Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Display-settings and Savifier removal
Message
<blockquote data-quote="michael jackson" data-source="post: 315659" data-attributes="member: 31917"><p>ok i have this display settings bug... i did as you instructed - my system just rebooted and started with the results on notepad - just as you described. </p><p>here are the results:</p><p></p><p></p><p>Zoek.exe v5.0.0.0 Updated 14-December-2014</p><p>Tool run by TonyTonyJ on Mon 12/15/2014 at 12:13:15.54.</p><p>Microsoft Windows 8.1 6.3.9600 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\TonyTonyJ\Downloads\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== System Restore Info ======================</p><p></p><p>12/15/2014 12:16:19 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\PROGRA~2\ZJMedia deleted successfully</p><p>C:\Program Files\002 deleted successfully</p><p>C:\PROGRA~3\Oracle deleted successfully</p><p>C:\Users\TonyTonyJ\AppData\Local\VisualBeeExe deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== FireFox Fix ======================</p><p></p><p>ProfilePath: C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default</p><p></p><p>---- Lines AtuZi removed from prefs.js ----</p><p>user_pref("extensions.AtuZi.asul", "1405212550644");</p><p>user_pref("extensions.AtuZi.aul", "1405213686858");</p><p>user_pref("extensions.AtuZi.irl", true);</p><p>user_pref("extensions.AtuZi.is", "cbslugp1");</p><p>user_pref("extensions.AtuZi.ug", "90A3AC2C-0A18-45D5-AFFC-5A630679A3AD");</p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p>user_20141215_1229_.backup</p><p>prefs_20141215_1229_.backup</p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~3\600440862 deleted</p><p>C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted</p><p>C:\PROGRA~2\PowerPoint-PPT to Pdf Converter deleted</p><p>C:\PROGRA~2\AVG SafeGuard toolbar deleted</p><p>C:\PROGRA~2\COMMON~1\AVG Secure Search deleted</p><p>C:\Users\TonyTonyJ\AppData\Roaming\loaderRunning.tmp deleted</p><p>C:\PROGRA~3\ISTask.dll deleted</p><p>C:\PROGRA~3\AVG SafeGuard toolbar deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\Users\TonyTonyJ\AppData\Local\AVG SafeGuard toolbar deleted</p><p>C:\Users\TonyTonyJ\AppData\Local\emaze deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted</p><p>C:\Users\TonyTonyJ\AppData\LocalLow\AVG SafeGuard toolbar deleted</p><p>C:\WINDOWS\SysNative\config\systemprofile\Searches deleted</p><p>C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default\searchplugins\trovi-search.xml deleted</p><p>C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default\jetpack deleted</p><p>C:\Users\TonyTonyJ\AppData\Roaming\setup.exe deleted</p><p>C:\PROGRA~3\MakeMarkerFile.exe deleted</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\TonyTonyJ\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default</p><p>9860727E477F17B88E39AF8B69B0407A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash</p><p>D2377C9458EFEB094E38B8C874AA214C - C:\Users\TonyTonyJ\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update</p><p>E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\TonyTonyJ\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104</p><p></p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="https://www.google.com/" target="_blank">https://www.google.com/</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="https://www.google.com/" target="_blank">https://www.google.com/</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{B15FD23A-B92E-49C2-B744-04029692B03C}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"</p><p>{1F3B464E-B7C3-4993-AAA9-CE041DA631B3} Unknown Url="Not_Found"</p><p>{B15FD23A-B92E-49C2-B744-04029692B03C} Google Url="<a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</a>"</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully</p><p>HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F3B464E-B7C3-4993-AAA9-CE041DA631B3} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\TonyTonyJ\AppData\Local\Mozilla\Firefox\Profiles\q7yq2odc.default\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>No Chrome User Data found</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=162 folders=62 21823968 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\TonyTonyJ\AppData\Local\Temp will be emptied at reboot</p><p>C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\WINDOWS\Temp successfully emptied</p><p>C:\Users\TONYTO~1\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== EOF on Mon 12/15/2014 at 12:41:29.86 ======================</p></blockquote><p></p>
[QUOTE="michael jackson, post: 315659, member: 31917"] ok i have this display settings bug... i did as you instructed - my system just rebooted and started with the results on notepad - just as you described. here are the results: Zoek.exe v5.0.0.0 Updated 14-December-2014 Tool run by TonyTonyJ on Mon 12/15/2014 at 12:13:15.54. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\TonyTonyJ\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 12/15/2014 12:16:19 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\ZJMedia deleted successfully C:\Program Files\002 deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\TonyTonyJ\AppData\Local\VisualBeeExe deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default ---- Lines AtuZi removed from prefs.js ---- user_pref("extensions.AtuZi.asul", "1405212550644"); user_pref("extensions.AtuZi.aul", "1405213686858"); user_pref("extensions.AtuZi.irl", true); user_pref("extensions.AtuZi.is", "cbslugp1"); user_pref("extensions.AtuZi.ug", "90A3AC2C-0A18-45D5-AFFC-5A630679A3AD"); ---- FireFox user.js and prefs.js backups ---- user_20141215_1229_.backup prefs_20141215_1229_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\600440862 deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted C:\PROGRA~2\PowerPoint-PPT to Pdf Converter deleted C:\PROGRA~2\AVG SafeGuard toolbar deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\Users\TonyTonyJ\AppData\Roaming\loaderRunning.tmp deleted C:\PROGRA~3\ISTask.dll deleted C:\PROGRA~3\AVG SafeGuard toolbar deleted C:\PROGRA~3\Package Cache deleted C:\Users\TonyTonyJ\AppData\Local\AVG SafeGuard toolbar deleted C:\Users\TonyTonyJ\AppData\Local\emaze deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\TonyTonyJ\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default\searchplugins\trovi-search.xml deleted C:\Users\TONYTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default\jetpack deleted C:\Users\TonyTonyJ\AppData\Roaming\setup.exe deleted C:\PROGRA~3\MakeMarkerFile.exe deleted ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\TonyTonyJ\AppData\Roaming\Mozilla\Firefox\Profiles\q7yq2odc.default 9860727E477F17B88E39AF8B69B0407A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash D2377C9458EFEB094E38B8C874AA214C - C:\Users\TonyTonyJ\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\TonyTonyJ\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]https://www.google.com/[/url]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]https://www.google.com/[/url]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{B15FD23A-B92E-49C2-B744-04029692B03C}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {1F3B464E-B7C3-4993-AAA9-CE041DA631B3} Unknown Url="Not_Found" {B15FD23A-B92E-49C2-B744-04029692B03C} Google Url="[url]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}[/url]" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-1746658525-1637020874-184723657-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F3B464E-B7C3-4993-AAA9-CE041DA631B3} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\TonyTonyJ\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\TonyTonyJ\AppData\Local\Mozilla\Firefox\Profiles\q7yq2odc.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=162 folders=62 21823968 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\TonyTonyJ\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\TONYTO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Mon 12/15/2014 at 12:41:29.86 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top