Solved http://www.qslpdk.com/ - malware/adware

[Bitoy]

I appreciate any help.
Thanks in advance.

 

[argus]

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  bitsadmin /reset /allusers;b
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Bitoy]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by bomber on Sat 05/23/2015 at 9:54:39.39.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jun\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5/23/2015 10:05:39 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nitro PDF deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\PROGRA~3\FilesOpened deleted successfully
C:\Users\bomber\AppData\Roaming\Google deleted successfully
C:\Users\Jun\AppData\Roaming\HpUpdate deleted successfully
C:\Users\bomber\AppData\Local\VirtualStore deleted successfully
C:\Users\bomber.Jun-PC\AppData\Local\Pirrit Suggestor deleted successfully
C:\Users\Jun\AppData\Local\Artist Colony deleted successfully
C:\Users\Jun\AppData\Local\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DailyBibleGuideService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DailyBibleGuideService deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\BOMBER~1.JUN\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}

prefs.js not found
---- FireFox user.js and prefs.js backups ----

user_20150523_1022_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Nitro PDF not found
C:\Users\bomber.Jun-PC\AppData\Roaming\Pirrit deleted
C:\Users\Jun\AppData\LocalLow\{D838B8AC-DAB4-E479-20ED-56FCD8340F5E} deleted
C:\Users\bomber.Jun-PC\AppData\Local\26263 deleted
C:\PROGRA~2\Shop It Up! deleted
C:\awh1303.tmp deleted
C:\awh1CF2.tmp deleted
C:\awh2451.tmp deleted
C:\awh250D.tmp deleted
C:\awh2606.tmp deleted
C:\awh2819.tmp deleted
C:\awh2A1B.tmp deleted
C:\awh2AC7.tmp deleted
C:\awh2F3A.tmp deleted
C:\awh2F59.tmp deleted
C:\awh4430.tmp deleted
C:\awh493F.tmp deleted
C:\awh49FA.tmp deleted
C:\awh4A19.tmp deleted
C:\awh53AB.tmp deleted
C:\awh5CFD.tmp deleted
C:\awh5F1F.tmp deleted
C:\awh620C.tmp deleted
C:\awh66EC.tmp deleted
C:\awh6B11.tmp deleted
C:\awh6BDC.tmp deleted
C:\awh6CF5.tmp deleted
C:\awh6E4C.tmp deleted
C:\awh6F07.tmp deleted
C:\awh783C.tmp deleted
C:\awh7A4D.tmp deleted
C:\awh7C21.tmp deleted
C:\awh7E24.tmp deleted
C:\awh8007.tmp deleted
C:\awh8333.tmp deleted
C:\awh933.tmp deleted
C:\awh98B5.tmp deleted
C:\awh9C0F.tmp deleted
C:\awh9C2F.tmp deleted
C:\awhA063.tmp deleted
C:\awhA42A.tmp deleted
C:\awhA562.tmp deleted
C:\awhA7E2.tmp deleted
C:\awhAB2C.tmp deleted
C:\awhB089.tmp deleted
C:\awhB08A.tmp deleted
C:\awhB0E7.tmp deleted
C:\awhBD94.tmp deleted
C:\awhBFC5.tmp deleted
C:\awhC2C2.tmp deleted
C:\awhC32F.tmp deleted
C:\awhC330.tmp deleted
C:\awhD87.tmp deleted
C:\awhEA10.tmp deleted
C:\awhEA8C.tmp deleted
C:\awhECDE.tmp deleted
C:\awhEDE6.tmp deleted
C:\awhEE73.tmp deleted
C:\awhF7E5.tmp deleted
C:\user.js deleted
C:\FirefoxSetup3.6.19.exe deleted
C:\install.exe deleted
C:\Users\bomber.Jun-PC\AppData\Roaming\bitlord_log.txt deleted
C:\Users\bomber.Jun-PC\AppData\Roaming\BitLord deleted
C:\Users\bomber.Jun-PC\AppData\Roaming\ParetoLogic deleted
C:\PROGRA~3\DL26e2V5s.dat deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\bomber.Jun-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted
C:\Users\bomber\AppData\LocalLow\ilividtoolbarguid deleted
C:\Users\bomber.Jun-PC\AppData\LocalLow\Protect deleted
C:\Users\bomber.Jun-PC\AppData\LocalLow\{6C85A1C9-0F93-4B46-BE67-D409D64C7E67} deleted
C:\Users\bomber.Jun-PC\AppData\LocalLow\{D838B8AC-DAB4-E479-20ED-56FCD8340F5E} deleted
C:\Users\Jun\AppData\LocalLow\Protect deleted
C:\Users\Jun\AppData\LocalLow\{6C85A1C9-0F93-4B46-BE67-D409D64C7E67} deleted
C:\Users\Jun\AppData\LocalLow\ilividtoolbarguid deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\bomber.Jun-PC\Documents\BitLord deleted
"C:\Windows\Installer\916cd.msi" deleted
"C:\Users\BOMBER~1.JUN\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_BCPA1@apn.ask.com.xpi" deleted
"C:\PROGRA~3\1C24C8B5547D1A7300001C24AC941DE9\1C24C8B5547D1A7300001C24AC941DE9" deleted
"C:\PROGRA~3\1C24C8B5547D1A7300001C24AC941DE9\1C24C8B5547D1A7300001C24AC941DE9.ico" deleted
"C:\PROGRA~3\1C24C8B5547D1A7300001C24AC941DE9" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"2vffxtbr@DailyBibleGuide.com"="C:\Program Files (x86)\DailyBibleGuide\bar\1.bin" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.65

