Hi,
Please see response from Zoek scan below…
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by home on 12/05/2015 at 20:58:43.70.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\home\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/05/2015 21:01:20 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\iMesh Applications deleted successfully
C:\PROGRA~3\b6a6ba4b00003a75 deleted successfully
C:\Users\home\AppData\Roaming\TP deleted successfully
C:\Users\home\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\home\AppData\Local\CutePDF Writer deleted successfully
C:\Users\home\AppData\Local\PackageAware deleted successfully
C:\Users\home\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2331045729-1730503887-3497706767-1000\Software\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully
HKEY_USERS\S-1-5-21-2331045729-1730503887-3497706767-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\163ac2d4 deleted successfully
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\PROGRA~2\iMesh Applications not found
C:\PROGRA~2\LibraryProc deleted
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\iLivid deleted
C:\PROGRA~2\Toolbar Cleaner deleted
C:\PROGRA~2\adawaretb deleted
C:\prefs.js deleted
C:\Users\home\AppData\Roaming\WB.CFG deleted
C:\Users\home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk deleted
C:\Users\home\AppData\Roaming\Gameo deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\Ad-Aware Browsing Protection deleted
C:\PROGRA~3\blekko toolbars deleted
C:\PROGRA~3\Search Protection deleted
C:\PROGRA~3\iMesh deleted
C:\Users\home\AppData\Local\Ilivid Player deleted
C:\Users\home\AppData\Local\adawarebp deleted
C:\Users\home\AppData\Local\iMesh deleted
C:\Users\home\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh deleted
C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted
C:\Users\home\AppData\LocalLow\adawaretb deleted
C:\Users\home\AppData\LocalLow\wincoreimband deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\sho13E6.tmp deleted
C:\Windows\Syswow64\sho2043.tmp deleted
C:\Windows\Syswow64\sho2376.tmp deleted
C:\Windows\Syswow64\sho3A7D.tmp deleted
C:\Windows\Syswow64\sho48F0.tmp deleted
C:\Windows\Syswow64\sho4BAF.tmp deleted
C:\Windows\Syswow64\sho4F51.tmp deleted
C:\Windows\Syswow64\sho52CC.tmp deleted
C:\Windows\Syswow64\sho5B52.tmp deleted
C:\Windows\Syswow64\sho632.tmp deleted
C:\Windows\Syswow64\sho71A7.tmp deleted
C:\Windows\Syswow64\sho7C7F.tmp deleted
C:\Windows\Syswow64\sho82C.tmp deleted
C:\Windows\Syswow64\sho82C3.tmp deleted
C:\Windows\Syswow64\sho8432.tmp deleted
C:\Windows\Syswow64\sho8C38.tmp deleted
C:\Windows\Syswow64\shoAFBB.tmp deleted
C:\Windows\Syswow64\shoBCFE.tmp deleted
C:\Windows\Syswow64\shoC5CE.tmp deleted
“C:\Windows\Installer\1df2fb.msi” deleted
“C:\Windows\Installer\1df301.msi” deleted
“C:\Users\home\AppData\Local{2BE0E308-74ED-45BA-AAE3-75BFCF526C3C}” deleted
“C:\Users\home\AppData\Local{2DFDF731-764E-40F6-B675-9FB4646BD92D}” deleted
“C:\Users\home\AppData\Local{8C6FC69D-294C-4453-805B-E0D54D0BEDB3}” deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\2pm3cu45.default
user_pref(“browser.startup.homepage”, “www.google.co.uk”);
user_pref(“browser.search.defaultenginename”, “Google Default”);
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
“wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF” [20/04/2015 20:50]
==== Firefox Extensions ======================
ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\2pm3cu45.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com
- Digital More - %ProfilePath%\extensions{0cef6b7e-0113-4906-bfe9-170f19737b97}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\2pm3cu45.default
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
98137411B9C632095F919E2CE70B288A - C:\Users\home\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
37BC12D7E076F77D432C74DAAE08A138 - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\2pm3cu45.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll - 20-20 3D Viewer for IKEA
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/04/2015 20:49]
lfffjahnfbocnaooecgijfnbpcfekoik - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14/05/2013 13:27]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx
Bookmark Manager - home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Chromium Startpages ======================
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
“homepage”: “https://www.google.co.uk/”,
“startup_urls”: [ “http://binkiland.com/?f=7&a=bnk_d4w_15_13&cd=2XzuyEtN2Y1L1Qzu0FyCyDyD0FzyzyyDtCtC0CtC0DtDyB0DtN0D0Tzu0StCtCzztDtN1L2XzutAtFzytFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtDtA0EtAtBzz0BtGzz0FyE0DtG0CyCyBtCtG0CyDyCyCtGtDyDyCyDyDyEtCzyzyyCyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0AtAyCzy0E0CtG0FyEzz0CtGyEtDzz0FtGzz0FtB0AtGzy0CtAtA0E0B0CzzyC0CtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCtAzy&cr=856581784&ir=”, “http://www.bbc.co.uk/” ]
==== Chromium Fix ======================
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.msn.com/?pc=MSSE”
“Search Bar”=“http://www.bing.com”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@=“http://www.google.com/search?q=%s”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
“SearchAssistant”=“http://www.google.com/ie”
“Default_Search_URL”=“http://www.google.com/ie”
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://www.msn.com/?pc=MSSE”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
“(Default)”=“http://search.msn.com/results.asp?q=%s”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
“Tabs”=“about:newtab”
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
“Tabs”=“about:newtab”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE”
{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url=“http://www.google.com/search?q={sear”
{E2581550-A560-4D82-A1C6-3BA51BD44613} Google Url=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{163ac2d4} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\home\AppData\Local\Mozilla\Firefox\Profiles\2pm3cu45.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=6400 folders=204 523771211 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\home\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\home\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\home\AppData\Roaming\Macromedia\Flash Player#SharedObjects\YA5T5FRJ\launch.newsinc.com” not found
==== EOF on 13/05/2015 at 6:46:45.95 ======================
Regards,
Matt