Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by michel on vr 17-05-2013 at 19:53:20,84.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
A
C:\zoek-results17-05-2013-1837.log 19111 bytes
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
"65533:TCP"="65533:TCP:*:Enabled:Services"
"52344:TCP"="52344:TCP:*:Enabled:Services"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"40820:TCP"="40820:TCP:*:Enabled:utorrend"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{91A013F8-7E91-4575-8737-46161BBCF282} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-583907252-854245398-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{D4A0D2F4-138B-474D-9782-5E1BA54397C6} deleted successfully
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default
---- Lines BabylonToolbar removed from prefs.js ----
---- Lines BabylonToolbar modified from prefs.js ----
---- Lines BabylonToolbar removed from user.js ----
user_pref("extensions.BabylonToolbar_i.id", "cc822aff00000000000000196670b375");
user_pref("extensions.BabylonToolbar_i.hardId", "cc822aff00000000000000196670b375");
user_pref("extensions.BabylonToolbar_i.instlDay", "15373");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:01:57");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
---- Lines conduit removed from prefs.js ----
---- Lines conduit modified from prefs.js ----
---- Lines SweetIM removed from prefs.js ----
user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.urls.homepage", "
http://home.sweetim.com");
---- Lines SweetIM modified from prefs.js ----
---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ----
---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
user_17-05-2013_1956_.backup
prefs_17-05-2013_1956_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"40820:TCP"=-
==== Deleting Files \ Folders ======================
"C:\user.js" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\searchplugins\sweetim.xml" deleted
"C:\WINDOWS\tasks\WinMaximizer-michel-Startup.job" deleted
"C:\WINDOWS\SET3.tmp" deleted
"C:\WINDOWS\SET4.tmp" deleted
"C:\WINDOWS\SET8.tmp" deleted
"C:\user.js" deleted
"C:\WINDOWS\system32\roboot.exe" deleted
"C:\WINDOWS\System32\CONFIG.TMP" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\bProtector_extensions.rdf" deleted
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgcommon.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgcommunication.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgconfig.dll" deleted
"C:\Program Files\SweetIM\Messenger\mghooking.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgsimcommon.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll" deleted
"C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll" deleted
"C:\Program Files\SweetIM\Messenger\msvcp71.dll" deleted
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" not deleted
"C:\Program Files\SweetIM\Messenger\SweetIM.exe" deleted
"C:\Documents and Settings\michel\Application Data\Temp" deleted
"C:\Program Files\TornTV.com" deleted
"C:\Program Files\1ClickDownload" deleted
"C:\Program Files\Ask.com" deleted
"C:\Program Files\SweetIM" not deleted
"C:\Program Files\Conduit" deleted
"C:\Documents and Settings\michel\Application Data\Babylon" deleted
"C:\Documents and Settings\michel\Application Data\Systweak" deleted
"C:\Documents and Settings\All Users\Application Data\InstallMate" deleted
"C:\Documents and Settings\All Users\Application Data\Premium" deleted
"C:\Documents and Settings\All Users\Application Data\Tarma Installer" deleted
"C:\Documents and Settings\All Users\Application Data\SweetIM" deleted
"C:\Documents and Settings\michel\Menu Start\Programma's\TornTV.com" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\AskToolbar" deleted
"C:\Documents and Settings\All Users\Application Data\Babylon" deleted
"C:\Documents and Settings\All Users\Application Data\OptimizerPro" deleted
"C:\Documents and Settings\All Users\Application Data\BrowserProtect" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\CRE" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\uTorrentBar_NL" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\Conduit" deleted
"C:\Documents and Settings\michel\Local Settings\Application Data\CRE" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\
ffxtlbr@babylon.com" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\
engine@conduit.com" deleted
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}" deleted
"C:\Program Files\SweetIM\Messenger" not deleted
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default
- Bcool - %ProfilePath%\extensions\
5018bbc3a39a0@5018bbc3a39d9.info
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Torntv 2 - %ProfilePath%\extensions\
torntv2@torntv.com.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
==== Deleting Files \ Folders ======================
"C:\Documents and Settings\michel\Application Data\Mozilla\Firefox\Profiles\1uum2u7v.default\extensions\
5018bbc3a39a0@5018bbc3a39d9.info" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Documents and Settings\michel\Local Settings\Application Data\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]
dlllpjkblkegaklpondemeanabheejog - C:\Documents and Settings\All Users\Application Data\Bcool\dlllpjkblkegaklpondemeanabheejog.crx[]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Documents and Settings\michel\Local Settings\Application Data\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]
YouTube - michel - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - michel - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AVG Safe Search - michel - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Gmail - michel - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Documents and Settings\michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.nl/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.nl/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{91A013F8-7E91-4575-8737-46161BBCF282}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="
http://www.google.com/search?q={searchT ... {startPage}"
{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="
http://isearch.avg.com/search?cid={FA3F ... 2012-06-06"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlllpjkblkegaklpondemeanabheejog deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\michel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Documents and Settings\michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\michel\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" not found
"C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\michel\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\SweetIM" not found
==== EOF on vr 17-05-2013 at 20:01:25,71 ======================