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM]

Skype Click to Call - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Fashion Designer New York - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmfbknngdgopopemfjanfbbhmenghfh
Cooking Academy 3 - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidgmglhoekgkheblhljodepklmlfn
SecretBuilders - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepkminngmgicfilpphkijlmenokaheo
Bookmark Manager - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Avenue Flo Special Delivery - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoeeceaolpcooahcmeegcjefnhjdbbn
Diner Dash 3: Flo On The Go - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbdejkkjibfhmcimehcaaepdibpmooo
CrushArcade - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol

==== Chromium Startpages ======================

C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Preferences
0AEAF","flpcjncodpafbgdpnkljologafpionhb":"9ECDD73B9B604BB5BE078F3A2DA4B42B06707FDECA0FDBE1CBD4D06E476B183A","gfdkimpbcpahaombhbimeihdjnejgicl":"9F16C1BF5A08E81A16E706F51B1E77DD3143BBA68F11D4872048254B32C8B589","gmlllbghnfkpflemihljekbapjopfjik":"B9D6F4FC3D691C136E262F1C401F49327579E9B2A49F0EBA506A900213BFB24E","kmendfapggjehodndflmmgagdbamhnfd":"477DAF01DD0AFB767EA2FD87F796CBBD442F0F780D3705D771443C81B29AA6A7","lccekmodgklaepjeofjdjpbminllajkg":"28BED82A512F1324E87FEE9C1E9288800F7FC22E01CFFBAFD8B192BB2C974532","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"0BB3BAE05EC50B80119881E8177A13780BE310A481588B8A4FBBE1135163D6C3","mfehgcgbbipciphmccgaenjidiccnmng":"050F740104D66FED5CEDF69C1D385BCB8F147501FA0C9AC59BDA722368126C87","mfffpogegjflfpflabcdkioaeobkgjik":"4E30A4C6145423595734A0CD08CCA59741976D31122293ED38F871EB0606CC2A","mgndgikekgjfcpckkfioiadnlibdjbkf":"4E84EF70349D16CAC9E5398EF63B9A6D09F2C6DCCD0AD86C5796A37F1EE6D831","mhjfbmdgcfjbbpaeojofohoefgiehjai":"C60F68859318981CE7AB272EF779E14F9D0C23066FC7BB6FDBA4538DCD4D6CEC","nbpagnldghgfoolbancepceaanlmhfmd":"EF7C2DA5B64433667EA3082B6F22C48CEB4C7F4A2E0D479B16005218C90DEA00","ncoeeceaolpcooahcmeegcjefnhjdbbn":"C1536502F8B287020A14194D2ECD793ACB16A7D5ECCEF0838EC69C1917EA8EA4","neajdppkdcdipfabeoofebfddakdcjhd":"5DC7C925D5C32E23FD4E51E1D42D2A14B71A9831D3C37438