Hello again,
Here are the results from ZOEK
Many thanks again for all this help
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by PETER on 13/06/2015 at 13:54:35.35.
Microsoft Windows 8.1 with Bing 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PETER\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
13/06/2015 13:58:56 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Aimersoft deleted successfully
C:\PROGRA~2\COMMON~1\Apple deleted successfully
C:\PROGRA~3\TuneClone deleted successfully
C:\Users\PETER\AppData\Roaming\freemkvtomp4converter deleted successfully
C:\Users\PETER\AppData\Roaming\Lexmark Productivity Studio deleted successfully
C:\Users\PETER\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\PETER\AppData\Local\EmieSiteList deleted successfully
C:\Users\PETER\AppData\Local\EmieUserList deleted successfully
C:\Users\PETER\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3999573631-4059578196-857441920-1001\Software\Microsoft\Internet Explorer\SearchScopes{7CED1749-44A8-4C7F-A8C4-8D49D43454BC} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Aimersoft not found
C:\PROGRA~3\SPL25A8.tmp deleted
C:\PROGRA~3\SPL5CC4.tmp deleted
C:\PROGRA~3\SPLB50F.tmp deleted
C:\PROGRA~3\SPLBF0B.tmp deleted
C:\PROGRA~3\SPLFD5.tmp deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
“wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF” [31/05/2015 15:36]
==== Chromium Look ======================
Google Chrome Version: 43.0.2357.124
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/04/2015 18:06]
Bookmark Manager - PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Chromium Startpages ======================
C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Preferences
95462,“https://www.google-analytics.com/“,7.745336524007111,“https://www.madbid.com/”,5.781125637188676]],[“https://www.youtube.com/”,[“https://fonts.gstatic.com/”,2.025335319191497,“https://i.ytimg.com/”,2.025335319191497,“https://s.ytimg.com/”,2.6138943008368893,“https://www.google.com/”,2.025335319191497]]],“startup_list”:[1,“http://localhost:18821/”,“http://localhost:27275/”,“http://ui.ff.avast.com/”,“http://www.google.co.uk/”,“http://www.google.com/”,“https://android.clients.google.com/”,“https://ssl.google-analytics.com/”,“https://ssl.gstatic.com/”,“https://www.google.co.uk/”,“https://www.gstatic.com/”]},“extensions”:{“alerts”:{“initialized”:true},“autoupdate”:{“last_check”:“13078079384225032”,“next_check”:“13078672556251302”},“chrome_url_overrides”:{“bookmarks”:[“chrome-extension://gmlllbghnfkpflemihljekbapjopfjik/bookmarks.html”,“chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html”]},“commands”:{“windows:Ctrl+D”:{“command_name”:”_execute_page_action",“extension”:“gmlllbghnfkpflemihljekbapjopfjik”,“global”:false}},“install_signature”:{“expire_date”:“2015-08-30”,“ids”:[“aapocclcgogkmnckokdopfmhonfmgoek”,“aohghmighlieiainnegkcijnfilokake”,“gmlllbghnfkpflemihljekbapjopfjik”,“gomekmidlodglbbmalcneegieacbdmki”],“invalid_ids”:[],“salt”:“Co8YX8I9v03pN1UWKjvkLNAzP3+acsXYsbX+o/2O7cU=”,“signature”:“MEHpK1FP+8pX+Jol0Rygs+o2kCHfwMXkeHfXyNV6TbKTHRfgmwk+Ajqdbcalfe4l0EfY5lPV0+hR/fJN7EaweFu5abY03DFNXM33YEnbO3hKkjCZ3m/EYNOhjhWV0BjeiSk54Yj9BT6QME2WMHYW0ZzpCX3OUUCvd5k0rTzeAe2FifZxQyoVKkBu7tPsqmzCwXFt3MObzXgGgY6wu/97KrWY2nqorVU1Z+OL0RMA6Xgt4/uaocf7kiO+EH03hJq40mhv/mvsVGrJtsHG0/mAykCObBOahk8QHvLBRio3ZrvBcd9lWqZSmQwclrtWd663b4WJdT8JI229