Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Can't Remove GoSSave Extension From Google Chrome
Message
<blockquote data-quote="Rich K" data-source="post: 337927" data-attributes="member: 33441"><p>Apologies for jumping the gun with my previous replies. My computer just finished rebooting after the Zoek scan was completed, and here is the complete information provided in the txt file:</p><p></p><p>Zoek.exe v5.0.0.0 Updated 18-01-2015</p><p>Tool run by Rich on Thu 01/22/2015 at 13:42:16.88.</p><p>Microsoft Windows 8.1 6.3.9600 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Rich\Downloads\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== System Restore Info ======================</p><p></p><p>1/22/2015 1:42:59 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully</p><p>C:\PROGRA~2\SearchProtect deleted successfully</p><p>C:\Users\Rich\AppData\Roaming\DigitalSite deleted successfully</p><p>C:\Users\Rich\AppData\Roaming\Malwarebytes deleted successfully</p><p>C:\Users\Rich\AppData\Roaming\New Version Available deleted successfully</p><p>C:\Users\Rich\AppData\Roaming\SearchProtect deleted successfully</p><p>C:\Users\Rich\AppData\Local\1Click DVD Copy deleted successfully</p><p>C:\Users\Rich\AppData\Local\CRE deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== FireFox Fix ======================</p><p></p><p>ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default</p><p></p><p>user.js not found</p><p>---- Lines CT3289847 removed from prefs.js ----</p><p>user_pref("CT3289847.FF19Solved", "true");</p><p>user_pref("CT3289847.UserID", "UN19686702141941923");</p><p>user_pref("CT3289847.browser.search.defaultthis.engineName", "true");</p><p>user_pref("CT3289847.installDate", "12/4/2013 9:55:24");</p><p>user_pref("CT3289847.installerVersion", "1.3.7.3");</p><p>user_pref("CT3289847.keyword", "true");</p><p>---- Lines conduit removed from prefs.js ----</p><p>user_pref("Smartbar.ConduitHomepagesList", "<a href="http://search.conduit.com/?ctid=CT2998365&octid=CT2998365&SearchSource=61&CUI=UN77427085166961665&UM=2&UP=" target="_blank">http://search.conduit.com/?ctid=CT2998365&octid=CT2998365&SearchSource=61&CUI=UN77427085166961665&UM=2&UP=</a></p><p>user_pref("Smartbar.ConduitSearchEngineList", "Trustworthy Customized Web Search");</p><p>user_pref("Smartbar.ConduitSearchUrlList", "<a href="http://search.conduit.com/ResultsExt.aspx?octid=CT2998365&ctid=CT2998365&SearchSource=2&CUI=UN774270851669" target="_blank">http://search.conduit.com/ResultsExt.aspx?octid=CT2998365&ctid=CT2998365&SearchSource=2&CUI=UN774270851669</a></p><p>user_pref("Smartbar.SearchFromAddressBarSavedUrl", "<a href="http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN17387752752375220&UM" target="_blank">http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN17387752752375220&UM</a></p><p>---- Lines Web Search removed from prefs.js ----</p><p>user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");</p><p>---- Lines smartbar removed from prefs.js ----</p><p>user_pref("Smartbar.keywordURLSelectedCTID", "CT2998365");</p><p>user_pref("smartbar.machineId", "ULH2J+CZKKLLLHD/A3TI+3TY3/CTJ7RHCPLGK2F0WBCNDVUA7O/VF4L3XW7XJIVPDX8NZMIHGQWVTKPOUOWOIG");</p><p>---- Lines extensions.CE6nZbjolBLHrfdw removed from prefs.js ----</p><p>user_pref("extensions.CE6nZbjolBLHrfdw.epoch", "1410872607");</p><p>user_pref("extensions.CE6nZbjolBLHrfdw.url", "<a href="http://superiend.info/sync2/?q=hfZ9ofbMDMnMCyVUojw6tMqLDe49CNU0llrMCMlNhd9Fqda4rjwFpjs9qjgMBzqUojw9rdUFr" target="_blank">http://superiend.info/sync2/?q=hfZ9ofbMDMnMCyVUojw6tMqLDe49CNU0llrMCMlNhd9Fqda4rjwFpjs9qjgMBzqUojw9rdUFr</a></p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p>prefs_20150122_0151_.backup</p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\Users\Rich\AppData\LocalLow\Conduit deleted</p><p>C:\Users\Rich\AppData\LocalLow\Trustworthy deleted</p><p>C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted</p><p>C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted</p><p>C:\PROGRA~2\LG Software Innovations deleted</p><p>C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted</p><p>C:\PROGRA~2\Conduit deleted</p><p>C:\SearchProtect deleted</p><p>C:\Users\Rich\AppData\Roaming\WB.CFG deleted</p><p>C:\PROGRA~3\AVG Security Toolbar deleted</p><p>C:\PROGRA~3\eBay deleted</p><p>C:\Users\Rich\AppData\Local\Conduit deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted</p><p>C:\WINDOWS\tasks\DigitalSite.job deleted</p><p>C:\windows\SysNative\tasks\DigitalSite deleted</p><p>C:\end deleted</p><p>C:\windows\SysNative\GroupPolicy\Machine deleted</p><p>C:\windows\SysNative\GroupPolicy\User deleted</p><p>C:\windows\SysNative\GroupPolicy\GPT.INI deleted</p><p>C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted</p><p>C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default\searchplugins\safeguard-secure-search.xml