
Zoek.exe v5.0.0.0 Updated 21-05-2014
Tool run by The Grey Knight on di 08-07-2014 at 19:00:45,59.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\The Grey Knight\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

8-7-2014 19:05:12 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\NeroInstall.bak deleted successfully
C:\Program Files\trend micro deleted successfully
C:\Program Files\webget deleted successfully
C:\PROGRA~2\HDBR31 deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\ProductData deleted successfully
C:\PROGRA~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\PROGRA~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} deleted successfully
C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\The Grey Knight\AppData\Roaming\QuickScan deleted successfully
C:\Users\The Grey Knight\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1444041238-1672014317-2177485595-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\THEGRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\grpcwonp.default

---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites02_14_18_ff");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtCyC0E0A0DyC0DyB0EyE0CyB0D0CtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1
user_pref("extensions.irmysearch.cr", "1243095239");
user_pref("extensions.irmysearch.instlRef", "140305_a");
---- Lines mysearch removed from user.js ----

user_pref("extensions.irmysearch.aflt", "dsites02_14_18_ff");
user_pref("extensions.irmysearch.instlRef", "140305_a");
user_pref("extensions.irmysearch.cr", "1243095239");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtCyC0E0A0DyC0DyB0EyE0CyB0D0CtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0Dzzzy0EyDzztAtGtCyEyDtAtGtA0E0DzztGtCyC0FtCtGtA0FzyyC0CtAzytCyE0E0BtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzz0EyCtB0ByEyEtG0Dzy0E0BtG0B0E0FtAtGtD0C0AyEtGtB0CyE0A0D0F0CtBtC0D0D0D2Q");

---- FireFox user.js and prefs.js backups ---- 

user_08-07-2014_1913_.backup
prefs_08-07-2014_1913_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} not found
C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\Users\The Grey Knight\AppData\Roaming\Mozilla\Firefox\Profiles\grpcwonp.default\extensions\ascsurfingprotection@iobit.com deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\System32\Tasks\MySearchDial deleted
C:\Windows\Tasks\MySearchDial.job deleted
C:\Windows\wininit.ini deleted
C:\Users\THEGRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\grpcwonp.default\searchplugins\Mysearchdial.xml deleted
"C:\Users\The Grey Knight\AppData\Roaming\Mozilla\Firefox\Profiles\grpcwonp.default\searchplugins\badoo.xml" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\THEGRE~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2014-06-11 01:34:00	C7B0746FCD576D7EEBA6A2530B0B2966	905664	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2014-06-10 00:06:08	E987A9CB539147527F56943BB34B7375	142936	----a-w-	C:\Windows\System32\drivers\SYMEVENT.SYS
2014-06-10 00:06:08	A56FDE291912C739D5EDC705B4552D19	805	----a-w-	C:\Windows\System32\drivers\SYMEVENT.INF
2014-06-10 00:06:08	8128DD4852B101ABD9CFB2B93B7EEC0E	8194	----a-w-	C:\Windows\System32\drivers\SYMEVENT.CAT
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\The Grey Knight\AppData\Roaming ======
====== C:\Users\The Grey Knight ======
2014-07-07 20:24:29	F1198794F3913A87544733520DBF19FA	347440	----a-w-	C:\Users\The Grey Knight\Desktop\MicrosoftFixit-portable.exe
2014-07-07 19:03:18	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\The Grey Knight\Desktop\RSIT.exe
2014-07-07 17:23:04	CDD423A8D4CA07E69C0F5DEF08BCAB88	56	----a-w-	C:\Users\The Grey Knight\Desktop\RestoreDiagnosticPolicyServiceWindowsVista.bat

====== C: exe-files ==
2014-07-07 20:24:29	F1198794F3913A87544733520DBF19FA	347440	----a-w-	C:\Users\The Grey Knight\Desktop\MicrosoftFixit-portable.exe
2014-07-07 19:03:18	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\The Grey Knight\Desktop\RSIT.exe
=== C: other files ==
2014-07-07 17:23:04	CDD423A8D4CA07E69C0F5DEF08BCAB88	56	----a-w-	C:\Users\The Grey Knight\Desktop\RestoreDiagnosticPolicyServiceWindowsVista.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-1444041238-1672014317-2177485595-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"FSCRecovery"="c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe"
"Skytel"="Skytel.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""


==== Startup Folders ======================

2014-07-02 00:44:36	1121	----a-w-	C:\Users\The Grey Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2014-02-11 21:10:53	2505	----a-w-	C:\Users\The Grey Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14-05-2014 04:16]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton 360\Engine\21.3.0.12\WSCStub.exe"]
"C:\Windows\system32\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe]
"C:\Windows\system32\tasks\Norton 360\Norton Error Processor" [C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [08-07-2014 18:52]

==== Firefox Extensions ======================

ProfilePath: C:\Users\THEGRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\grpcwonp.default
- Undetermined - C:\Users\The Grey Knight\AppData\Roaming\Mozilla\Firefox\Profiles\grpcwonp.default\extensions\ascsurfingprotection@iobit.com

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\The Grey Knight\AppData\Roaming\Mozilla\Firefox\Profiles\grpcwonp.default
A58DE0A570148AF5FF3512B2A340D09F	- C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll -	Shockwave Flash
A32402A7A2AC60B5422255DF020EC44A	- C:\Program Files\DivX\DivX Web Player\npdivx32.dll -	DivX Plus Web Player
025BBEF5A248B09BDC6684747F6EB5BC	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9	- C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -	Java Deployment Toolkit 7.0.550.14
3220B1254AEF7A191187EC03F51B3D61	- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
B2576571746839180833E048AC2CCA5C	- C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
86244E1B6D062BBE2B91AA5DA7376806	- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll -	DivX VOD Helper Plug-in
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx[28-04-2014 14:52]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
"Search Bar"="http://www.bing.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.mysearchdial.com/?f=1&a=dsites02_14_18_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyC0E0A0DyC0DyB0EyE0CyB0D0CtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0Dzzzy0EyDzztAtGtCyEyDtAtGtA0E0DzztGtCyC0FtCtGtA0FzyyC0CtAzytCyE0E0BtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzz0EyCtB0ByEyEtG0Dzy0E0BtG0B0E0FtAtGtD0C0AyEtGtB0CyE0A0D0F0CtBtC0D0D0D2Q&cr=1243095239&ir="
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.nl/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{77AA745B-F4F8-45DA-9B14-61D2D95054C8} @ieframe.dll,-12512  Url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\The Grey Knight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=11 6788692 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\The Grey Knight\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\THEGRE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\The Grey Knight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on di 08-07-2014 at 19:18:27,10 ======================