Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Living Room on Mon 05/25/2015 at 16:46:10.09.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Living Room\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
5/25/2015 5:46:27 PM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\Runtime Software deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\Users\Living Room\AppData\Roaming\15853 deleted successfully
C:\Users\Living Room\AppData\Roaming\22508 deleted successfully
C:\Users\Living Room\AppData\Roaming\24447 deleted successfully
C:\Users\Living Room\AppData\Roaming\asoftech deleted successfully
C:\Users\Living Room\AppData\Roaming\DVD Flick deleted successfully
C:\Users\Living Room\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Living Room\AppData\Local\Bundled software uninstaller deleted successfully
C:\Users\Living Room\AppData\Local\Unity deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-155920243-2648623898-2564677760-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hshld deleted successfully
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Runtime Software not found
C:\PROGRA~2\Samsung not found
C:\PROGRA~2\iExplorer deleted
C:\windows\SysNative\Tasks\0414bUpdateInfo deleted
C:\PROGRA~3\{a66f28fa-34f1-5fec-a66f-f28fa34fa3e8} deleted
C:\Users\Living Room\AppData\LocalLow\Conduit deleted
C:\Users\Living Room\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
C:\PROGRA~2\Windows Password Recovery Tool Professional deleted
C:\PROGRA~2\Hotspot Shield deleted
C:\PROGRA~2\Conduit deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\2C+62062%25252C+1362542470%252529%25253Buf%252528%252527r%252527%25252C+2800648%25252C+1362542470%252529%25253B%2526ccd%253D%2525212wUcMwj4jR8QiPiqARiy_AkgBA.[1].js deleted
C:\2C+62062%25252C+1362542482%252529%25253Buf%252528%252527r%252527%25252C+2800648%25252C+1362542482%252529%25253B%2526ccd%253D%2525212wUcMwj4jR8QiPiqARiy_AkgBA.[1].js deleted
C:\Users\Living Room\AppData\Roaming\Wondershare deleted
C:\Users\Living Room\AppData\Roaming\Hotspot Shield deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\wmpp.dat deleted
C:\PROGRA~3\Avg_Update_0215tb deleted
C:\PROGRA~3\Avg_Update_0414b deleted
C:\PROGRA~3\Avg_Update_1214tb deleted
C:\PROGRA~3\Hotspot Shield deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Living Room\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\tasks\0414bUpdateInfo.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\Hotspot Shield deleted
"C:\Windows\Installer\250ec18f.msi" deleted
==== Chromium Look ======================
Google Chrome Version: 43.0.2357.81
AdBlock - Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
ProxMate - Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki
Chrome Hotword Shared Module - Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
==== Chromium Startpages ======================
C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Preferences
tent_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"has_declarative_rules":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13071981112967028","lastpingday":"13077010799111487","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"
https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"
https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"
http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"
https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"56134BE0EF454CBD16900925A810B4F7C0775EE61B6BFDE2ED72785421B40827"},"default_search_provider":{"keyword":"57CBE270B6B336C30575C953E207C56EA7E896CA9C71D35439EE147F00576616","name":"9E0F5296C85937AA8AC828DF0510EA410F951624E0329FB75EF59F15DB319564","search_url":"7B07041C8B2C42F78303F71E64E2B04F84426ADFCE617B8E21EC0E6C5FB5C1EF"},"default_search_provider_data":{"template_url_data":"87F9AD718B6F978BA21E5BBBD2E9F65A408CD8392715B70CE4401EC5F3697F62"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"17109C86B926A33B9527C0F5A384411DF16BA4E8EBE675FD03474E68DCD2F746","aohghmighlieiainnegkcijnfilokake":"403432DCFC4B83777E2D62EA3F8C0E01226CF5D17681147A5132B57CBAC10F9C","apdfllckaahabafndbhieahigkjlhalf":"B29D2D10BA57E2EED863F737BE29DC0721DFD9F3A3682B64D8FC797BD3166F51","bepbmhgboaologfdajaanbcjmnhjmhfn":"1166FCC25DFC2F6FA16C506B4B8313A7318D811373974397043BBF76A06A1F0F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"EFA42316720EFD20697A627F70F3C8801A974C6BF062C664B00149E336ED638E","bopakagnckmlgajfccecajhnimjiiedh":"B60D35FF57F587A522405ADA661E854F0BC576020C4D65A1147BB902E26121BD","coobgpohoikkiipiblmjeljniedjpjpf":"3190897535314576BDFF237CBE2F62