Zoek.exe v5.0.0.0 Updated 19-10-2014 Tool run by Acer on mar. 21/10/2014 at 20:47:52,60. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\FWFXBUII\zoek[1].exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-10-20-175739.log 21406 bytes C:\zoek-results2014-10-20-180604.log 451 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\ppswci31.default user.js not found ---- Lines {121761af-0fa5-4896-a2a8-cfdbac4e4982} removed from prefs.js ---- user_pref("extensions.{121761af-0fa5-4896-a2a8-cfdbac4e4982}.install-event-fired", true); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.daysPassed", "{\"t2d\":true}"); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.installtime", "1413628284.563"); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.isFirstRun", "false"); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.is_bundle", "true"); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.lastC", "{\"sm\":392675,\"li\":392729,\"mo\":392729}"); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.last_version", ""); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.moEnabled", true); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.server", "https://s7902.webovernet.com"); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.src", "7902"); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.toolbarButtonInstalled", true); user_pref("{121761af-0fa5-4896-a2a8-cfdbac4e4982}.user_id", "0764A524-A8A9-4C48-8879-08C057FFE446"); ---- Lines {121761af-0fa5-4896-a2a8-cfdbac4e4982} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_20142110_2138_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_USERS\S-1-5-21-869750193-3137500025-2304659736-1006\Software\Microsoft\Windows\CurrentVersion\Run] "E381F2E238EE3DC9FDE38C230D0B02CCE46AFC76._service_run"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ==== Deleting Files \ Folders ====================== "C:\WINDOWS\tasks\avast\Undetermined Task.exe" not found C:\Documents and Settings\Acer\Application Data\0F1L1I1P0H1L1E1E1F deleted C:\Documents and Settings\Acer\Application Data\WebExtend deleted C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\ppswci31.default\extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/08/2014 22:59] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\ppswci31.default - Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be - avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - Undetermined - {20a82645-c095-46ed-80e3-08825760534b} - Undetermined - belgiumeid@eid.belgium.be - Undetermined - wrc@avast.com - Undetermined - {121761af-0fa5-4896-a2a8-cfdbac4e4982} - Undetermined - adblockpopups@jessehakanen.net - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\ppswci31.default 40AAE0A1A4F664828DF5A95875AEA1C8 - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll - Google Update E1D11A8FE50FB05688ABB2F48ED7C42F - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5 F1853C775D0F4407CB7E42B558713217 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5 6A31F8884BC732C40CCB37E67FCC3EC7 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5 AD8BF6E9632C1F8AC7BB25419C0C5588 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5 3AAD9884517B1BF449B41553AB7811A9 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5 3CD19649B2C3023D65E67C056457A2BC - C:\Documents and Settings\Acer\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In BE40D3882DCDC3E4BD8B284B8D5F4FDB - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ 1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/08/2014 09:14] avast Online Security - Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE424" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Reset Google Chrome ====================== C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Acer\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\FWFXBUII will be deleted at reboot C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=199 folders=91 22097986 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Acer\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\Acer\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\FWFXBUII" not found ==== EOF on mar. 21/10/2014 at 22:02:00,20 ======================