Mark-ZOEK(2)

1.  
2. Zoek.exe v5.0.0.1 Updated 31-December-2015
3. Tool run by rterr on Sun 03/13/2016 at 19:05:01.33.
4. Microsoft Windows 10 Home 10.0.10586 x64
5. Running in: Normal Mode Internet Access Detected
6. Launched: C:\Users\rterr\Desktop\zoek.exe [Scan all users] [Script inserted]
7.  
8. ==== Older Logs ======================
9.  
10. C:\zoek-results2016-03-12-122934.log 63978 bytes
11.  
12. ==== System Restore Info ======================
13.  
14. 3/13/2016 7:08:00 PM Zoek.exe System Restore Point Created Successfully.
15.  
16. ==== Empty Folders Check ======================
17.  
18. C:\PROGRA~3\Comms deleted successfully
19. C:\PROGRA~3\SoftwareDistribution deleted successfully
20. C:\Users\rterr\AppData\Local\ActiveSync deleted successfully
21. C:\Users\rterr\AppData\Local\Adobe deleted successfully
22. C:\Users\rterr\AppData\Local\NetworkTiles deleted successfully
23. C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
24.  
25. ==== Deleting CLSID Registry Keys ======================
26.  
27. HKEY_USERS\S-1-5-21-3355830756-1789120713-3534354194-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D183557-EBD3-45CE-AD07-B196B7623836} deleted successfully
28. HKEY_USERS\S-1-5-21-3355830756-1789120713-3534354194-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully
29. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1D183557-EBD3-45CE-AD07-B196B7623836} deleted successfully
30.  
31. ==== Deleting CLSID Registry Values ======================
32.  
33.  
34. ==== Deleting Services ======================
35.  
36.  
37. ==== FireFox Fix ======================
38.  
39. Deleted from C:\Users\rterr\AppData\Roaming\Mozilla\Firefox\Profiles\hggoywmn.default\prefs.js:
40. user_pref("browser.search.defaultenginename", "Bing®");
41. user_pref("browser.search.defaultenginename.US", "Bing ");
42. user_pref("browser.search.selectedEngine", "Bing®");
43. user_pref("keyword.URL", "http://www.bing.com/search?FORM=SK2KDF&PC=SK2K&q=");
44. user_pref("browser.search.useDBForOrder", true);
45.  
46. Added to C:\Users\rterr\AppData\Roaming\Mozilla\Firefox\Profiles\hggoywmn.default\prefs.js:
47. user_pref("browser.startup.homepage", "about:home");
48. user_pref("browser.newtab.url", "about:newtab");
49.  
50. ==== Batch Command(s) Run By Tool======================
51.  
52.  
53. BITSADMIN version 3.0 [ 7.8.10586 ]
54. BITS administration utility.
55. (C) Copyright 2000-2006 Microsoft Corp.
56.  
57. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
58. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
59.  
60. Unable to cancel {77EBBF37-9D37-4BD1-948E-50A21D0A5075}.
61. {B2B64A48-4A5E-4367-B3D5-EEAE2AEA7AE2} canceled.
62. {A10AAA7B-210E-46D7-878B-CFEB663B0223} canceled.
63. {DE05D7D2-40CD-4CA7-8BA5-D4004CB7FF6C} canceled.
64. {CA36DE46-3170-424E-A2C5-5020C06B1835} canceled.
65. {982F3360-D2AE-454C-8F4F-96C261D0708E} canceled.
66. {C1B9A112-C781-4CFF-9FCA-5BEEA7DBC342} canceled.
67. {A36ABD13-6939-4F36-BF1A-E4571F347B09} canceled.
68. {8732F03C-948E-46EE-BE7E-E7ED3EFFEEEE} canceled.
69. 8 out of 9 jobs canceled.
70.  
71. Windows IP Configuration
72.  
73. Successfully flushed the DNS Resolver Cache.
74.  
75. ==== Deleting Files \ Folders ======================
76.  
77. C:\PROGRA~3\{C6FA530F-BB98-4D9F-BA00-45FD0698077C} deleted
78. C:\PROGRA~3\Package Cache deleted
79. C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
80. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
81. "C:\WINDOWS\Installer\6f94bec.msi" deleted
82. "c:\windows\Installer\12e67.msi" deleted
83.  
84. ==== Firefox Start and Search pages ======================
85.  