deleted</p><p>"C:\PROGRA~3\d4da7409d1e34429\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140911152519" deleted</p><p>"C:\PROGRA~3\d4da7409d1e34429" deleted</p><p></p><p>==== Firefox Start and Search pages ======================</p><p></p><p>ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default</p><p>user_pref("browser.startup.homepage", "<a href="https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com" target="_blank">https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https://mail.yahoo.com</a>");</p><p>user_pref("browser.search.defaultenginename", "Google");</p><p>user_pref("browser.search.selectedEngine", "AVG Secure Search");</p><p>user_pref("keyword.URL", "");</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:firefox@passwordbox.com">firefox@passwordbox.com</a>"="C:\Program Files (x86)\PasswordBox\Firefox" [11/21/2013 09:00 AM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default</p><p>8560995C727974F27F2A1CE68909FEB9 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll - Shockwave Flash</p><p></p><p></p><p>==== Fake Chromium Profiles Check ======================</p><p></p><p>Fake profile C:\Users\Administrator\AppData\Local\Torch deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Torch deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted</p><p>Fake profile C:\Users\Rich\AppData\Local\Torch deleted</p><p>Fake profile C:\Users\Rich\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Rich\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Rich\AppData\Local\Chromatic Browser deleted</p><p></p><p>==== Chromium Look ======================</p><p></p><p>Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Rich\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[]</p><p></p><p>Google Voice Search Hotword (Beta) - Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>GoSSave - Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbcmbgmkogedoobplmcdglilpnfiked</p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage deleted successfully</p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal deleted successfully</p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully</p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully</p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully</p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully</p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbcmbgmkogedoobplmcdglilpnfiked deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.msn.com/?pc=MSE1" target="_blank">http://www.msn.com/?pc=MSE1</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.msn.com/?pc=MSE1" target="_blank">http://www.msn.com/?pc=MSE1</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{7D0B0A89-904A-4D21-A99D-F148795FDCAD}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02</a>"</p><p>{7D0B0A89-904A-4D21-A99D-F148795FDCAD} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Rich\AppData\Local\Mozilla\Firefox\Profiles\t4tj16vu.default\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>No Java Cache Found</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=341 folders=79 67412870 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\ADMINI~1\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\Rich\AppData\Local\Temp will be emptied at reboot</p><p>C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\WINDOWS\Temp successfully emptied</p><p>C:\Users\Rich\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== EOF on Thu 01/22/2015 at 13:56:58.98 ======================</p></blockquote><p></p>
[QUOTE="Rich K, post: 337927, member: 33441"] Apologies for jumping the gun with my previous replies. My computer just finished rebooting after the Zoek scan was completed, and here is the complete information provided in the txt file: Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by Rich on Thu 01/22/2015 at 13:42:16.88. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Rich\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 1/22/2015 1:42:59 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\SearchProtect deleted successfully C:\Users\Rich\AppData\Roaming\DigitalSite deleted successfully C:\Users\Rich\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Rich\AppData\Roaming\New Version Available deleted successfully C:\Users\Rich\AppData\Roaming\SearchProtect deleted successfully C:\Users\Rich\AppData\Local\1Click DVD Copy deleted successfully C:\Users\Rich\AppData\Local\CRE deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default user.js not found ---- Lines CT3289847 removed from prefs.js ---- user_pref("CT3289847.FF19Solved", "true"); user_pref("CT3289847.UserID", "UN19686702141941923"); user_pref("CT3289847.browser.search.defaultthis.engineName", "true"); user_pref("CT3289847.installDate", "12/4/2013 