Zoek.exe Version 4.0.0.2 Updated 13-June-2013 Tool run by Administrator on vr 14/06/2013 at 12:42:46,56. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== Deleted from C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ren02nd5.default\prefs.js: Added to C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ren02nd5.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.be/"); user_pref("browser.search.selectedEngine", "Google"); Added to C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ren02nd5.default user.js not found ---- Lines s3djhaa@fvpf-tpoaye.co.uk removed from prefs.js ---- ---- Lines s3djhaa@fvpf-tpoaye.co.uk modified from prefs.js ---- ---- Lines eeiu01eihxn@e-douc.com removed from prefs.js ---- ---- Lines eeiu01eihxn@e-douc.com modified from prefs.js ---- ---- Lines Lyric removed from prefs.js ---- ---- Lines Lyric modified from prefs.js ---- ---- Lines Customized removed from prefs.js ---- ---- Lines Customized modified from prefs.js ---- ---- Lines yontoo removed from prefs.js ---- ---- Lines yontoo modified from prefs.js ---- ---- Lines Downloader.com removed from prefs.js ---- ---- Lines Downloader.com modified from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ---- ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ---- ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ---- ---- Lines OneClickDownload removed from prefs.js ---- ---- Lines OneClickDownload modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20131406_1244_.backup ProfilePath: C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default user.js not found ---- Lines s3djhaa@fvpf-tpoaye.co.uk removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"elemhidehelper@adblockplus.org\":{\"version\":\"1.2.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\fre\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\o5g4k45t.default\\\\extensions\\\\elemhidehelper@adblockplus.org.xpi\"},\"torntv2@torntv.com\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\fre\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\o5g4k45t.default\\\\extensions\\\\torntv2@torntv.com.xpi\"},\"ftdownloader3@ftdownloader.com\":{\"version\":\"3.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\fre\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\o5g4k45t.default\\\\extensions\\\\ftdownloader3@ftdownloader.com.xpi\"},\"s3djhaa@fvpf-tpoaye.co.uk\":{\"version\":\"1.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\fre\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\o5g4k45t.default\\\\extensions\\\\s3djhaa@fvpf-tpoaye.co.uk\"},\"eeiu01eihxn@e-douc.com\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Documents and Settings\\\\fre\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\o5g4k45t.default\\\\extensions\\\\eeiu01eihxn@e-douc.com\"}}"); user_pref("extensions.s3djhaa@fvpf-tpoaye.co.uk.install-event-fired", true); ---- Lines s3djhaa@fvpf-tpoaye.co.uk modified from prefs.js ---- ---- Lines eeiu01eihxn@e-douc.com removed from prefs.js ---- user_pref("extensions.eeiu01eihxn@e-douc.com.install-event-fired", true); ---- Lines eeiu01eihxn@e-douc.com modified from prefs.js ---- ---- Lines Lyric removed from prefs.js ---- user_pref("extensions.addlyrics.id", "1356965817973-c93a5d9cbe50"); user_pref("extensions.addlyrics@addlyrics.net.install-event-fired", true); ---- Lines Lyric modified from prefs.js ---- ---- Lines Customized removed from prefs.js ---- user_pref("extensions.testpilot.alreadyCustomizedToolbar", true); ---- Lines Customized modified from prefs.js ---- ---- Lines yontoo removed from prefs.js ---- user_pref("extensions.plugin@yontoo.com.install-event-fired", true); ---- Lines yontoo modified from prefs.js ---- ---- Lines Downloader.com removed from prefs.js ---- user_pref("extensions.ftdownloader3@ftdownloader.com.install-event-fired", true); user_pref("extensions.OneClickDownloader@OneClickDownloader.com.install-event-fired", true); ---- Lines Downloader.com modified from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ---- user_pref("extensions.{33e0daa6-3af3-d8b5-6752-10e949c61516}.install-event-fired", true); ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ---- ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ---- user_pref("extensions.{1FD91A9C-410C-4090-BBCC-55D3450EF433}.install-event-fired", true); ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ---- ---- Lines OneClickDownload removed from prefs.js ---- user_pref("extensions.OneClickDownloader.last_register", "2012-6-28"); user_pref("extensions.OneClickDownloader.SupportedSite", "[]"); user_pref("extensions.OneClickDownloader.UserID", "10.54.167.2344fca196fd10d62.22553599"); ---- Lines OneClickDownload modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20131406_1244_.backup ==== Deleting Files \ Folders ====================== "C:\WINDOWS\tasks\schedule1173230912.job" not found "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\ftdownloader3@ftdownloader.com.xpi" deleted "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi" deleted "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi" deleted "C:\WINDOWS\System32\NEW40.tmp" deleted "C:\WINDOWS\System32\NEW4B.tmp" deleted "C:\WINDOWS\System32\NEW56.tmp" deleted "C:\WINDOWS\System32\NEW62.tmp" deleted "C:\WINDOWS\System32\SET30.tmp" deleted "C:\WINDOWS\System32\SET3B.tmp" deleted "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\ftdownloader3@ftdownloader.com.xpi" deleted "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi" deleted "C:\Program Files\Hotspot Shield\bin\hsswd.exe" deleted "C:\Program Files\Hotspot Shield\bin\libcurl.dll" deleted "C:\Program Files\Hotspot Shield\bin\libeay32.dll" deleted "C:\Program Files\Hotspot Shield\bin\libidn-11.dll" deleted "C:\Program Files\Hotspot Shield\bin\libssl32.dll" deleted "C:\Program Files\Hotspot Shield\bin\openvpnas.exe" deleted "C:\Program Files\Hotspot Shield\log\oas.log" not deleted "C:\Documents and Settings\All Users\Application Data\BetterSoft\OptimizerPro\OptimizerPro.exe" deleted "C:\Documents and Settings\All Users\Application Data\sAAffe siave" deleted "C:\Documents and Settings\All Users\Application Data\SearchNewTab" deleted "C:\Program Files\BrowseToSave" deleted "C:\Program Files\GoforFiles" deleted "C:\Program Files\Hotspot Shield" not deleted "C:\Documents and Settings\All Users\Application Data\BetterSoft" not deleted "C:\Documents and Settings\All Users\Application Data\InstallMate" deleted "C:\Documents and Settings\All Users\Menu Start\Programma's\Smart PC Solutions\Smart Driver Updater" deleted "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\jetpack" deleted "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\s3djhaa@fvpf-tpoaye.co.uk" deleted "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\eeiu01eihxn@e-douc.com" deleted "C:\Program Files\Hotspot Shield\bin" not deleted "C:\Program Files\Hotspot Shield\hsswd" not deleted "C:\Program Files\Hotspot Shield\log" not deleted "C:\Program Files\Hotspot Shield\hsswd\default" not deleted "C:\Documents and Settings\All Users\Application Data\BetterSoft\OptimizerPro" not deleted ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default - Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff - HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi - NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi - XJZ Survey Remover - %ProfilePath%\extensions\survey-remover@gmx.com.xpi - Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi - MAFIAAFire: ThePirateBay Dancing - %ProfilePath%\extensions\thepiratebay@mafiaafire.com.xpi - Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi - Torntv - %ProfilePath%\extensions\torntv@torntv.com.xpi ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ren02nd5.default 7ABE33792F2787D599B6963E71B9E8CD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash D40B9183C149CE2CBBE93AC1A275BDA9 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 036CA317C20DF6A8FE39CA31882290AD - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U32 1C27D3E29218B6EADDB87A6B335637E3 - C:\WINDOWS\System32\npdeployJava1.dll - Java Deployment Toolkit 6.0.320.5 28D2C5CE5944E1B027CF5C8004CF89A1 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\System32\npptools.dll - Besturingssysteem Microsoft® Windows® ==== Deleting Files \ Folders ====================== "C:\Documents and Settings\fre\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\extensions\torntv@torntv.com.xpi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bbffdhejhaoiflnpooogkckfdcmmjppn - C:\Program Files\FTDownloader.com\FTDownloader10.crx[] kdlfddggdloaadnphbhejknhaggjaeld - C:\Program Files\AddLyrics\Chrome.crx[] nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[] sAAffe siave - fre - Default\Extensions\dcbiidpbmppdkkncdlfllckglcjcjfml SearchNewTab - fre - Default\Extensions\fdockmdfilaoinmjojdapojncdikfgfi ==== Chrome Fix ====================== C:\Documents and Settings\fre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcbiidpbmppdkkncdlfllckglcjcjfml deleted successfully C:\Documents and Settings\fre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdockmdfilaoinmjojdapojncdikfgfi deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" "bProtectTabs"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={320DA316-28B7-4565-9591-300101118D7E}&mid=810dac52889447d0afe7d15599764b92-aa8792e24f52b24033b7fd87dadf6a00e65fd6c4&lang=nl&ds=AVG&pr=pr&d=2012-05-05" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1606980848-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully HKEY_CLASSES_ROOT\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdlfddggdloaadnphbhejknhaggjaeld deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\fre\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ren02nd5.default\Cache emptied successfully C:\Documents and Settings\fre\Local Settings\Application Data\Mozilla\Firefox\Profiles\o5g4k45t.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\fre\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Hotspot Shield\log\oas.log" not found "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\Hotspot Shield" not found "C:\Documents and Settings\All Users\Application Data\BetterSoft" not found ==== EOF on vr 14/06/2013 at 12:51:18,14 ======================