+ULhoXuweA==”,“signature_format_version”:2,“timestamp”:“13078144650240645”},“last_chrome_version”:“43.0.2357.124”,“toolbar”:[“gomekmidlodglbbmalcneegieacbdmki”]},“first_run_tabs”:[“http://welcome_page”],“gcm”:{“check_time”:“13078250767842319”},“hotword”:{“previous_language”:“en-GB”},“http_original_content_length”:“17586827”,“http_received_content_length”:“17586827”,“intl”:{“accept_languages”:“en-GB,en-US,en”},“invalidator”:{“client_id”:“RxztdKMehqnOxm8qTX8khQ==”},“media”:{“device_id_salt”:“g2E9WE1+0DCixWTkTCp48g==”},“net”:{“http_server_properties”:{“servers”:{“accounts.google.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:29963},“supports_spdy”:true},“ajax.googleapis.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“android.clients.google.com:443”:{“supports_spdy”:true},“apis.google.com:443”:{“supports_spdy”:true},“cache.pack.google.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“chrome.google.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“supports_spdy”:true},“clients1.google.com:443”:{“network_stats”:{“srtt”:32900},“supports_spdy”:true},“clients2.google.com:443”:{“supports_spdy”:true},“clients2.googleusercontent.com:443”:{“supports_spdy”:true},“clients4.google.com:443”:{“supports_spdy”:true},“csi.gstatic.com:443”:{“supports_spdy”:true},“csi.gstatic.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“f.vimeocdn.com:443”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“f.vimeocdn.com:80”:{“alternative_service”:[{“port”:80,“probability”:1.0,“protocol_str”:“quic”}]},“fonts.googleapis.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:36587},“supports_spdy”:true},“fonts.googleapis.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“fonts.gstatic.com:443”:{“supports_spdy”:true},“fonts.gstatic.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“i.ytimg.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:30876},“supports_spdy”:true},“id.google.co.uk:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“supports_spdy”:true},“oauth.googleusercontent.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:30010},“supports_spdy”:true},“r5---sn-cn3tc-ac5l.c.pack.google.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“s.ytimg.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:31091},“supports_spdy”:true},“ssl.google-analytics.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:32353},“supports_spdy”:true},“ssl.gstatic.com:443”:{“supports_spdy”:true},“ssl.gstatic.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“stats.g.doubleclick.net:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:38897},“supports_spdy”:true},“www.google-analytics.com:443”:{“network_stats”:{“srtt”:33365},“supports_spdy”:true},“www.google-analytics.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“www.google.co.uk:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:28912},“supports_spdy”:true},“www.google.co.uk:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“www.google.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“network_stats”:{“srtt”:45116},“supports_spdy”:true},“www.google.