Zoek.exe Version 4.0.0.4 Updated 21-07-2013 Tool run by Mathias on di 23/07/2013 at 19:13:17,60. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Mathias\Downloads\zoek.exe [Script inserted] ==== System Restore Info ====================== 23/07/2013 19:15:04 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4154593163-2427718269-1763425979-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-4154593163-2427718269-1763425979-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully HKEY_USERS\S-1-5-21-4154593163-2427718269-1763425979-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully HKEY_USERS\S-1-5-21-4154593163-2427718269-1763425979-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4154593163-2427718269-1763425979-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\irv6jvzz.default user.js not found ---- Lines CT2865317 removed from prefs.js ---- user_pref("CT2865317.1000234.TWC_TMP_city", ""); user_pref("CT2865317.1000234.TWC_TMP_country", "BE"); user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.FirstTime", "true"); user_pref("CT2865317.FirstTimeFF3", "true"); user_pref("CT2865317.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q="); user_pref("CT2865317.UserID", "UN33829045906782231"); user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2865317.autoDisableScopes", -1); user_pref("CT2865317.browser.search.defaultthis.engineName", true); user_pref("CT2865317.cbcountry_001", "BE"); user_pref("CT2865317.cbfirsttime", "Fri Oct 26 2012 15:07:24 GMT+0200 (Romance (zomertijd))"); user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":true,\"jsInjection\":true,\"sslGranted\":true}},{\"appId\":\"129416029873125873\",\"apiPermissions\":{\"crossDomainAjax\":false,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":true,\"jsInjection\":false,\"sslGranted\":false},\"originalHeight\":26},{\"appId\":\"129544682758064198\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":true,\"jsInjection\":true,\"sslGranted\":false},\"originalHeight\":24}]"); user_pref("CT2865317.enableAlerts", "always"); user_pref("CT2865317.enableSearchFromAddressBar", "true"); user_pref("CT2865317.firstTimeDialogOpened", "true"); user_pref("CT2865317.fixPageNotFoundError", "true"); user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2865317.fixUrls", true); user_pref("CT2865317.installId", "fftF00A.tmp.exe"); user_pref("CT2865317.installType", "XPE"); user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.isNewTabEnabled", true); user_pref("CT2865317.isPerformedSmartBarTransition", "true"); user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2865317.keyword", true); user_pref("CT2865317.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"http://uTorrentBarNL.OurToolbar.com/\",\"EB_TOOLBAR_ID\":\"CT2865317\",\"EB_TOOLBAR_VERSION\":\"10.10.27.6\",\"EB_ORIGINAL_CTID\":\"CT2865317\",\"EB_DOWNLOAD_PAGE\":\"http://uTorrentBarNL.OurToolbar.com/\",\"EB_TOOLBAR_NAME\":\"uTorrentBar_NL\"}"); user_pref("CT2865317.openThankYouPage", "true"); user_pref("CT2865317.openUninstallPage", "FALSE"); user_pref("CT2865317.search.searchAppId", "129363015615338104"); user_pref("CT2865317.search.searchCount", "0"); user_pref("CT2865317.searchInNewTabEnabledInHidden", "true"); user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2865317\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://uTorrentBarNL.OurToolbar.com//xpi\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_NL\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351256843468"); user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1351344293787"); user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351256843393"); user_pref("CT2865317.serviceLayer_services_login_10.10.27.6_lastUpdate", "1351344298653"); user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351256843232"); user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1351256841718"); user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1351344033568"); user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351256843259"); user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1351344298955"); user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1351344033985"); user_pref("CT2865317.settingsINI", true); user_pref("CT2865317.shouldFirstTimeDialog", "false"); user_pref("CT2865317.smartbar.CTID", "CT2865317"); user_pref("CT2865317.smartbar.Uninstall", "0"); user_pref("CT2865317.smartbar.homepage", true); user_pref("CT2865317.smartbar.isHidden", true); user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL "); user_pref("CT2865317.startPage", "userChanged"); user_pref("CT2865317.toolbarBornServerTime", "26-10-2012"); user_pref("CT2865317.toolbarCurrentServerTime", "27-10-2012"); user_pref("CT2865317.toolbarDisabled", "true"); user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q="); user_pref("Smartbar.keywordURLSelectedCTID", "CT2865317"); user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q="); ---- Lines CT2865317 modified from prefs.js ---- ---- Lines conduit removed from prefs.js ---- ---- Lines conduit modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines Web Search removed from prefs.js ---- ---- Lines Web Search modified from prefs.js ---- ---- Lines Customized removed from prefs.js ---- ---- Lines Customized modified from prefs.js ---- ---- Lines smartbar removed from prefs.js ---- ---- Lines smartbar modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20132307_1918_.backup ==== Deleting Files \ Folders ====================== "C:\Users\Mathias\AppData\Roaming\DVDSubEdit.ini" deleted "C:\Windows\SysNative\roboot64.exe" deleted "C:\END" deleted "C:\Windows\Syswow64\tmp31F1.tmp" deleted "C:\Windows\Syswow64\tmp31F2.tmp" deleted "C:\Windows\Syswow64\tmp8A10.tmp" deleted "C:\Windows\Syswow64\tmp8A11.tmp" deleted "C:\Windows\Syswow64\tmp8D87.tmp" deleted "C:\Windows\Syswow64\tmp8DB7.tmp" deleted "C:\Windows\Syswow64\tmpA6AB.tmp" deleted "C:\Windows\Syswow64\tmpA6AC.tmp" deleted "C:\Windows\Syswow64\tmpC09A.tmp" deleted "C:\Windows\Syswow64\tmpC0BA.tmp" deleted "C:\Windows\Syswow64\tmpC5B4.tmp" deleted "C:\Windows\Syswow64\tmpF4DA.tmp" deleted "C:\Windows\Syswow64\tmpF4DB.tmp" deleted "C:\Program Files (x86)\SoftwareUpdater" deleted "C:\Program Files (x86)\Conduit" deleted "C:\Users\Mathias\AppData\Roaming\Common" deleted "C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers" deleted "C:\ProgramData\Trymedia" deleted "C:\Users\Mathias\AppData\Local\CRE" deleted "C:\Users\Mathias\AppData\Local\Conduit" deleted "C:\Users\Mathias\AppData\LocalLow\facemoods.com" deleted "C:\Users\Mathias\AppData\LocalLow\Conduit" deleted "C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\irv6jvzz.default\CT2865317" deleted "C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\irv6jvzz.default\CT2865317" deleted "C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\irv6jvzz.default\smartbar" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\irv6jvzz.default - avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - DoNotTrackMe - %ProfilePath%\extensions\donottrackplus@abine.com - Facemoods - %ProfilePath%\extensions\ffxtlbr@Facemoods.com - Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} - Googlebar Lite - %ProfilePath%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - QuickStores-Toolbar - %AppDir%\extensions\quickstores@quickstores.de - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\irv6jvzz.default 3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleting Files \ Folders ====================== "C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\irv6jvzz.default\extensions\ffxtlbr@Facemoods.com" deleted "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Mathias\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Mathias\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] uTorrentBar_NL - Mathias - Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb ==== Chrome Fix ====================== C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjofdnhdkbflacojpfpkchgafjahijbb_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {34180308-4A78-4753-83CB-2901D801C09B} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mathias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Mathias\AppData\Local\Mozilla\Firefox\Profiles\irv6jvzz.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Mathias\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 23/07/2013 at 19:21:12,63 ======================