097C245D338D8126","nkeimhogjdpnpccoofpliimaahmaaome":"113A38ED2787E977A4AB2836E30114EFD24675360FE218228C0C5D541E8685DE","nmmhkkegccagdldgiimedpiccmgmieda":"0C3693CF4C438EF5F5F6FAD614A7061E55D75011D23BF91064FD85CD1AD8534B","nnbdejkkjibfhmcimehcaaepdibpmooo":"537D1DA0D111534FFAD08C39CBF8FDD18C84362F38B21BE35846AFB73A9FC5BD","oocaehgghkpmfmafjenhhnkbfdjjbkic":"652BA3FCF2C4E9D446EF26B6EE1256DA1A60A21CE91FEF4F3068B59DD8EBF41B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"CE1F3D02A05B468866DD5CC96524F80DBCAE323584E9796E62C80EB8887E76DD","pnhjnmacgahapmnnifmneapinilajfol":"131CE4A5A7E46B7F42ACF19483B5CC12B87EC45869564CF4F22B0DEC96E4A3D1"}},"google":{"services":{"last_username":"29307EFA751F0CDCB5FCA78BDB55449D1ED59BBC4F98FC0734CA21ED41933687","username":"08C680A9BDE689079481EA9C430D42ABF6047AA4E4AB215912BED8E913FF91F8"}},"homepage":"048C8C39585CD778AD0573C3C5722701A7A476137E488E11EB825A028FED659E","homepage_is_newtabpage":"2B77FF7202A2DE19B61DAE0FD1B9DF0B3744B817E0D4F6E7212E96459D1ACF65","pinned_tabs":"B917A22FA058911A5A158F4EE2BC17364DC29BEFCFDE77019784D6A843D9257D","prefs":{"preference_reset_time":"D1118657D26D772DF9422A013B5F2F20EB697BAEE129ADB9EE5F5C4CE09F321F"},"profile":{"reset_prompt_memento":"8A00D41DCBC45E331F72A0BAA44A95CF7E1276ED1923EFA99CBDD88A480D369E"},"safebrowsing":{"incidents_sent":"99921577050FB0364C4B76458DD793878B87F7DB03D2EC793F19DE621995986C"},"search_provider_overrides":"11A6B789D9FC0E17105B922DD2872912AA3D0951BA77340FEB3EED5FB64B5F55","session":{"restore_on_startup":"AACAC27CBDE321DAA891863088BCDF2E969B6C9A43F6EDFFF14A787171403944","startup_urls":"E07D67B11874CDDC08BE41057C0986D0AFDB21ED4B7A225226A06AA48199DCBA"},"software_reporter":{"prompt_reason":"6897E997273BB9F9ED07BC3AC98EB6BBCE498F93138A841777AC89CE1DF88CD5","prompt_seed":"604DF6923B07A6800590E081D7FDB99200BDD9C479260CEF6C24D836FA90FA5A","prompt_version":"DB9C01DFA60FBDCAD18C75C60726967CF8060D10F037FC5464B30B95A3738E60"},"sync":{"remaining_rollback_tries":"BA38DF51C79D17FEA3485576291ABF0D2F23D7D5880D25E185BD98F1ACEEBD85"}},"super_mac":"F17E4F79035B91B1CE252BD8F06C959CD73141362E560811895FDFE2C7A8DDE3"},"session":{"restore_on_startup":4,"startup_urls":["http://www.ninemsn.com.au/?ocid=mailsignout"]},"sync":{"remaining_rollback_tries":0}}


