Display-settings and Savifier removal

michael jackson

michael jackson

New Member
Thread author
Dec 15, 2014
2
Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by TonyTonyJ on Mon 12/15/2014 at 12:13:15.54.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TonyTonyJ\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 12:16:09.54 =====

--- Create Environment Variables 12:16:11.28
--- Create System Restore Point 12:16:18.45
--- Checking Input 12:16:20.08
--- AU AppData Check 12:16:26.22
--- Remove From Windows Installer 12:16:29.25
 
michael jackson

michael jackson

New Member
Thread author
Dec 15, 2014
2
ok i have this display settings bug... i did as you instructed - my system just rebooted and started with the results on notepad - just as you described.
here are the results:


Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by TonyTonyJ on Mon 12/15/2014 at 12:13:15.54.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TonyTonyJ\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/15/2014 12:16:19 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\ZJMedia deleted successfully
C:\Program Files\002 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\TonyTonyJ\AppData\Local\VisualBeeExe deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default

---- Lines AtuZi removed from prefs.js ----
user_pref("extensions.AtuZi.asul", "1405212550644");
user_pref("extensions.AtuZi.aul", "1405213686858");
user_pref("extensions.AtuZi.irl", true);
user_pref("extensions.AtuZi.is", "cbslugp1");
user_pref("extensions.AtuZi.ug", "90A3AC2C-0A18-45D5-AFFC-5A630679A3AD");
---- FireFox user.js and prefs.js backups ----

user_20141215_1229_.backup
prefs_20141215_1229_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\600440862 deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted
C:\PROGRA~2\PowerPoint-PPT to Pdf Converter deleted
C:\PROGRA~2\AVG SafeGuard toolbar deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\Users\TonyTonyJ\AppData\Roaming\loaderRunning.tmp deleted
C:\PROGRA~3\ISTask.dll deleted
C:\PROGRA~3\AVG SafeGuard toolbar deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\TonyTonyJ\AppData\Local\AVG SafeGuard toolbar deleted
C:\Users\TonyTonyJ\AppData\Local\emaze deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\TonyTonyJ\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default\searchplugins\trovi-search.xml deleted
C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default\jetpack deleted
C:\Users\TonyTonyJ\AppData\Roaming\setup.exe deleted
C:\PROGRA~3\MakeMarkerFile.exe deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\TonyTonyJ\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default
9860727E477F17B88E39AF8B69B0407A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Users\TonyTonyJ\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\TonyTonyJ\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{B15FD23A-B92E-49C2-B744-04029692B03C}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{1F3B464E-B7C3-4993-AAA9-CE041DA631B3} Unknown Url="Not_Found"
{B15FD23A-B92E-49C2-B744-04029692B03C} Google Url="http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F3B464E-B7C3-4993-AAA9-CE041DA631B3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\TonyTonyJ\AppData\Local\Mozilla\Firefox\Profiles\q7yq2odc.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=162 folders=62 21823968 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\TonyTonyJ\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\TONYTO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 12/15/2014 at 12:41:29.86 ======================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Very good. Any progress?


FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

Similar threads

Trident
    • Like
    • Hundred Points
    • +Reputation
New Update Prevention-First Kaspersky
Replies
30
Views
4,548
Kaspersky
Xeno1234
Xeno1234
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
10,555
Other security for Windows, Mac, Linux
Warencom
W
E
Solved GoSave 2.0 keeps coming back on my Chrome
Replies
21
Views
4,608
Windows Malware Removal Help & Support
Ellie Otani
E

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top