Malware/Adware Infection
- Thread starter mrickyb
- Start date
- Mar 8, 2013
- 22,627
Hello,
They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:
Rules and policies
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Post its content into your next reply.
They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:
- At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
- Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
- Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
- Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
- All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
- If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
- I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
- Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
- Please attach all report using
button below. Doing this, you make it easier for me to analyze and fix your problem.
- Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
- If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; autoclean; emptyalltemp; ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
I'm starting to get some new, strange pc behavior. my "caps lock" notification was flashing about every 30 seconds, a banner ad was appearing at the bottom of the screen and causing the browser to auto scroll to the bottom. Also, for some reason, Hitmanpro is automatically running a scan every time the browser is restarted. Following are the zoek results.
Zoek.exe v5.0.0.0 Updated 03-February-2015
Tool run by Rick on Wed 02/04/2015 at 14:13:07.04.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rick\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
2/4/2015 2:17:21 PM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\NewTech Infosystems deleted successfully
C:\PROGRA~2\Realtek deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~2\Screen Calipers 1.5 deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\WordPress deleted successfully
C:\PROGRA~3\RealNetworks deleted successfully
C:\Users\Rick\AppData\Roaming\dlg deleted successfully
C:\Users\Rick\AppData\Roaming\SanDisk deleted successfully
C:\Users\Rick\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Rick\AppData\Local\cache deleted successfully
C:\Users\Rick\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Rick\AppData\Local\Nikon deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1019672845-1618669503-3218648306-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\tz8wth7o.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20150204_0232_.backup
ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20150204_0232_.backup
ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765
prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Batch Command(s) Run By Tool======================
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
==== Deleting Files \ Folders ======================
C:\Users\Rick\.android deleted
C:\PROGRA~2\GUT1CC4.tmp deleted
C:\PROGRA~2\GUM1C84.tmp deleted
C:\PROGRA~2\WordPerfect Office 11 deleted
C:\PROGRA~2\Universal Extractor deleted
C:\PROGRA~2\The Weather Channel deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\Guest\AppData\Roaming\Yahoo! deleted
C:\Users\Rick\AppData\Roaming\Yahoo! deleted
C:\windows\SysNative\ColorMedia64.dll deleted
C:\Users\Rick\Downloads\couponprinter.exe deleted
C:\Users\Rick\AppData\LocalLow\Yahoo! deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\SETD66F.tmp deleted
C:\Windows\Syswow64\SETD836.tmp deleted
C:\Windows\SysWOW64\ColorMedia.dll deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\CT2117678 deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765\extensions\staged deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\conduit deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\ConduitEngine deleted
"C:\Users\Rick\AppData\Local\26415dded4206f3c5e8fdc26218ddcde" deleted
"C:\Users\Rick\AppData\Roaming\AccountTypes" deleted
"C:\Users\Rick\AppData\Roaming\Applause and Laugher" deleted
"C:\Users\Rick\AppData\Roaming\FOUEA" deleted
"C:\Windows\tasks\FOUEA.job" deleted
"C:\Windows\SysNative\tasks\FOUEA" deleted
"C:\Users\Rick\AppData\Roaming\GMQCEMRK" deleted
"C:\Windows\tasks\GMQCEMRK.job" deleted
"C:\Windows\SysNative\tasks\GMQCEMRK" deleted
"C:\Users\Rick\AppData\Roaming\grep" deleted
"C:\Users\Rick\AppData\Roaming\vhosts" deleted
"C:\ProgramData\Audio" deleted
"C:\ProgramData\filter" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\tz8wth7o.default
user_pref("browser.startup.homepage", "about:blank");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [11/07/2014 08:33 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\tz8wth7o.default
- InFormEnter - %ProfilePath%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Undetermined - low_quality_flash@pie2k.com
- Undetermined - {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
- Undetermined - {5546F97E-11A5-46b0-9082-32AD74AAA920}
- Undetermined - {5872365e-67d1-4afd-9480-fd293bebd20d}
- Undetermined - {c1970c0d-dbe6-4d91-804f-c9c0de643a57}
- Undetermined - yesscript@userstyles.org
- Undetermined - support@lastpass.com
- Undetermined - netvideohunter@netvideohunter.com
- Undetermined - {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
- Undetermined - craigslistpeek@tech4computer
- Undetermined - bookmark_video@myvidster.com