86. ProfilePath: C:\Users\rterr\AppData\Roaming\Mozilla\Firefox\Profiles\hggoywmn.default
87. user_pref("browser.startup.homepage", "about:home");
88. user_pref("browser.newtab.url", "about:newtab");
89.  
90. ==== Firefox Extensions Registry ======================
91.  
92. [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
93. "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon" [01/14/2016 03:54 AM]
94. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
95. "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon" [01/14/2016 03:54 AM]
96.  
97. ==== Firefox Extensions ======================
98.  
99. ProfilePath: C:\Users\rterr\AppData\Roaming\Mozilla\Firefox\Profiles\hggoywmn.default
100. - Bing Search - %ProfilePath%\extensions\bingsearch.full@microsoft.com.xpi
101.  
102. AppDir: C:\Program Files (x86)\Mozilla Firefox
103. - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
104.  
105. ==== Firefox Plugins ======================
106.  
107. Profilepath: C:\Users\rterr\AppData\Roaming\Mozilla\Firefox\Profiles\hggoywmn.default
108. B5CFBB8AC7C0069D80DBEAA72F3CE9E2 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll - Shockwave for Director / Shockwave for Director
109.  
110.  
111. ==== Chromium Look ======================
112.  
113. HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
114. cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx[11/05/2015 05:30 PM]
115. iikflkcanblccfahdhdonehdalibjnif - No path found[]
116.  
117. Norton Security Toolbar - rterr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
118. Norton Identity Safe - rterr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
119.  
120. ==== Chromium Fix ======================
121.  
122. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
123. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
124. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
125. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
126.  
127. ==== Set IE to Default ======================
128.  
129. Old Values:
130. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
131. "Start Page"="http://www.msn.com/"
132. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
133. "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
134. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
135.  
136. New Values:
137. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
138. "Start Page"="http://www.msn.com/"
139. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
140. "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
141.  
142. ==== All HKLM and HKCU SearchScopes ======================
143.  
144. HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
145. HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
146. HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
147. HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS
148. HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
149. HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
150. HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
151.  
152. ==== Reset Google Chrome ======================
153.  
154. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
155. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
156. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
157. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
158.  
159. ==== Reset IE Proxy ======================
160.  
161. Value(s) before fix:
162. "ProxyEnable"=dword:00000000
163.  
164. Value(s) after fix:
165. "ProxyEnable"=dword:00000000
166.  
167. ==== Deleting Registry Keys ======================
168.  
169. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0A5CBD84C137C642B25B695E31AA178 deleted successfully
170. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F6FC40519318F79468CF6471B476FCF7 deleted successfully
171. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1504CF6F-8139-497F-86FC-46174B67CF7F} deleted successfully
172. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
173. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A0A5CBD84C137C642B25B695E31AA178 deleted successfully
174. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F6FC40519318F79468CF6471B476FCF7 deleted successfully
175.  
176. ==== Empty IE Cache ======================
177.  
178. C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
179. C:\Users\rterr\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
180. C:\Users\rterr\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
181. C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
182. C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
183. C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
184. C:\Users\rterr\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
185. C:\Users\rterr\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
186. C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
187. C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
188.  
189. ==== Empty FireFox Cache ======================
190.  
191. C:\Users\rterr\AppData\Local\Mozilla\Firefox\Profiles\hggoywmn.default\cache2 emptied successfully
192.  
193. ==== Empty Chrome Cache ======================
194.  
195. C:\Users\rterr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
196.  
197. ==== Empty All Flash Cache ======================
198.  
199. No Flash Cache Found
200.  
201. ==== Empty All Java Cache ======================
202.  
203. No Java Cache Found
204.  
205. ==== C:\zoek_backup content ======================
206.  
207. C:\zoek_backup (files=32 folders=26 79417228 bytes)
208.  
209. ==== Empty Temp Folders ======================
210.  
211. C:\WINDOWS\Temp will be emptied at reboot
212.  
213. ==== After Reboot ======================
214.  
215. ==== Empty Temp Folders ======================
216.  
217. C:\WINDOWS\Temp successfully emptied
218. C:\Users\rterr\AppData\Local\Temp successfully emptied
219.  
220. ==== Empty Recycle Bin ======================
221.  
222. C:\$RECYCLE.BIN successfully emptied
223.  
224. ==== EOF on Sun 03/13/2016 at 19:58:38.71 ======================