==== Chromium Fix ======================

C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.adinfinity.com.au_0.localstorage deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.adinfinity.com.au_0.localstorage-journal deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_onlineservices.ato.gov.au_0.localstorage deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_onlineservices.ato.gov.au_0.localstorage-journal deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
"Default_Page_URL"="http://www.google.com"
"First Home Page"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.msn.com/?pc=MSSE"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\2vffxtbr@DailyBibleGuide.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\65F8E9A2B13CBBD4FB2EF0E48C913255 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A737E18A-5171-40D0-8034-7DD243420081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65F8E9A2B13CBBD4FB2EF0E48C913255 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ads Expert Browser deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTAds Expert Browser deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Helper deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2XRHYF6 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Jun\AppData\Local\Mozilla\Firefox\Profiles\yc4nqz78.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=239 folders=46 66736107 bytes)

==== Empty Temp Folders ======================

C:\Users\bomber\AppData\Local\Temp emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jun\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

 

[argus]

Re-run zoek and run this script:

createsrpoint;
autoclean;
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
emptyalltemp;

Post its content into your next reply.

 

[Bitoy]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by bomber on Sun 05/31/2015 at 19:20:51.11.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jun\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

\zoek-results2015-05-24-074729.log 21878 bytes
\zoek-results2015-05-24-100004.log 14646 bytes
\zoek-results2015-05-24-100944.log 552 bytes
\zoek-results2015-05-31-091101.log 8422 bytes

==== System Restore Info ======================

5/31/2015 7:31:38 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Jun\AppData\Local\MigWiz deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM]

Skype Click to Call - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Fashion Designer New York - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmfbknngdgopopemfjanfbbhmenghfh
Cooking Academy 3 - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidgmglhoekgkheblhljodepklmlfn
SecretBuilders - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepkminngmgicfilpphkijlmenokaheo
Bookmark Manager - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Avenue Flo Special Delivery - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoeeceaolpcooahcmeegcjefnhjdbbn
Diner Dash 3: Flo On The Go - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbdejkkjibfhmcimehcaaepdibpmooo
CrushArcade - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=252 folders=52 67142480 bytes)

==== Empty Temp Folders ======================

C:\Users\bomber\AppData\Local\Temp emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jun\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

 

[argus]

How's your computer behaving now?

 

[Bitoy]

Hello
Although navigating through windows explorer is noticeably quicker, the annoying qslpdk adware still pops-up. All the ads including videos.
cheers
Bitoy

 

[argus]

Re-run zoek and run this script:

createsrpoint;
autoclean;
lifbcibllhkdhoafpjfnlhfpfgnpldfl;chr
dfmfbknngdgopopemfjanfbbhmenghfh;chr
dlaidgmglhoekgkheblhljodepklmlfn;chr
eepkminngmgicfilpphkijlmenokaheo;chr
ncoeeceaolpcooahcmeegcjefnhjdbbn;chr
nnbdejkkjibfhmcimehcaaepdibpmooo;chr
pnhjnmacgahapmnnifmneapinilajfol;chr
emptyalltemp;
ipconfig /flushdns;b

Post its content into your next reply.

 

[Bitoy]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by bomber on Tue 06/02/2015 at 10:14:02.54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jun\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

\zoek-results2015-05-24-074729.log 21878 bytes
\zoek-results2015-05-24-100004.log 14646 bytes
\zoek-results2015-05-24-100944.log 552 bytes
\zoek-results2015-05-31-091101.log 8422 bytes
\zoek-results2015-06-02-001117.log 7738 bytes

==== System Restore Info ======================

6/2/2015 10:18:06 AM Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\yc4nqz78.default\jetpack deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jun\AppData\Roaming\Mozilla\Firefox\Profiles\yc4nqz78.default
- Ask New Tabs - %ProfilePath%\extensions\{06FE1F20-D904-1160-FE4C-76A6BAC5EA61}
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Bantuan SaveFrom.net - %ProfilePath%\extensions\helper@savefrom.net.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM]

Google Docs - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Fashion Designer New York - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmfbknngdgopopemfjanfbbhmenghfh
Cooking Academy 3 - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidgmglhoekgkheblhljodepklmlfn
SecretBuilders - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepkminngmgicfilpphkijlmenokaheo
Google Sheets - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Bookmark Manager - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Avenue Flo Special Delivery - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoeeceaolpcooahcmeegcjefnhjdbbn
Google Wallet - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Diner Dash 3: Flo On The Go - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbdejkkjibfhmcimehcaaepdibpmooo
Gmail - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
CrushArcade - Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol

==== Chromium Startpages ======================

C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Preferences
ipt":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"created_by_version":"43.0.2357.81","exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13077629996847857","icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Jun","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Jun\\Dropbox\\2009-02 (Feb)"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13077540255477509"},"translate_blocked_languages":["en"],"translate_whitelists":{}}
keyword":"CBDA5286AA010E93F34CBEF8F478E1C61CB20109E889172AF55B36316D19A002","name":"C04BC1529A14F430852A051B1B7DC9B5B988BAF1A98AEBC7DA34912A3857D9EA","search_url":"2CF71BFA1ACBE58BD7CA72BA5C0FE0FD5EA5276E60C356CA6E1C3B60903DAEB6"},"default_search_provider_data":{"template_url_data":"E01870632F10501811ECC2D32050B8451BC4957D549A4E5168B37057A8602437"},"extensions":{"settings":{"aaaamlhfhcfkoohbmgclofjejfkgnfjp":"7E32015C9004D943583268F5FABD56AD7CEE8F8F923DC2FC95EBC238E5B68504","aapocclcgogkmnckokdopfmhonfmgoek":"A419F5C4B56EB111FCE6CA83887AB583377B95032298D129EF461AF88FDA1F38","ahfgeienlihckogmohjhadlkjgocpleb":"2FD909CE2AF01E86B322B45B5DCD7E0003ECD77D8A0FDD421EE53BE03FB37758","aohghmighlieiainnegkcijnfilokake":"AFEEB4077E052165F5F217467218498CED411A9E0D00DDFBD2B4BFB913C449AB","apdfllckaahabafndbhieahigkjlhalf":"81DE81699107E71C4544DF7ACB9F3E217281F9C7D84B5FA23CDF690B31BDB6F5","bepbmhgboaologfdajaanbcjmnhjmhfn":"22ACD3C75392A67D553EA444F2E9E93A8855CC0F152AF40B55DB3A29DF531C6F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"0F16A5811CFF1A02C825D4E65BFD63C66DFB31E51F477CA02572943AC7556A88","bopakagnckmlgajfccecajhnimjiiedh":"506AAA6CF0E94E0CCE27709C34DFFE7D8471BAABC70C1D670243FC90684CCF2E","coobgpohoikkiipiblmjeljniedjpjpf":"7143AF6C302B4110FA404FDBEB63115FBDBA04983B1C0FBD86C2FDBF52851462","dfmfbknngdgopopemfjanfbbhmenghfh":"AE5227661FCF183064B5F9E63FDA584A4FB3FE71ADC2763ABB154302472588C6","dlaidgmglhoekgkheblhljodepklmlfn":"1B9771016BFFADB63172039DF0193DA7E00AA54DA3AD3A162C8B3DC64AE60E52","dnhpdliibojhegemfjheidglijccjfmc":"7E56FD34251CB2BE08E1E29574FC06362E48A1372741EADE22C4AD954F9F47CB","eemcgdkfndhakfknompkggombfjjjeno":"17977C03748A7EA05250705A80EF76463A8E2482F9A02E520E8C5166ADFF67D6","eepkminngmgicfilpphkijlmenokaheo":"2B075B69790D19E720F7912E60E095CA416B5263F32072BECF312C29B5243F10","ennkphjdgehloodpbhlhldgbnhmacadg":"E7D8289DAB3F8F40B052B08B9BBA7EEC616C3324DC1A71C69637C46CA02DC24A","felcaaldnbdncclmgdcncolpebgiejap":"54D51C7601D9570C1AE171BE9E02C1C9942563617720FBCC417D407B4A779CC1","ffjcmnpnoopgilmnfhloocdcbnimmmea":"12C648FD74B3AC6B5E0DE1C4FEDC67F25D1278316E35E69C74072D090F1FD6BA","flpcjncodpafbgdpnkljologafpionhb":"9ECDD73B9B604BB5BE078F3A2DA4B42B06707FDECA0FDBE1CBD4D06E476B183A","gfdkimpbcpahaombhbimeihdjnejgicl":"9F16C1BF5A08E81A16E706F51B1E77DD3143BBA68F11D4872048254B32C8B589","gmlllbghnfkpflemihljekbapjopfjik":"5B8510D702597B42C860BD148F3D12CA8B124F56264056AEA4F7DAAD50BFBED6","kmendfapggjehodndflmmgagdbamhnfd":"477DAF01DD0AFB767EA2FD87F796CBBD442F0F780D3705D771443C81B29AA6A7","lccekmodgklaepjeofjdjpbminllajkg":"C79D92051ADEF9B378D9D7960390C78C3722A251E99B899FD2F4312