- Undetermined - {74591c01-3a7f-469e-ad4e-5d8d708dc4c5}
- Undetermined - {F003DA68-8256-4b37-A6C4-350FA04494DF}
- Undetermined - {a7c6cf7f-112c-4500-a7ea-39801a327e5f}
- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Undetermined - {53aa9e4c-314d-5835-33f2-84b0e283e9e6}
- Undetermined - artur.dubovoy@gmail.com
- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Low Quality Flash - %ProfilePath%\extensions\low_quality_flash@pie2k.com
- NetVideoHunter - %ProfilePath%\extensions\netvideohunter@netvideohunter.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Zoom It - %ProfilePath%\extensions\{53aa9e4c-314d-5835-33f2-84b0e283e9e6}
- InFormEnter - %ProfilePath%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
- PasswordMaker - %ProfilePath%\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Video Bookmarks - %ProfilePath%\extensions\bookmark_video@myvidster.com.xpi
- Craigslist Peek - %ProfilePath%\extensions\craigslistpeek@tech4computer.xpi
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- Nimbus Screen Capture - editable screenshots. - %ProfilePath%\extensions\nimbusscreencaptureff@everhelper.me.xpi
- YesScript - %ProfilePath%\extensions\yesscript@userstyles.org.xpi
- Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
- Search with Google - %ProfilePath%\extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi
- QuickNote - %ProfilePath%\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi
- NoRedirect - %ProfilePath%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
- Yahoo Mail Hide Ad Panel - %ProfilePath%\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
Profilepath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default
0FC325593893749364EC4A733E7D9100 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
EE7CA71B42E3CFEBD16C4C0B08EC7292 - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll - Samsung Link PC Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
==== Deleted Firefox Extensions ======================
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\extensions\{53aa9e4c-314d-5835-33f2-84b0e283e9e6} deleted
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.94 (Up to date, latest Stable version: 40.0.2214.94)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pmnjbmphbleidpnikdjpjgpcfbabcndn - C:\Users\Rick\AppData\Local\CRE\pmnjbmphbleidpnikdjpjgpcfbabcndn.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pmnjbmphbleidpnikdjpjgpcfbabcndn - C:\Users\Rick\AppData\Local\CRE\pmnjbmphbleidpnikdjpjgpcfbabcndn.crx[]
Google Voice Search Hotword (Beta) - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
LastPass - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
FormBox - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmlndilechkgihmfachaeoaencjnmbd
Craigslist Preview - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbgcbedienblgnfeecolmmcgocefnf
InternetHelper - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn
==== Chromium Fix ======================
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmnjbmphbleidpnikdjpjgpcfbabcndn_0.localstorage deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmnjbmphbleidpnikdjpjgpcfbabcndn_0.localstorage-journal deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pmnjbmphbleidpnikdjpjgpcfbabcndn_0 deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.adam4adam.com/"
"Default_Page_URL"="http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360310w835l04f4z1h5a44k2y273"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.adam4adam.com/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{275B34D9-85B0-FC5F-71DB-5365548789A1} Google Url="http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7ACGW_enUS371US371"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1019672845-1618669503-3218648306-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoWebCamera deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\tz8wth7o.default\Cache emptied successfully
C:\Users\Rick\AppData\Local\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765\Cache emptied successfully
C:\Users\Rick\AppData\Local\Mozilla\Firefox\Profiles\yrhoyue0.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3606 folders=293 342196776 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp will be emptied at reboot
C:\Users\Rick\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Rick\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn" not found
==== EOF on Wed 02/04/2015 at 14:41:47.50 ======================
Zoek.exe v5.0.0.0 Updated 03-February-2015
Tool run by Rick on Wed 02/04/2015 at 14:13:07.04.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rick\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
2/4/2015 2:17:21 PM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\NewTech Infosystems deleted successfully
C:\PROGRA~2\Realtek deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~2\Screen Calipers 1.5 deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\WordPress deleted successfully
C:\PROGRA~3\RealNetworks deleted successfully
C:\Users\Rick\AppData\Roaming\dlg deleted successfully
C:\Users\Rick\AppData\Roaming\SanDisk deleted successfully
C:\Users\Rick\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Rick\AppData\Local\cache deleted successfully