9:55:24"); user_pref("CT3289847.installerVersion", "1.3.7.3"); user_pref("CT3289847.keyword", "true"); ---- Lines conduit removed from prefs.js ---- user_pref("Smartbar.ConduitHomepagesList", "[URL]http://search.conduit.com/?ctid=CT2998365&octid=CT2998365&SearchSource=61&CUI=UN77427085166961665&UM=2&UP=[/URL] user_pref("Smartbar.ConduitSearchEngineList", "Trustworthy Customized Web Search"); user_pref("Smartbar.ConduitSearchUrlList", "[URL]http://search.conduit.com/ResultsExt.aspx?octid=CT2998365&ctid=CT2998365&SearchSource=2&CUI=UN774270851669[/URL] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "[URL]http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN17387752752375220&UM[/URL] ---- Lines Web Search removed from prefs.js ---- user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search"); ---- Lines smartbar removed from prefs.js ---- user_pref("Smartbar.keywordURLSelectedCTID", "CT2998365"); user_pref("smartbar.machineId", "ULH2J+CZKKLLLHD/A3TI+3TY3/CTJ7RHCPLGK2F0WBCNDVUA7O/VF4L3XW7XJIVPDX8NZMIHGQWVTKPOUOWOIG"); ---- Lines extensions.CE6nZbjolBLHrfdw removed from prefs.js ---- user_pref("extensions.CE6nZbjolBLHrfdw.epoch", "1410872607"); user_pref("extensions.CE6nZbjolBLHrfdw.url", "[URL]http://superiend.info/sync2/?q=hfZ9ofbMDMnMCyVUojw6tMqLDe49CNU0llrMCMlNhd9Fqda4rjwFpjs9qjgMBzqUojw9rdUFr[/URL] ---- FireFox user.js and prefs.js backups ---- prefs_20150122_0151_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\Users\Rich\AppData\LocalLow\Conduit deleted C:\Users\Rich\AppData\LocalLow\Trustworthy deleted C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted C:\PROGRA~2\LG Software Innovations deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\Conduit deleted C:\SearchProtect deleted C:\Users\Rich\AppData\Roaming\WB.CFG deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\eBay deleted C:\Users\Rich\AppData\Local\Conduit deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\WINDOWS\tasks\DigitalSite.job deleted C:\windows\SysNative\tasks\DigitalSite deleted C:\end deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default\searchplugins\safeguard-secure-search.xml deleted "C:\PROGRA~3\d4da7409d1e34429\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140911152519" deleted "C:\PROGRA~3\d4da7409d1e34429" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default user_pref("browser.startup.homepage", "[URL]https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com[/URL]"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "AVG Secure Search"); user_pref("keyword.URL", ""); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]firefox@passwordbox.com[/email]"="C:\Program Files (x86)\PasswordBox\Firefox" [11/21/2013 09:00 AM] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\t4tj16vu.default 8560995C727974F27F2A1CE68909FEB9 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll - Shockwave Flash ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Guest\AppData\Local\Torch deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Rich\AppData\Local\Torch deleted Fake profile C:\Users\Rich\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Rich\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Rich\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Rich\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[] Google Voice Search Hotword (Beta) - Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn GoSSave - Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbcmbgmkogedoobplmcdglilpnfiked ==== Chromium Fix ====================== C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage deleted successfully C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal deleted successfully C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbcmbgmkogedoobplmcdglilpnfiked deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.msn.com/?pc=MSE1[/URL]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.msn.com/?pc=MSE1[/URL]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{7D0B0A89-904A-4D21-A99D-F148795FDCAD}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[URL]http://www.google.com/search?q={searchTerms}[/URL]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02[/URL]" {7D0B0A89-904A-4D21-A99D-F148795FDCAD} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02[/URL]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Rich\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Rich\AppData\Local\Mozilla\Firefox\Profiles\t4tj16vu.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=341 folders=79 67412870 bytes) ==== Empty Temp Folders ====================== C:\Users\ADMINI~1\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Rich\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Rich\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Thu 01/22/2015 at 13:56:58.98 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top