FF5EA9F86","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"2D4C4A41CE21EDF821AFA760A2B3FCA6A8D2D155F19B609F52F7C3BAFC9CF732","mfehgcgbbipciphmccgaenjidiccnmng":"050F740104D66FED5CEDF69C1D385BCB8F147501FA0C9AC59BDA722368126C87","mfffpogegjflfpflabcdkioaeobkgjik":"4E30A4C6145423595734A0CD08CCA59741976D31122293ED38F871EB0606CC2A","mgndgikekgjfcpckkfioiadnlibdjbkf":"4E84EF70349D16CAC9E5398EF63B9A6D09F2C6DCCD0AD86C5796A37F1EE6D831","mhjfbmdgcfjbbpaeojofohoefgiehjai":"C60F68859318981CE7AB272EF779E14F9D0C23066FC7BB6FDBA4538DCD4D6CEC","nbpagnldghgfoolbancepceaanlmhfmd":"EF7C2DA5B64433667EA3082B6F22C48CEB4C7F4A2E0D479B16005218C90DEA00","ncoeeceaolpcooahcmeegcjefnhjdbbn":"351254F2B1B8E360D7B9A3BFDD4EB65DD4FC39F36DE9FF54234B09EAC870DF0F","neajdppkdcdipfabeoofebfddakdcjhd":"5DC7C925D5C32E23FD4E51E1D42D2A14B71A9831D3C37438097C245D338D8126","nkeimhogjdpnpccoofpliimaahmaaome":"113A38ED2787E977A4AB2836E30114EFD24675360FE218228C0C5D541E8685DE","nmmhkkegccagdldgiimedpiccmgmieda":"F48C6D61CB8C4EE5D1DE4538479EC275E0B758825728CC2637709EE4BFC82DB8","nnbdejkkjibfhmcimehcaaepdibpmooo":"49B55FDE8ACE68382AF4305A38A96631A70E1CCEEAB79C7772A82718346CD396","oocaehgghkpmfmafjenhhnkbfdjjbkic":"652BA3FCF2C4E9D446EF26B6EE1256DA1A60A21CE91FEF4F3068B59DD8EBF41B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"CE1F3D02A05B468866DD5CC96524F80DBCAE323584E9796E62C80EB8887E76DD","pjkljhegncpnkpknbcohdijeoejaedia":"EDB2C46783AA58DB03D9098E390BD6C7181BA02204951B540F28131E637997D3","pnhjnmacgahapmnnifmneapinilajfol":"638A702CEF223D5F80776EE16115E5DA32EC6286A114ABC6FD53E4B241EB2662"}},"google":{"services":{"last_username":"29307EFA751F0CDCB5FCA78BDB55449D1ED59BBC4F98FC0734CA21ED41933687","username":"08C680A9BDE689079481EA9C430D42ABF6047AA4E4AB215912BED8E913FF91F8"}},"homepage":"048C8C39585CD778AD0573C3C5722701A7A476137E488E11EB825A028FED659E","homepage_is_newtabpage":"2B77FF7202A2DE19B61DAE0FD1B9DF0B3744B817E0D4F6E7212E96459D1ACF65","pinned_tabs":"B917A22FA058911A5A158F4EE2BC17364DC29BEFCFDE77019784D6A843D9257D","prefs":{"preference_reset_time":"D1118657D26D772DF9422A013B5F2F20EB697BAEE129ADB9EE5F5C4CE09F321F"},"profile":{"reset_prompt_memento":"8A00D41DCBC45E331F72A0BAA44A95CF7E1276ED1923EFA99CBDD88A480D369E"},"safebrowsing":{"incidents_sent":"99921577050FB0364C4B76458DD793878B87F7DB03D2EC793F19DE621995986C"},"search_provider_overrides":"11A6B789D9FC0E17105B922DD2872912AA3D0951BA77340FEB3EED5FB64B5F55","session":{"restore_on_startup":"AACAC27CBDE321DAA891863088BCDF2E969B6C9A43F6EDFFF14A787171403944","startup_urls":"E07D67B11874CDDC08BE41057C0986D0AFDB21ED4B7A225226A06AA48199DCBA"},"software_reporter":{"prompt_reason":"6897E997273BB9F9ED07BC3AC98EB6BBCE498F93138A841777AC89CE1DF88CD5","prompt_seed":"604DF6923B07A6800590E081D7FDB99200BDD9C479260CEF6C24D836FA90FA5A","prompt_version":"DB9C01DFA60FBDCAD18C75C60726967CF8060D10F037FC5464B30B95A3738E60"},"sync":{"remaining_rollback_tries":"BA38DF51C79D17FEA3485576291ABF0D2F23D7D5880D25E185BD98F1ACEEBD85"}},"super_mac":"0FBB17274C0B027A8C269F36C693752959F3677BFB349E9F8C68C991C261F277"},"session":{"restore_on_startup":4,"startup_urls":["http://www.ninemsn.com.au/?ocid=mailsignout"]},"sync":{"remaining_rollback_tries":0}}