C:\Users\Rick\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Rick\AppData\Local\Nikon deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1019672845-1618669503-3218648306-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\tz8wth7o.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20150204_0232_.backup
ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20150204_0232_.backup
ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765
prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Batch Command(s) Run By Tool======================
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
==== Deleting Files \ Folders ======================
C:\Users\Rick\.android deleted
C:\PROGRA~2\GUT1CC4.tmp deleted
C:\PROGRA~2\GUM1C84.tmp deleted
C:\PROGRA~2\WordPerfect Office 11 deleted
C:\PROGRA~2\Universal Extractor deleted
C:\PROGRA~2\The Weather Channel deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\Guest\AppData\Roaming\Yahoo! deleted
C:\Users\Rick\AppData\Roaming\Yahoo! deleted
C:\windows\SysNative\ColorMedia64.dll deleted
C:\Users\Rick\Downloads\couponprinter.exe deleted
C:\Users\Rick\AppData\LocalLow\Yahoo! deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\SETD66F.tmp deleted
C:\Windows\Syswow64\SETD836.tmp deleted
C:\Windows\SysWOW64\ColorMedia.dll deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\CT2117678 deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765\extensions\staged deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\conduit deleted
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\ConduitEngine deleted
"C:\Users\Rick\AppData\Local\26415dded4206f3c5e8fdc26218ddcde" deleted
"C:\Users\Rick\AppData\Roaming\AccountTypes" deleted
"C:\Users\Rick\AppData\Roaming\Applause and Laugher" deleted
"C:\Users\Rick\AppData\Roaming\FOUEA" deleted
"C:\Windows\tasks\FOUEA.job" deleted
"C:\Windows\SysNative\tasks\FOUEA" deleted
"C:\Users\Rick\AppData\Roaming\GMQCEMRK" deleted
"C:\Windows\tasks\GMQCEMRK.job" deleted
"C:\Windows\SysNative\tasks\GMQCEMRK" deleted
"C:\Users\Rick\AppData\Roaming\grep" deleted
"C:\Users\Rick\AppData\Roaming\vhosts" deleted
"C:\ProgramData\Audio" deleted
"C:\ProgramData\filter" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\tz8wth7o.default
user_pref("browser.startup.homepage", "about:blank");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [11/07/2014 08:33 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\tz8wth7o.default
- InFormEnter - %ProfilePath%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Undetermined - low_quality_flash@pie2k.com
- Undetermined - {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
- Undetermined - {5546F97E-11A5-46b0-9082-32AD74AAA920}
- Undetermined - {5872365e-67d1-4afd-9480-fd293bebd20d}
- Undetermined - {c1970c0d-dbe6-4d91-804f-c9c0de643a57}
- Undetermined - yesscript@userstyles.org
- Undetermined - support@lastpass.com
- Undetermined - netvideohunter@netvideohunter.com
- Undetermined - {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
- Undetermined - craigslistpeek@tech4computer
- Undetermined - bookmark_video@myvidster.com
- Undetermined - {74591c01-3a7f-469e-ad4e-5d8d708dc4c5}
- Undetermined - {F003DA68-8256-4b37-A6C4-350FA04494DF}
- Undetermined - {a7c6cf7f-112c-4500-a7ea-39801a327e5f}
- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Undetermined - {53aa9e4c-314d-5835-33f2-84b0e283e9e6}
- Undetermined - artur.dubovoy@gmail.com
- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Low Quality Flash - %ProfilePath%\extensions\low_quality_flash@pie2k.com
- NetVideoHunter - %ProfilePath%\extensions\netvideohunter@netvideohunter.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Zoom It - %ProfilePath%\extensions\{53aa9e4c-314d-5835-33f2-84b0e283e9e6}
- InFormEnter - %ProfilePath%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
- PasswordMaker - %ProfilePath%\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Video Bookmarks - %ProfilePath%\extensions\bookmark_video@myvidster.com.xpi
- Craigslist Peek - %ProfilePath%\extensions\craigslistpeek@tech4computer.xpi
- Gmail Notifier restartless - %ProfilePath%\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
- Nimbus Screen Capture - editable screenshots. - %ProfilePath%\extensions\nimbusscreencaptureff@everhelper.me.xpi
- YesScript - %ProfilePath%\extensions\yesscript@userstyles.org.xpi
- Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
- Search with Google - %ProfilePath%\extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi
- QuickNote - %ProfilePath%\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi
- NoRedirect - %ProfilePath%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
- Yahoo Mail Hide Ad Panel - %ProfilePath%\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
Profilepath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default
0FC325593893749364EC4A733E7D9100 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
EE7CA71B42E3CFEBD16C4C0B08EC7292 - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll - Samsung Link PC Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
==== Deleted Firefox Extensions ======================
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\yrhoyue0.default\extensions\{53aa9e4c-314d-5835-33f2-84b0e283e9e6} deleted
