Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FIRST.txt and Addition.txt for pckeeper and reimageplus pop-ups
Message
<blockquote data-quote="Bonnielj" data-source="post: 269890" data-attributes="member: 28099"><p>Sorry, but I cannot get the Upload a File button to work so I have pasted zoek-results.</p><p></p><p></p><p>Zoek.exe v5.0.0.0 Updated 27-09-2014</p><p>Tool run by Bonnie on Mon 09/29/2014 at 17:32:37.00.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Bonnie\Desktop\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== System Restore Info ======================</p><p></p><p>9/29/2014 5:40:36 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-771612026-841732212-226713872-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted</p><p>C:\Windows\wininit.ini deleted</p><p>C:\Windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\Windows\Syswow64\InstallUtil.InstallLog deleted</p><p>C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149\searchplugins\safesearch.xml deleted</p><p>C:\Users\Bonnie\nircmd.exe deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [09/29/2014 12:52 AM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149</p><p>- Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\anbhxz4r.default-1410044017558</p><p>C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director</p><p></p><p>Profilepath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\cv8xhvlq.default</p><p>15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System</p><p></p><p>Profilepath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149</p><p>DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash</p><p>C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>iikflkcanblccfahdhdonehdalibjnif - No path found[]</p><p>mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx[07/31/2014 01:47 AM]</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://xfinity.comcast.net/" target="_blank">http://xfinity.comcast.net/</a>"</p><p>"Search Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>@="<a href="http://www.google.com/search?q=%s" target="_blank">http://www.google.com/search?q=%s</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]</p><p>"SearchAssistant"="<a href="http://www.google.com/ie" target="_blank">http://www.google.com/ie</a>"</p><p>"Default_Search_URL"="<a href="http://www.google.com/ie" target="_blank">http://www.google.com/ie</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Search Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>"</p><p>"Start Page"="<a href="http://xfinity.comcast.net/" target="_blank">http://xfinity.comcast.net/</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"(Default)"="<a href="http://search.msn.com/results.asp?q=%s" target="_blank">http://search.msn.com/results.asp?q=%s</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]</p><p>"Default_Search_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>"</p><p>"SearchAssistant"="<a href="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" target="_blank">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{42ED115A-CF46-4D11-B358-13E01F723112}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{42ED115A-CF46-4D11-B358-13E01F723112} Google Url="<a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\AdministratorBonnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Bonnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Bonnie\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Bonnie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Bonnie\AppData\Local\Mozilla\Firefox\Profiles\anbhxz4r.default-1410044017558\Cache emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>No Chrome Cache found</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=11 folders=5 350508064 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\AdministratorBonnie\AppData\Local\Temp emptied successfully</p><p>C:\Users\Bonnie\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\Bonnie\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Users\Bonnie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted</p><p></p><p>==== EOF on Mon 09/29/2014 at 18:06:11.17 ======================</p></blockquote><p></p>
[QUOTE="Bonnielj, post: 269890, member: 28099"] Sorry, but I cannot get the Upload a File button to work so I have pasted zoek-results. Zoek.exe v5.0.0.0 Updated 27-09-2014 Tool run by Bonnie on Mon 09/29/2014 at 17:32:37.00. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Bonnie\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 9/29/2014 5:40:36 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-771612026-841732212-226713872-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149\searchplugins\safesearch.xml deleted C:\Users\Bonnie\nircmd.exe deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [09/29/2014 12:52 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149 - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\anbhxz4r.default-1410044017558 C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director Profilepath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\cv8xhvlq.default 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\nq483etu.default-1411263639149 DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx[07/31/2014 01:47 AM] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://xfinity.comcast.net/[/url]" "Search Page"="[url]http://www.google.com[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="[url]http://www.google.com/search?q=%s[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="[url]http://www.google.com/ie[/url]" "Default_Search_URL"="[url]http://www.google.com/ie[/url]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="[url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]" "Start Page"="[url]http://xfinity.comcast.net/[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="[url]http://search.msn.com/results.asp?q=%s[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="[url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]" "SearchAssistant"="[url]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{42ED115A-CF46-4D11-B358-13E01F723112}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {42ED115A-CF46-4D11-B358-13E01F723112} Google Url="[url]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}[/url]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\AdministratorBonnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bonnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bonnie\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bonnie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Bonnie\AppData\Local\Mozilla\Firefox\Profiles\anbhxz4r.default-1410044017558\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=11 folders=5 350508064 bytes) ==== Empty Temp Folders ====================== C:\Users\AdministratorBonnie\AppData\Local\Temp emptied successfully C:\Users\Bonnie\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Bonnie\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Bonnie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on Mon 09/29/2014 at 18:06:11.17 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top