So, I have the zoek log but I have to paste it because when I try to upload it says the file is empty(see below). Also, I was not able to run the command. I keep getting a message that says "Access Denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode." I tried to run this as admin and even logged into my admin account and tried. No luck.
Zoek.exe v5.0.0.1 Updated 01-November-2015
Tool run by Danet on Mon 11/02/2015 at 21:29:10.94.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Daorihime\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/2/2015 9:31:03 PM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Makayama Interactive deleted successfully
C:\PROGRA~2\ospd_us_014010074 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Adobe deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\Users\Administrator.DanetsPC\AppData\Roaming\hpqlog deleted successfully
C:\Users\Danet\AppData\Roaming\c deleted successfully
C:\Users\Danet\AppData\Roaming\hpqlog deleted successfully
C:\Users\Daorihime\AppData\Roaming\UltraVNC deleted successfully
C:\Users\Danet\AppData\Local\Adobe deleted successfully
C:\Users\Danet\AppData\Local\DriverToolkit deleted successfully
C:\Users\Danet\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Danet\AppData\Local\EmieSiteList deleted successfully
C:\Users\Danet\AppData\Local\EmieUserList deleted successfully
C:\Users\Daorihime\AppData\Local\Adobe deleted successfully
C:\Users\Daorihime\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Daorihime\AppData\Local\EmieSiteList deleted successfully
C:\Users\Daorihime\AppData\Local\EmieUserList deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01C08115-4500-497A-8457-CAE4AFE61A8E} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16419952-DFCA-461A-AE00-E82BA64D457D} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BE0D6C7-1C1D-416B-AA8C-122B338E1262} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{221C5BF6-C095-42A5-B839-59AD3432AFAC} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28AEEFE0-C0C0-4F36-8490-5F36D1E61ACB} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28C6E2C0-8536-41D0-9F2A-0FD588AE11D2} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54DCF40F-1263-4E61-A7B2-E5DEC5E698ED} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A9DA4B0-3D70-4ACE-BD81-24AE64C568BC} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{610D1E98-851A-4F20-9962-91CA5816EC65} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66CDE97B-9BA6-4757-BA9F-E7432C0B61AE} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67690169-80DE-4104-9936-6202EF4C3B85} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{677A3A95-EE77-47E5-BC3B-009D0D51BF79} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69695F1B-13C0-40C1-9C4E-06B744B0E728} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D09621F-4B47-4C58-9AE7-791046223574} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E5F9D08-2D62-4EC0-A030-65B7390FD644} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F2A7870-1149-4A4E-8B3D-755340CDD1B1} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{706FD783-A315-45A5-BC6C-70ABF8FC63CB} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7553522C-5E4F-48AA-998A-8AA8A422A815} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765E37C0-C9DA-48C7-ABEE-036BD953BBE4} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769C8880-1E09-4CD6-9051-A51228965F03} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77D21F55-DD24-460E-B504-BBBC95653559} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D4E83E2-C833-4CDB-912D-2D386B66A758} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8074A7CD-4249-4011-9691-3C12741B9B3B} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A99351E-2881-4795-A988-D3E922B9D893} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BBB7A76-F6FA-48F3-9357-B11762911453} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C30F6F8-4449-474B-A9F0-8F5C604020F5} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{968E528C-E923-43F6-8A3E-894E55BB9DFB} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{983BB6E6-1E12-4BAA-9416-F435F9174E05} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B46C3D7-E399-485E-B01D-05C25987E827} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F1DCDDB-990A-4B4A-9946-A30FB20A420C} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA079BE1-E83D-433D-9508-E6E0697D8404} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADF671DC-9E10-458A-B46D-8A000A05288D} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B711B51C-7631-4A5C-ADD7-E751DEEAF4A1} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B88A505D-42BE-41BE-8A5F-EE441C3C2C84} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD515FCF-4FCB-413E-B6EF-65B905D352F3} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDA49EA1-2DEB-4757-AF60-3A9C20D11332} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE589CF1-55DC-427E-BA42-650FC35CAD03} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6AB61FD-2DB0-4B3A-A5B2-D3C41CA377C5} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF392998-E58A-4574-8073-328476453050} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9D7959E-82F7-467F-A045-5CCFA98A7744} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDB46E8A-460D-4238-A102-CCA90305E686} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEFBF482-2154-44D6-9375-18460F7B7ADF} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5C1F95E-021F-4CDC-9344-24C9225CF11E} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA0E04F0-F0FE-4F33-AB5E-9F69D9E5C699} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC39887E-619D-4C25-B9B3-B2B7958A5EA9} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEC47A78-1F16-4278-8831-926D07D61F09} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1001\Software\mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\jid1-xNAj4KGyf5wyhg@jetpack deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\5qee2efv.default
user.js not found
---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "ae7a05750000000000009c2a7024248d");
user_pref("extensions.delta.instlDay", "15917");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.22.0");
user_pref("extensions.delta.vrsnTs", "1.8.22.021:45:52");
user_pref("extensions.delta.vrsni", "1.8.22.0");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119557&tsp=4960");
user_pref("extensions.delta_i.srcExt", "ss");
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("keyword.URL", "
Yahoo Search - Web Search");
user_pref("startpage.ntsearch_url", "
{searchTerms} - Yahoo Search Results");
---- Lines akamaihd.net removed from prefs.js ----
user_pref("coupons.url", "[\"
http://savingsslider-a.akamaihd.net/loaders/1036/l.js?aoi=1311798366&pid=1036&zoneid=157119\",\"
spigtrdpjs.info - spigtrdpjs Resources and Information.
