Zoek.exe Version 4.0.0.5 Updated 14-November-2013 Tool run by Janice Tooi on za 23-11-2013 at 8:19:03,42. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Janice Tooi\Bureaublad\zoek\zoek.exe [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23-11-2013 8:21:43 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Common Files\SWF Studio deleted successfully C:\Documents and Settings\All Users\Application Data\Fighters deleted successfully C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully C:\Documents and Settings\All Users\Application Data\PCSettings deleted successfully C:\Documents and Settings\LocalService\Application Data\Fighters deleted successfully C:\Documents and Settings\Janice Tooi\Application Data\AdobeUM deleted successfully C:\Documents and Settings\Janice Tooi\Application Data\Fighters deleted successfully C:\Documents and Settings\Janice Tooi\Application Data\.# deleted successfully C:\Documents and Settings\Janice Tooi\Application Data\Systweak deleted successfully C:\Documents and Settings\Janice Tooi\Application Data\searchresultstb deleted successfully C:\Documents and Settings\Janice Tooi\Application Data\Nico Mak Computing deleted successfully C:\Documents and Settings\Janice Tooi\Local Settings\Application Data\Orange deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3971499861-2102083995-271423664-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} deleted successfully HKEY_USERS\S-1-5-21-3971499861-2102083995-271423664-1006\Software\Microsoft\Internet Explorer\SearchScopes\{458C6BC7-C321-CAF3-0843-791BCF95C288} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\SweetIM not found C:\Program Files\Conduit deleted C:\FOUND.000 deleted C:\FOUND.010 deleted C:\FOUND.011 deleted C:\FOUND.012 deleted C:\FOUND.013 deleted C:\FOUND.014 deleted C:\FOUND.015 deleted C:\FOUND.016 deleted C:\FOUND.017 deleted C:\FOUND.018 deleted C:\FOUND.019 deleted C:\FOUND.020 deleted C:\FOUND.021 deleted C:\FOUND.022 deleted C:\FOUND.023 deleted C:\FOUND.024 deleted C:\FOUND.025 deleted C:\FOUND.026 deleted C:\FOUND.027 deleted C:\FOUND.028 deleted C:\Documents and Settings\Janice Tooi\Application Data\somotomoviestoolbar1 deleted C:\Documents and Settings\Janice Tooi\Application Data\DigitalSite deleted C:\Documents and Settings\Janice Tooi\Application Data\zulagames deleted C:\Documents and Settings\Janice Tooi\Application Data\MetaCrawler deleted C:\Documents and Settings\Janice Tooi\Application Data\SpeedAnalysis3 deleted C:\Documents and Settings\Janice Tooi\Application Data\Babylon deleted C:\Documents and Settings\Janice Tooi\Application Data\PriceGong deleted C:\Documents and Settings\All Users\Application Data\Ask deleted C:\Documents and Settings\All Users\Application Data\BitGuard deleted C:\Documents and Settings\All Users\Application Data\SweetIM deleted C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive deleted C:\Documents and Settings\All Users\Application Data\IBUpdaterService deleted C:\Documents and Settings\Janice Tooi\Local Settings\Application Data\APN deleted C:\Documents and Settings\Janice Tooi\Local Settings\Application Data\BonanzaDealsLive deleted C:\Documents and Settings\Janice Tooi\Local Settings\Application Data\Conduit deleted C:\WINDOWS\tasks\EPUpdater.job deleted C:\WINDOWS\tasks\At1.job deleted C:\WINDOWS\tasks\At2.job deleted C:\user.js deleted C:\WINDOWS\system32\roboot.exe deleted C:\Documents and Settings\Janice Tooi\AppData\LocalLow\DataMngr deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2013-11-13 13:48:42 6F8B91D74C9ED3046850BD4EADD029BB 1393 ----a-w- C:\WINDOWS\imsins.BAK ====== C:\DOCUME~1\JANICE~1\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== 2013-11-14 10:52:10 2742DAAD8885C3FF6CF52169B06B61AF 47960 ----a-r- C:\WINDOWS\System32\drivers\SymIM.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-11-18 03:30:34 -------- d-----w- C:\Program Files\trend micro 2013-11-13 13:14:25 3059176 ----a-w- C:\Program Files\NPE.exe ======= C: ===== ====== C:\Documents and Settings\Janice Tooi\Application Data ====== 2013-11-18 01:30:35 -------- d-----w- C:\Documents and Settings\Janice Tooi\Local Settings\Application Data\NPE ====== C:\Documents and Settings\Janice Tooi ====== 2013-11-13 13:08:01 -------- d--h--r- C:\Documents and Settings\Janice Tooi\Onlangs geopend ====== C: exe-files == 2013-11-18 03:30:35 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Janice Tooi.exe === C: other files == 2013-11-23 07:11:51 7C48747731C50F55A718AA4D3B9B3E86 2527378 ----a-w- C:\Documents and Settings\Janice Tooi\Local Settings\Temporary Internet Files\Content.IE5\Z75DNG50\Z-Analyse[1].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-3971499861-2102083995-271423664-1006\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" "Alcmtr"="ALCMTR.EXE" "HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" "SkyTel"="SkyTel.EXE" "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09-10-2013 18:02] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15-07-2011 22:25] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15-07-2011 22:25] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF" [13-11-2013 16:15] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fdloijijlkoblmigdofommgnheckmaki - No path found[] jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Documents and Settings\Janice Tooi\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx[06-10-2013 04:26] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" "Search Page"="http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com" "Default_Page_URL"="http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HTS541080G9AT00_MP28XBXBH4GBESH4GBESX&ts=1381065563" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HTS541080G9AT00_MP28XBXBH4GBESH4GBESX&ts=1381065563" "Start Page"="https://www.google.nl/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HTS541080G9AT00_MP28XBXBH4GBESH4GBESX&ts=1381065563&type=default&q={searchTerms}" "CustomizeSearch"="http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HTS541080G9AT00_MP28XBXBH4GBESH4GBESX&ts=1381065563&type=default&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{458C6BC7-C321-CAF3-0843-791BCF95C288}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{458C6BC7-C321-CAF3-0843-791BCF95C288}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {52db1893-8a90-4192-aede-08e00b8f8473} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {75b4241f-171e-44a3-bf44-23613b6e3e03} Unknown Url="Not_Found" {EEE6C360-6118-11DC-9C72-001320C79847} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3971499861-2102083995-271423664-1006\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} deleted successfully HKEY_USERS\S-1-5-21-3971499861-2102083995-271423664-1006\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully HKEY_USERS\S-1-5-21-3971499861-2102083995-271423664-1006\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Janice Tooi\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\Janice Tooi\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\JANICE~1\LOCALS~1\Temp successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\Janice Tooi\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on za 23-11-2013 at 8:45:05,29 ======================