==== Chromium Fix ======================

C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx deleted successfully
C:\Users\bomber.Jun-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmfbknngdgopopemfjanfbbhmenghfh deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidgmglhoekgkheblhljodepklmlfn deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepkminngmgicfilpphkijlmenokaheo deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoeeceaolpcooahcmeegcjefnhjdbbn deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbdejkkjibfhmcimehcaaepdibpmooo deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol deleted successfully
C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pnhjnmacgahapmnnifmneapinilajfol deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jun\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=337 folders=74 69884634 bytes)

==== Empty Temp Folders ======================

C:\Users\bomber\AppData\Local\Temp emptied successfully
C:\Users\bomber.Jun-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jun\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BOMBER~1.JUN\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jun\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa9qi92.dll" not found
"C:\Users\Jun\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa9qi92.lck" not found
"C:\Users\Jun\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not deleted
"C:\Users\Jun\AppData\Local\Temp\qtsingleapp-NokiaO-b889-1-lockfile" not deleted
"C:\Users\Jun\AppData\Local\Temp\~DF6166C8D9007790AA.TMP" not found
"C:\Users\Jun\AppData\Local\Temp\~DF7AC41AD1C8AD9316.TMP" not found
"C:\Users\Jun\AppData\Local\Temp\~DF96BB22B84BA96199.TMP" not found
"C:\Users\Jun\AppData\Local\Temp\~DF9A71E9F0FC623DF7.TMP" not found
"C:\Users\Jun\AppData\Local\Temp\~DFAFBD464DA4B834AA.TMP" not found
"C:\Users\Jun\AppData\Local\Temp\scoped_dir10004_2506" not deleted

==== EOF on Tue 06/02/2015 at 11:00:57.77 ======================

 

[Bitoy]

I had a quick web surf to test specific sites where normally pop-ups would appear, happy to say that so far no pop-ups just yet.
Fingers crossed! I'll have a thorough test later.
cheers!
Bitoy.

 

[argus]

Still with me?

 

[Bitoy]

Of course man!
So far so good!
Cheers!

 

[argus]

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[Bitoy]

Hey Argus
Any tips on how I could keep these vicious unwanted malwares/adwares at bay? Apart from the obvious, is there any tool you can recommend?
cheers
Bitoy

 

[argus]

Open new thread.