C02BE9F12D24CC9D449B680BC07B6A20F5","dnhpdliibojhegemfjheidglijccjfmc":"02448B693E449D641FBC52C3EDF8553071CF760CF512E1C5E6D7B647269078A5","eemcgdkfndhakfknompkggombfjjjeno":"33003368023B7CC752DE17DB85A01850F576E667E7D943DB1C1477741D609E6A","ennkphjdgehloodpbhlhldgbnhmacadg":"0EB2AC02FE19FACA0557E4B1453A01990A956FAC80BB52D1475A5C73468F37AF","flllaefendgkfhdjnnmjkfchebmmiiai":"1D97AE07331A336AF34A0AB516458B5405523582DCEBD92A0C035B3908ECAEC6","gfdkimpbcpahaombhbimeihdjnejgicl":"9A5B5DF2C5FE80BB6AFFE3D2BB2C2CD06F77172E94DD8C44BF7EC574774D3577","gighmmpiobklfepjocnamgkkbiglidom":"3D859793DD3B85484CA4578D7BEB10398FA3420F29208468801668A11DBDA075","ifalmiidchkjjmkkbkoaibpmoeichmki":"40E92A8760BBD2F76D7500DF264BC63BE6AAA2CAB381F81536024DA31AE34157","khacmeffkobhfmndjomlnbblkdfmgnjg":"FE59E265A60C3852945305CF01432426742FB6165DFC98DB170DF714F017C48A","kmendfapggjehodndflmmgagdbamhnfd":"364BF8D6B0E180D83CF2BB4CB8F3A326E30328E5957DBF68AB19EDD6B78002F9","knipolnnllmklapflnccelgolnpehhpl":"DE52BE103C9C3832EEE59D05522C77849E7A6B3018797AD88D1123B5738DA030","lccekmodgklaepjeofjdjpbminllajkg":"E0821B97606D05992928343F868D147018CD54B5166C7EF7829AAE77E59D799E","mfehgcgbbipciphmccgaenjidiccnmng":"19F0228D40B7972F265F9981B5457F14F16E46921FB7DBC41F3B02AFA508E165","mgndgikekgjfcpckkfioiadnlibdjbkf":"C0DB2DCDCCD7D44170431BBD4B95E4F687C3CA28E52F39CB32D593B294FD7682","mhjfbmdgcfjbbpaeojofohoefgiehjai":"0C53DF620CB0412629D7B3E135EB76772F6F3EE01732F964920E7A80A0B76F7D","nbpagnldghgfoolbancepceaanlmhfmd":"7EEE10F2F460764864485AA2991554C71BD66DCD7439798D371AFBF1D53D60C3","ndibdjnfmopecpmkdieinmbadjfpblof":"71A6D4FB5D1EC75469751A031AEAB295216B41083B12E118B49710356FFB07B3","neajdppkdcdipfabeoofebfddakdcjhd":"EA25A0EF431E1CFA4007BF618AB720439C3739C465B10546EAB776A9D7016B75","ngkdkjcpebmjehnmifmggipfeeikgibo":"27BE524FED864980F5980A446EAFFAFF552C16E30CB9D2AC5312AEDAD7D610E4","nkeimhogjdpnpccoofpliimaahmaaome":"1F17E5A0AD54230BCAA5D319AD8BBB66C9F53A4EC6E7EE8DAE4E31FF7B76CE54","nmmhkkegccagdldgiimedpiccmgmieda":"0C1ABC7833066ABC191BDEE6DEA28C716B6D744E295562FBFB1C6A62D1075744","ohndfobmingccdaiefnbopoapjjgcgfp":"A8DA38D8BCDE0FA0F244B39DE291BFE18CAEA6D081BEF6A445553776F943A84C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"EBE34A273674B02EF8EDF9A9952B0DD74100421354C28835EE3893BAE490CE43","pjkljhegncpnkpknbcohdijeoejaedia":"F93CFECBBFB4975DB5807EDF6D6816E1901553C182634550FE2A222E3A743BFC"}},"google":{"services":{"last_username":"75C9688FCD61259311FF59113644B4752FE2A61429786C23130B1BEABCD3A630","username":"0535B1446701F641137A23774F5388301B5172026AEFF351B3A73EF60F11B393"}},"homepage":"FCA77F1926E51E9F37E18183E5B686BBDE1B7C214457FB28D5EB4E84BEB25854","homepage_is_newtabpage":"620A5E5C135B93D0ED0C76B00A887ED2300115DB99097C5B122A0B75313CFCE5","pinned_tabs":"8893C23CD87FF1BA47DEEB6FE53A44E37C40F1EEED7C5EB3BA6ADCF09DC8E3DE","prefs":{"preference_reset_time":"8D6E1312D6F5269E09D3F3CAEB78299CC3CB7BE8A0F713A96477717C2A58CB81"},"profile":{"reset_prompt_memento":"1EB4BEE8D1CBD572211A6E57E3B5B2F7387C1521F3CA15388EA4BE8608F1B97D"},"safebrowsing":{"incidents_sent":"8EA26295A17DC4CECAFAF33785B6A76B56B8D01A1EBDBAB8B3CBCFFD4BAC8F68"},"search_provider_overrides":"AECB18E0C9E30EE096521E062D03496F9FEEC55745D1C2DA274E75746F8BEB5F","session":{"restore_on_startup":"BBAAC8CA1916CF250ED3F2AEE42F2FE035D0C1886BD036BA953FF04D415F0572","startup_urls":"D4ADFB7D8108BED974D41E124B08A13EA78C88F5FBC2849CDD6C8937E72083D5"},"software_reporter":{"prompt_reason":"4DFF15C513421E1045B89E714D9B0A8D9C49FDC9CC10E1A540E5A980195E547A","prompt_seed":"AF1D8E9BF995A4EEBED9FF8BE69CEB9667272205B722E8B2335C30B2AFB1B31F","prompt_version":"3CF2597C15725E23B89F3B8D28AB8967AEAC21EC162057259CFDD5A46BE62B9E"},"sync":{"remaining_rollback_tries":"ECABB9B4DD77D0709C30AC85AFE912D6D6CFC398B293CCDE9290BB4A49570BBA"}},"super_mac":"777CA5E785E54E31F98EE15B6D2762D1DB6E65421DD31BBB91E02CC6E56B907A"},"session":{"restore_on_startup":4,"startup_urls":["
http://google.com/"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F032EE83136FF15488002EF9E5C5E9D7 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38EE230F-F631-451F-8800-E29F5E5C9E7D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F032EE83136FF15488002EF9E5C5E9D7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Living Room\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=452 folders=90 148874132 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Living Room\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\LIVING~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Mon 05/25/2015 at 18:21:09.60 ======================