GoSave infection :(

S

Shameka

New Member
Thread author
Oct 20, 2014
1
I need help with this also. I've followed your steps and here is what came up in my NotePad. Please help.

Meka

Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by user01 on Mon 10/20/2014 at 15:23:36.84.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user01\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/20/2014 3:30:57 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AC210E68-F291-4A25-BCB8-68FAEE03BFDA} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AC210E68-F291-4A25-BCB8-68FAEE03BFDA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\eSellerate deleted
C:\PROGRA~2\globalUpdate deleted
C:\PROGRA~2\Search Extensions deleted
C:\Users\user01\AppData\Roaming\GoldenGate deleted
C:\PROGRA~3\fontcacheev1.dat deleted
C:\PROGRA~3\SetStretch.VBS deleted
C:\PROGRA~3\Avg_Update_0414c deleted
C:\PROGRA~3\Trusted Publisher deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\user01\AppData\Local\globalUpdate deleted
C:\Users\user01\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\tasks\YTDownloader deleted
C:\WINDOWS\tasks\AVG-Secure-Search-Update_0414c_rel.job deleted
C:\WINDOWS\tasks\AVG-Secure-Search-Update_0414c_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_0414c_rel deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_0414c_rmv deleted
C:\WINDOWS\tasks\WSE_Lasaoren.job deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\d3dx9_11.dll.tmp deleted
"C:\PROGRA~3\1a5953131405e991\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140930095326" deleted
"C:\PROGRA~3\1a5953131405e991\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140930095337" deleted
"C:\PROGRA~3\1a5953131405e991\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141002101937" deleted
"C:\PROGRA~3\1a5953131405e991\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141002102012" deleted
"C:\PROGRA~3\1a5953131405e991" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\user01\AppData\Roaming\Greyfirst\Celtx\Profiles\jggpay52.default
- Timezone Definitions for Mozilla Calendar - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org
- Default Shot Palette - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com
- DOM Inspector - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\user01\AppData\Roaming\Mozilla\Firefox\Profiles\9ol9ki3s.default
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\user01\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
3BB46C18F67297B670D3037595F46707 - C:\Users\user01\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ehjldlodmkdlooagebfnaghgmkfccipn - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ehjldlodmkdlooagebfnaghgmkfccipn - No path found[]

GoSaveo - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Administrator\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Administrator\AppData\Local\Torch\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
Docs - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
GoSaveo - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - Guest\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - Guest\AppData\Local\Torch\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - user01\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - user01\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - user01\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - user01\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
BIODIGITAL HUMAN - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
Google Voice Search Hotword (Beta) - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
GoSaveo - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
Bible - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljbeanmjklkbfnppfedajbgeongccb
Daum Equation Editor - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe
Logarithms Table - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekflgjlkhleiegpledpmjcpaoblbaong
Fairway Solitaire - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpbdfapchjogkmfpcmnfjdimgijhdho
GoSaevoe - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
What do your dreams mean - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmambngimkfaddbeebieghlkbdifaje
World of Solitaire - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn
LDS Scriptures - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijknidpjhcgbeliijjdmlonlcaobfldf
Quran - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe
Scientific Calculator - user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog
GoSaveo - user01\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne
GoSaevoe - user01\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea
GoSaveo - user01\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne

==== Chromium Startpages ======================

C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.com/",
"startup_urls": [ "https://www.google.com/" ],


==== Chromium Fix ======================

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\user01\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\user01\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\user01\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\user01\AppData\Local\Torch\User Data\Default\Extensions\bojdackknppmomffjbffdppaofindkne deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\user01\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\user01\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\user01\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkfohgnhfcibkpbmgeaijnjfpmolglea deleted successfully
C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Lasaoren Url="http://Lasaoren.com/results.php?f=4...tGyByEyBzyyBtDyE0ByB0A0AyB2Q&cr=402937785&ir="

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1578426742-284494171-321257044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49775;https=127.0.0.1:49775"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user01\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\user01\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=938 folders=278 131458800 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\user01\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\user01\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 10/20/2014 at 16:19:26.54 ======================
 

Similar threads

Shadowkitt10
  • Locked
Browser Keeps Changing to Bing or Yahoo Despite Default Browser Being Different
Replies
5
Views
831
Windows Malware Removal Help & Support
nasdaq
nasdaq
Razza
    • Like
Question Intrusion prevention not working as expected
Replies
8
Views
750
Kaspersky
Razza
Razza
vtqhtr413
    • Like
Technology Will Firefox rise like phoenix from the ashes in 2024?
Replies
24
Views
1,355
Technology News
Stopspying
Stopspying

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top