user_pref("coupons.urls", "[\"
https://savingsslider-a.akamaihd.net/loaders/1036/l.js?aoi=1311798366&pid=1036&zoneid=157119\",\"
https://i_spigtrdpjs_in
---- FireFox user.js and prefs.js backups ----
prefs_20151102_1006_.backup
ProfilePath: C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("keyword.URL", "
Yahoo Search - Web Search");
---- FireFox user.js and prefs.js backups ----
prefs_20151102_1006_.backup
ProfilePath: C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\mve8y233.default-1396814500632
user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("keyword.URL", "
Yahoo Search - Web Search");
---- FireFox user.js and prefs.js backups ----
prefs_20151102_1006_.backup
ProfilePath: C:\Users\DAORIH~1\AppData\Roaming\Mozilla\Firefox\Profiles\aotqmu06.default
user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.defaultengine", "Yahoo (Avast)");
user_pref("browser.search.defaultthis.engineName", "Yahoo (Avast)");
user_pref("browser.search.defaulturl", "
Yahoo Search - Web Search");
user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,Ask Search,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo (Avast)");
user_pref("browser.search.order.1", "Yahoo (Avast)");
user_pref("keyword.URL", "
Yahoo Search - Web Search");
---- Lines {e4f94d1e-2f53-401e-8885-681602c0ddd8} removed from prefs.js ----
user_pref("extensions.{e4f94d1e-2f53-401e-8885-681602c0ddd8}.install-event-fired", true);
---- FireFox user.js and prefs.js backups ----
prefs_20151102_1006_.backup
==== Batch Command(s) Run By Tool======================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Makayama Interactive not found
C:\PROGRA~2\ospd_us_014010074 not found
C:\PROGRA~3\1440844973 deleted
C:\PROGRA~2\Royal Envoy - Campaign for the Crown deleted
C:\PROGRA~2\My Kingdom for the Princess III deleted
C:\PROGRA~2\Sweet Kingdom - Enchanted Princess deleted
C:\PROGRA~2\Lavasoft\Web Companion deleted
C:\PROGRA~2\Wondershare deleted
C:\Users\Danet\AppData\Roaming\Lavasoft\Web Companion deleted
C:\Users\Daorihime\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\CyberlinkOutput.txt deleted
C:\PROGRA~3\Lavasoft\Web Companion deleted
C:\PROGRA~3\Wondershare Video Editor deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\PROGRA~3\{BE4DD016-EE56-4AC8-9832-69281423A3D4} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Danet\AppData\Local\SearchProtect deleted
C:\Users\Danet\AppData\Local\Wondershare deleted
C:\Users\Daorihime\AppData\Local\Unity deleted
C:\Users\Daorihime\AppData\Local\VideoDownloadConverter_4z deleted
C:\Users\Daorihime\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Club Control 2 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-636696485-1238617773-3939557220-1001 deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-636696485-1238617773-3939557220-1003 deleted
C:\Users\Administrator.DanetsPC\AppData\LocalLow\VideoDownloadConverter_4z deleted
C:\Users\Daorihime\AppData\LocalLow\Unity deleted
C:\Users\Daorihime\AppData\LocalLow\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D} deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\Daorihime\Documents\Add-in Express deleted
C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi deleted
C:\PROGRA~3\uninstall3118829.exe deleted
C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\5qee2efv.default\Yahoo Inc deleted
"C:\windows\Installer\10ce0.msi" deleted
"C:\WINDOWS\Installer\1498919.msi" deleted
"C:\Users\Danet\AppData\Roaming\XAufBrhEgGoknT7BQYvj" deleted
"C:\Users\Danet\AppData\Roaming\xGYVEh1" deleted
"C:\Users\DAORIH~1\AppData\Roaming\Mozilla\Firefox\Profiles\aotqmu06.default\searchplugins\yahoo-avast.xml" deleted
"C:\Users\DAORIH~1\AppData\Roaming\Mozilla\Firefox\Profiles\aotqmu06.default\searchplugins\yahoo-avast.xml" deleted
"C:\Users\DAORIH~1\AppData\Roaming\Mozilla\Firefox\Profiles\aotqmu06.default\searchplugins\yahoo-avast.xml" deleted
"C:\Users\DAORIH~1\AppData\Roaming\Mozilla\Firefox\Profiles\aotqmu06.default\searchplugins\yahoo-avast.xml" deleted
"C:\Users\Danet\AppData\Roaming\vlc\vlcrc" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Users\Danet\AppData\Roaming\vlc" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\DAORIH~1\AppData\Roaming\Mozilla\Firefox\Profiles\aotqmu06.default
user_pref("browser.startup.homepage", "
Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");
user_pref("browser.search.selectedEngine", "");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"
wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/28/2015 10:08 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\5qee2efv.default
- Start Page - %ProfilePath%\extensions\{181f5e13-15c8-4103-8e08-4283da8beb97}
ProfilePath: C:\Users\DAORIH~1\AppData\Roaming\Mozilla\Firefox\Profiles\aotqmu06.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\5qee2efv.default
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
863AF0003392FEBC2667A8A790DED955 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash
Profilepath: C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\mve8y233.default-1396814500632
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
Profilepath: C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\sbig7g9s.default-1440394746061
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
==== Deleted Firefox Extensions ======================
C:\Users\Danet\AppData\Roaming\Mozilla\Firefox\Profiles\5qee2efv.default\extensions\{181f5e13-15c8-4103-8e08-4283da8beb97} deleted
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.80
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bbffdhejhaoiflnpooogkckfdcmmjppn - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx[]
bpegkgagfojjbcpkihigfmkojdmmimdf - No path found[]
ehgldbbpchgpcfagfpfjgoomddhccfgh - No path found[]
gihfmmedoddijgnhkgfgnkeohkpbipol - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/21/2015 03:31 PM]
iehjklkgijkjfcfmmjmjlmcccholamaf - C:\Users\Danet\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx[]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.1.204\avg.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
iehjklkgijkjfcfmmjmjlmcccholamaf - C:\Users\Danet\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx[]
Avast Online Security - Danet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Danet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
DIM - Daorihime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna
Avast Online Security - Daorihime\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Chromium Fix ======================
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Danet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Danet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Danet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Danet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Daorihime\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Daorihime\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Daorihime\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Daorihime\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_
www.goodsearch.com_0.localstorage deleted successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_
www.goodsearch.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{b7fca997-d0fb-4fe0-8afd-255e89cf9671}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
{searchTerms} - Google Search"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
{searchTerms} - Bing"
{D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully
HKEY_USERS\S-1-5-21-636696485-1238617773-3939557220-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Danet\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Danet\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Daorihime\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Daorihime\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Danet\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Daorihime\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Daorihime\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Danet\AppData\Local\Mozilla\Firefox\Profiles\5qee2efv.default\cache2 emptied successfully
C:\Users\Danet\AppData\Local\Mozilla\Firefox\Profiles\sbig7g9s.default-1440394746061\cache2 emptied successfully
C:\Users\Daorihime\AppData\Local\Mozilla\Firefox\Profiles\aotqmu06.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Daorihime\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Danet\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Daorihime\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=6821 folders=921 2736181263 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Administrator.DanetsPC\AppData\Local\Temp emptied successfully
C:\Users\Danet\AppData\Local\Temp will be emptied at reboot
C:\Users\Daorihime\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Danet\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Tue 11/03/2015 at 18:18:35.00 ======================