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.94 (Up to date, latest Stable version: 40.0.2214.94)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pmnjbmphbleidpnikdjpjgpcfbabcndn - C:\Users\Rick\AppData\Local\CRE\pmnjbmphbleidpnikdjpjgpcfbabcndn.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pmnjbmphbleidpnikdjpjgpcfbabcndn - C:\Users\Rick\AppData\Local\CRE\pmnjbmphbleidpnikdjpjgpcfbabcndn.crx[]
Google Voice Search Hotword (Beta) - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
LastPass - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
FormBox - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmlndilechkgihmfachaeoaencjnmbd
Craigslist Preview - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbgcbedienblgnfeecolmmcgocefnf
InternetHelper - Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn
==== Chromium Fix ======================
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmnjbmphbleidpnikdjpjgpcfbabcndn_0.localstorage deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmnjbmphbleidpnikdjpjgpcfbabcndn_0.localstorage-journal deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pmnjbmphbleidpnikdjpjgpcfbabcndn_0 deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.adam4adam.com/"
"Default_Page_URL"="http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360310w835l04f4z1h5a44k2y273"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.adam4adam.com/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{275B34D9-85B0-FC5F-71DB-5365548789A1} Google Url="http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7ACGW_enUS371US371"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1019672845-1618669503-3218648306-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoWebCamera deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rick\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\tz8wth7o.default\Cache emptied successfully
C:\Users\Rick\AppData\Local\Mozilla\Firefox\Profiles\7ppe44ot.default-1340415719765\Cache emptied successfully
C:\Users\Rick\AppData\Local\Mozilla\Firefox\Profiles\yrhoyue0.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3606 folders=293 342196776 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp will be emptied at reboot
C:\Users\Rick\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Rick\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn" not found
==== EOF on Wed 02/04/2015 at 14:41:47.50 ======================
- Mar 8, 2013
- 22,627
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Many of my browser settings have been modified/altered/reset but since the last boot (after running zoek) I have not had a single ad pop-up. I doubt that the problem is magically gone but I thought I'd mention that. Here are the updated files you requested.
- Mar 8, 2013
- 22,627
well, aside from my browser settings being altered, yes, everything appears to be working fine. I'm not getting any more pop-up ads, no ads in new tabs and no ads in new windows. But, what did we do?
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Let's make one more scan:
Scan with Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
Please download Malwarebytes Anti-Malware and save it to your desktop.
- Install the progam and select update.
- Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
- Click the Scan tab, choose Threat Scan is checked and click Scan Now.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs and double-click the Scan Log.
- At the bottom click Export and choose Text file.
Nothing detected.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/4/2015
Scan Time: 3:54:05 PM
Logfile: MB ScanLog.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.04.10
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rick
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421028
Time Elapsed: 27 min, 48 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/4/2015
Scan Time: 3:54:05 PM
Logfile: MB ScanLog.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.04.10
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rick
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421028
Time Elapsed: 27 min, 48 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
- Mar 8, 2013
- 22,627
Excellent. Then, we're done 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself
MUST READ - security tips:
MUST READ - general maintenance:
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.
TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
Adblock - to surf the web without annoying ads!
Download DelFix by Xplode and save it to your desktop.
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Stay safe,
TwinHeadedEagle
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself
Recommended reading:
- Computer Security - a short guide to staying safer online.
- Simple and easy ways to keep your computer safe and secure on the Internet
The Importance of Software Updating:
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.
Recommended additional software:
Post-cleanup procedures:
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the
icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run and wait until the tool completes his work.
- All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
Tool deletes old system restore points and create a fresh system restore point after cleaning.
My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
Stay safe,
TwinHeadedEagle
Similar threads