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]},“www.googleapis.com:443”:{“alternative_service”:[{“port”:443,“probability”:1.0,“protocol_str”:“quic”}],“supports_spdy”:true},“www.gstatic.com:443”:{“supports_spdy”:true},“www.youtube.com:443”:{“supports_spdy”:true},“www.youtube.com:80”:{“alternative_service”:[{“port”:80,“probability”:0.0,“protocol_str”:“quic”}]}},“supports_quic”:{“address”:“192.168.0.10”,“used_quic”:true},“version”:3}},“password_bubble”:{“nopes”:0},“plugins”:{“migrated_to_pepper_flash”:true,“plugins_list”:[],“removed_old_component_pepper_flash_settings”:true},“profile”:{“avatar_index”:26,“content_settings”:{“exceptions”:{“app_banner”:{},“auto_select_certificate”:{},“automatic_downloads”:{},“cookies”:{},“fullscreen”:{},“geolocation”:{},“images”:{},“javascript”:{},“media_stream”:{},“media_stream_camera”:{},“media_stream_mic”:{},“metro_switch_to_desktop”:{},“midi_sysex”:{},“mixed_script”:{},“mouselock”:{},“notifications”:{},“plugins”:{},“popups”:{},“ppapi_broker”:{},“protocol_handlers”:{},“push_messaging”:{},“ssl_cert_decisions”:{}},“pattern_pairs”:{},“pref_version”:1},“exit_type”:“Normal”,“exited_cleanly”:true,“icon_version”:3,“managed_user_id”:“”,“migrated_content_settings_exceptions”:true,“migrated_default_content_settings”:true,“migrated_default_media_stream_content_settings”:true,“name”:"First user”,“per_host_zoom_levels”:{}},“protection”:{“macs”:{}},“session”:{“restore_on_startup_migrated”:true,“startup_urls_migration_time”:“13077561018437318”},“sync_promo”:{“show_on_first_run_allowed”:false},“translate_blocked_languages”:[“en”],“translate_whitelists”:{}}
pknbcohdijeoejaedia\8.1_0",“preferences”:{},“regular_only_preferences”:{},“state”:1,“was_installed_by_default”:true,“was_installed_by_oem”:false}}},“pinned_tabs”:,“protection”:{“macs”:{“browser”:{“show_home_button”:“AAE59B3A580ACBA948BAB5A5A9A0D4FCFD0634FBD41F88F4B721ADF9684D25E1”},“default_search_provider”:{“keyword”:“5CC5325C5CFD2336064C3B8845180022124F2AFA4AD6DEB1183776A641D938D2”,“name”:“8F9D19B1288D6F1CF9A700140A69FED8455D8281D788A3B5F7909A65DDB8CA81”,“search_url”:“1A27C62DF348D708DCCE08761AE13AA9A64F68845FDFBED8FAB76F9D2022036B”},“default_search_provider_data”:{“template_url_data”:“777FA3BB1DFCFC2BA5C799C39D8E28233A7DAF41D4B161E71FB4A384040B9045”},“extensions”:{“settings”:{“aapocclcgogkmnckokdopfmhonfmgoek”:“0399217FB3123255FE972AD8E3223E9E0C92DBCA488A9C9B445047D9D363223B”,“ahfgeienlihckogmohjhadlkjgocpleb”:“564B87927C91A4B719E58288CD79A38592C7A4A16494431ABEC37C680BC6C48E”,“aohghmighlieiainnegkcijnfilokake”:“5989A10F41BDE755D357446B947F900CCCC39D9D590BE213F26D4516E9ABB0A9”,“apdfllckaahabafndbhieahigkjlhalf”:“0C906A4E18A968032A30FE42FB562C56773B0DB5FA62F20BEAD3110923690B08”,“bepbmhgboaologfdajaanbcjmnhjmhfn”:“FEFCD3DA8473586F9C7F04EB7A5C81C207CE8DF754BFE61D2FAA3A5D4C5D377F”,“blpcfgokakmgnkcojhhkbfbldkacnbeo”:“2384AA4EBB14164B204708540E6BA825D266CDF07CB50A77607B57BD358EFCC8”,“coobgpohoikkiipiblmjeljniedjpjpf”:“0D972709861B4A0AB1DB7E303B44EEA6EBD7249D39B6A4F2891E2861399ED5ED”,“eemcgdkfndhakfknompkggombfjjjeno”:“C2C3623A471373548B36CD4186A3B5A3E2DD899284E776E28A03CCE805D8D8D4”,“ennkphjdgehloodpbhlhldgbnhmacadg”:“C36D3FAE7293227C014561FCD0A3F0037FAF459B6F42A5882E8EDE4EBB54E3F6”,“felcaaldnbdncclmgdcncolpebgiejap”:“3FBE587332F46BC5D9800E9CEA710304A4B172FAAF8DF079A1E30A4E85434D6F”,“gfdkimpbcpahaombhbimeihdjnejgicl”:“D9040DF3CC440D5AEE3C58100E5B3EA7D9E65FF7018505A4BDC64717826D4670”,“gmlllbghnfkpflemihljekbapjopfjik”:“05B965E0E5B7CCA36F365A6753625B4D8979D34A0B8A939171C1B6B9EC6B485E”,“gomekmidlodglbbmalcneegieacbdmki”:“6EEBC2BD754E4B322F617ABDEF40B4852254D9D39E9F8E90F806698F883EE9DF”,“kmendfapggjehodndflmmgagdbamhnfd”:“19FD4236B8C2A018E18B26959A85BCD3F8F64AA215CC39911D80386