local\Mozilla\Firefox\Profiles\b5119utl.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=208 folders=52 8499188 bytes)
==== Empty Temp Folders ======================
C:\Users\bernynhel\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\BERNYN~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\bernynhel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VFW3YJNM\wpc.61dd.edgecastcdn.net" not found
==== EOF on Wed 11/12/2014 at 8:22:34.78 ======================