C3CDAA4E4”,“lccekmodgklaepjeofjdjpbminllajkg”:“CA0F916E0C0EF0891E67D13B254AA8309F7BC81637B392022CC838DE732EA76C”,“mfehgcgbbipciphmccgaenjidiccnmng”:“07D49BD3BFC82198B1796854DFA558F4C59A563347DA37583335BB722870FE06”,“mgndgikekgjfcpckkfioiadnlibdjbkf”:“2B166213401450D2961B7158E369346FD4A5ADC4B12264C6CA8B8B6B3B8A04BA”,“mhjfbmdgcfjbbpaeojofohoefgiehjai”:“2B0A36A1EF39D27746D8E4B106B1791708FFA0A844938CE3D9003CB685B37A97”,“nbpagnldghgfoolbancepceaanlmhfmd”:“507948697E470AC0C5E1DE55554088C990F2538D8B684605488B46BB0E371C4C”,“neajdppkdcdipfabeoofebfddakdcjhd”:“255C94B6F55AB3BE919EFC6AF2C3DDF5F404F4F560764D481E50182B5F47EA2D”,“nkeimhogjdpnpccoofpliimaahmaaome”:“DD1F2B9B8035B9D1A35676A84375AFB6E5613B1A23CFD79F81ECAA721BD8FE91”,“nmmhkkegccagdldgiimedpiccmgmieda”:“5AA3A60A0BF793B27C2B03C3298C8F32F79370D4A82118B595BEBC4F1B9BEA8F”,“pafkbggdmjlpgkdkcbjmhmfcdpncadgh”:“2B51ED19D941F9F06E03FE8A6940423EEE18C8FC89B01887498166C3AA11B60A”,“pjkljhegncpnkpknbcohdijeoejaedia”:“EBB333E9B4F3465F39D051457B863E364E9E0C7FA74DD04037DF054797BE8149”}},“google”:{“services”:{“last_username”:“6C84C21C19969D9FE705DA24F5FDE55F6ECCD3A73A236648A308E6D239AF85B3”,“username”:“10EC52DE3C3569C79EF711CF4FF566C4A20883FBD5EB772A5E45FCB606AFC5CC”}},“homepage”:“9A7C99FDD289E8856075DDB8012B1BC70521F254590339AF504427956D67E4F5”,“homepage_is_newtabpage”:“0D9FAE92A486A707F9F3361BF65A2DF30D1A03496980D4A2151747BA74CC94E1”,“pinned_tabs”:“49B3B88A302C8F4246417733CD3BAC001B170DEB8EB0C306554246C9E52A6B1D”,“prefs”:{“preference_reset_time”:“8948049BF31DF7CE2B4203FA551C2678019DF1FF13A0E711F1279B6997EDD5D3”},“profile”:{“reset_prompt_memento”:“0B320D6CF5EB468E48BB0974A6BAD6F20F9D8D20AE918C5AD936463214FB68D2”},“safebrowsing”:{“incidents_sent”:“E059230A478CD03BBA2D026D63AC05E43EF6E7C4B75463211290AFC887EA65A9”},“search_provider_overrides”:“CD15C68469C4933B23DC7D894B8C6CE49BD90E45F1F63FEDE34CA8F029C1CF8E”,“session”:{“restore_on_startup”:“364F452B0995B551330224B44AAC212BBE28FED24DCE299CCCD963554BE1754D”,“startup_urls”:“1CD602EC68AD0981FF1B23853BB2C416D960725D87D7A03DDC877810BEF53AC8”},“software_reporter”:{“prompt_reason”:“177973F148F30F017A95ABDC47CA624AFF8719CF8EDAE489D1D2AC0D2EDB4E92”,“prompt_seed”:“AD9D402ECD7090ADD67C5DBB80CED081694491D33BE468E5EEA937B77553EEF3”,“prompt_version”:“5A37AF1B2EF4D44B82FFF8F7AA8D1FDA2CB2C89CC77926902C7CAECCA506C044”},“sync”:{“remaining_rollback_tries”:“D36EF0C78A5DA09F055ADA38341919E9F76D7CD5E813EBBB63808FD8824104BD”}},“super_mac”:“C04728E009E68111E8A26A24D3BC104499AE91C5B9F3D8758D27DCEA33121FA2”},“session”:{“restore_on_startup”:4,“startup_urls”:[“http://www.google.com/”]}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“https://www.google.co.uk/”
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“https://www.google.co.uk/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{F0430120-BB35-4948-9F4D-1BB3C8FC6D4C}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{F0430120-BB35-4948-9F4D-1BB3C8FC6D4C} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=WCUG”
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\PETER\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=14 folders=9 50665816 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\PETER\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\PETER\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:$RECYCLE.BIN successfully emptied
==== EOF on 13/06/2015 at 14:16:21.39 ======================