Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
No Internet access after removing Malware
Message
<blockquote data-quote="Kiruvi" data-source="post: 358893" data-attributes="member: 34793"><p>Thank you for your help!</p><p></p><p>The zoek log is below. After rebooting the computer when I got home this afternoon, internet access was working again; I'm a little paranoid as to whether that means the issue is resolved or the infection has returned. I re-ran FRST/aswMBR/adwcleaner and attached the results as well.</p><p></p><p>Zoek.exe v5.0.0.0 Updated 07-March-2015</p><p>Tool run by Aaron on Mon 03/09/2015 at 18:15:30.58.</p><p>Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Aaron\Desktop\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== System Restore Info ======================</p><p></p><p>3/9/2015 6:16:33 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\PROGRA~2\AGEIA Technologies deleted successfully</p><p>C:\PROGRA~2\MSXML 4.0 deleted successfully</p><p>C:\PROGRA~3\ALM deleted successfully</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully</p><p>C:\PROGRA~3\Oracle deleted successfully</p><p>C:\Users\Aaron\AppData\Roaming\GameSave Manager 3 deleted successfully</p><p>C:\Users\Aaron\AppData\Roaming\Opera deleted successfully</p><p>C:\Users\Aaron\AppData\Local\calibre-cache deleted successfully</p><p>C:\Users\Aaron\AppData\Local\VirtualStore deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-1222839750-4111644155-3756804395-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== FireFox Fix ======================</p><p></p><p>ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default</p><p></p><p>user.js not found</p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p>prefs_20150309_0521_.backup</p><p></p><p>ProfilePath: C:\Users\Aaron\AppData\Roaming\Nightingale\Profiles\pxip690p.default</p><p></p><p>user.js not found</p><p>---- Lines Lyric removed from prefs.js ----</p><p>user_pref("extensions.mlyrics.firstrun", false);</p><p>user_pref("extensions.mlyrics.popularity_TERRA", 13);</p><p>user_pref("songbird.displayPanes.displaypane_right_sidebar.lastURL", "chrome://mlyrics/content/xul/pane.xul");</p><p>user_pref("songbird.displaypane.known.chrome://mlyrics/content/xul/pane.xul", "1");</p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p>prefs_20150309_0521_.backup</p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~2\AGEIA Technologies not found</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found</p><p>C:\Users\Aaron\AppData\Roaming\alsoft.ini deleted</p><p>C:\PROGRA~3\InstallMate deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\Windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default\searchplugins\steam-search.xml deleted</p><p>C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default\searchplugins\youtube-video-search.xml deleted</p><p>C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default\jetpack deleted</p><p>"C:\Users\Aaron\AppData\Roaming\PrintingModule" deleted</p><p>"C:\Users\Aaron\AppData\Roaming\PrintsService" deleted</p><p>"C:\Users\Aaron\AppData\Roaming\Profiles" deleted</p><p>"C:\ProgramData\Quartz Composer" deleted</p><p>"C:\ProgramData\Radio Sounds" deleted</p><p>"C:\ProgramData\Receipts" deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:web2pdfextension@web2pdf.adobedotcom">web2pdfextension@web2pdf.adobedotcom</a>"="F:\Programs\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [09/10/2014 08:02 PM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default</p><p>- Undetermined - <a href="mailto:tineye@ideeinc.com">tineye@ideeinc.com</a></p><p>- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}</p><p>- Undetermined - {DDC359D1-844A-42a7-9AA1-88A850A938A8}</p><p>- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</p><p>- Enhanced Steam - %ProfilePath%\extensions\<a href="mailto:jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi">jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi</a></p><p>- YouTube Center - %ProfilePath%\extensions\<a href="mailto:jid1-cwbvBTE216jjpg@jetpack.xpi">jid1-cwbvBTE216jjpg@jetpack.xpi</a></p><p>- Reddit Enhancement Suite - %ProfilePath%\extensions\<a href="mailto:jid1-xUfzOsOFlzSOXg@jetpack.xpi">jid1-xUfzOsOFlzSOXg@jetpack.xpi</a></p><p>- TinEye Reverse Image Search - %ProfilePath%\extensions\<a href="mailto:tineye@ideeinc.com.xpi">tineye@ideeinc.com.xpi</a></p><p>- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi</p><p>- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi</p><p></p><p>ProfilePath: C:\Users\Aaron\AppData\Roaming\Nightingale\Profiles\pxip690p.default</p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:albumart@songbirdnest.com">albumart@songbirdnest.com</a></p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:bluemonday@getnightingale.com">bluemonday@getnightingale.com</a></p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:foldersync-ng@getnightingale.com">foldersync-ng@getnightingale.com</a></p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:foldersync@rsjtdrjgfuzkfg.com">foldersync@rsjtdrjgfuzkfg.com</a></p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:gonzo@songbirdnest.com">gonzo@songbirdnest.com</a></p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:pinkmartini@songbirdnest.com">pinkmartini@songbirdnest.com</a></p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:playlistfolders@getnightingale.com">playlistfolders@getnightingale.com</a></p><p>- Undetermined - F:\Programs\Nightingale\extensions\<a href="mailto:purplerain@songbirdnest.com">purplerain@songbirdnest.com</a></p><p>- MLyrics - %ProfilePath%\extensions\{6039188e-d135-11df-bcc9-c7e1ded72085}</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default</p><p>198BED114015C2671C88FDC32CDCB21D - F:\Programs\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat</p><p>B5371D2C9017EEE216B5361D600B3543 - F:\Programs\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector</p><p>5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director</p><p>8560995C727974F27F2A1CE68909FEB9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll - Shockwave Flash</p><p>0FC325593893749364EC4A733E7D9100 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash</p><p>C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash</p><p>98137411B9C632095F919E2CE70B288A - C:\Users\Aaron\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update</p><p>6C3E34E303DBDCB9F7EC1F7A7F6B1629 - C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer</p><p>2D684F0DDF782C73847BED9503250991 - C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>Chrome Hotword Shared Module - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg</p><p>Giant Bomb Plus - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcimegpkaolfaoabikeekjlhpeeoeeb</p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully</p><p>C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully</p><p>C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully</p><p>C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 239200 deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Aaron\AppData\Local\Mozilla\Firefox\Profiles\dkwnfvqd.default\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=41 folders=38 52199989 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Aaron\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\Aaron\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-8-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found</p><p>"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found</p><p></p><p>==== EOF on Mon 03/09/2015 at 17:25:05.53 ======================</p></blockquote><p></p>
[QUOTE="Kiruvi, post: 358893, member: 34793"] Thank you for your help! The zoek log is below. After rebooting the computer when I got home this afternoon, internet access was working again; I'm a little paranoid as to whether that means the issue is resolved or the infection has returned. I re-ran FRST/aswMBR/adwcleaner and attached the results as well. Zoek.exe v5.0.0.0 Updated 07-March-2015 Tool run by Aaron on Mon 03/09/2015 at 18:15:30.58. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Aaron\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 3/9/2015 6:16:33 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Aaron\AppData\Roaming\GameSave Manager 3 deleted successfully C:\Users\Aaron\AppData\Roaming\Opera deleted successfully C:\Users\Aaron\AppData\Local\calibre-cache deleted successfully C:\Users\Aaron\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1222839750-4111644155-3756804395-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150309_0521_.backup ProfilePath: C:\Users\Aaron\AppData\Roaming\Nightingale\Profiles\pxip690p.default user.js not found ---- Lines Lyric removed from prefs.js ---- user_pref("extensions.mlyrics.firstrun", false); user_pref("extensions.mlyrics.popularity_TERRA", 13); user_pref("songbird.displayPanes.displaypane_right_sidebar.lastURL", "chrome://mlyrics/content/xul/pane.xul"); user_pref("songbird.displaypane.known.chrome://mlyrics/content/xul/pane.xul", "1"); ---- FireFox user.js and prefs.js backups ---- prefs_20150309_0521_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\Users\Aaron\AppData\Roaming\alsoft.ini deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default\searchplugins\steam-search.xml deleted C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default\searchplugins\youtube-video-search.xml deleted C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default\jetpack deleted "C:\Users\Aaron\AppData\Roaming\PrintingModule" deleted "C:\Users\Aaron\AppData\Roaming\PrintsService" deleted "C:\Users\Aaron\AppData\Roaming\Profiles" deleted "C:\ProgramData\Quartz Composer" deleted "C:\ProgramData\Radio Sounds" deleted "C:\ProgramData\Receipts" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]web2pdfextension@web2pdf.adobedotcom[/email]"="F:\Programs\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [09/10/2014 08:02 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default - Undetermined - [email]tineye@ideeinc.com[/email] - Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Undetermined - {DDC359D1-844A-42a7-9AA1-88A850A938A8} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Enhanced Steam - %ProfilePath%\extensions\[email]jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi[/email] - YouTube Center - %ProfilePath%\extensions\[email]jid1-cwbvBTE216jjpg@jetpack.xpi[/email] - Reddit Enhancement Suite - %ProfilePath%\extensions\[email]jid1-xUfzOsOFlzSOXg@jetpack.xpi[/email] - TinEye Reverse Image Search - %ProfilePath%\extensions\[email]tineye@ideeinc.com.xpi[/email] - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi ProfilePath: C:\Users\Aaron\AppData\Roaming\Nightingale\Profiles\pxip690p.default - Undetermined - F:\Programs\Nightingale\extensions\[email]albumart@songbirdnest.com[/email] - Undetermined - F:\Programs\Nightingale\extensions\[email]bluemonday@getnightingale.com[/email] - Undetermined - F:\Programs\Nightingale\extensions\[email]foldersync-ng@getnightingale.com[/email] - Undetermined - F:\Programs\Nightingale\extensions\[email]foldersync@rsjtdrjgfuzkfg.com[/email] - Undetermined - F:\Programs\Nightingale\extensions\[email]gonzo@songbirdnest.com[/email] - Undetermined - F:\Programs\Nightingale\extensions\[email]pinkmartini@songbirdnest.com[/email] - Undetermined - F:\Programs\Nightingale\extensions\[email]playlistfolders@getnightingale.com[/email] - Undetermined - F:\Programs\Nightingale\extensions\[email]purplerain@songbirdnest.com[/email] - MLyrics - %ProfilePath%\extensions\{6039188e-d135-11df-bcc9-c7e1ded72085} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\dkwnfvqd.default 198BED114015C2671C88FDC32CDCB21D - F:\Programs\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat B5371D2C9017EEE216B5361D600B3543 - F:\Programs\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director 8560995C727974F27F2A1CE68909FEB9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll - Shockwave Flash 0FC325593893749364EC4A733E7D9100 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash 98137411B9C632095F919E2CE70B288A - C:\Users\Aaron\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update 6C3E34E303DBDCB9F7EC1F7A7F6B1629 - C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 2D684F0DDF782C73847BED9503250991 - C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin ==== Chromium Look ====================== Chrome Hotword Shared Module - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Giant Bomb Plus - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcimegpkaolfaoabikeekjlhpeeoeeb ==== Chromium Fix ====================== C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[URL]http://www.google.com/search?q={searchTerms}[/URL]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR[/URL]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 239200 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Aaron\AppData\Local\Mozilla\Firefox\Profiles\dkwnfvqd.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=41 folders=38 52199989 bytes) ==== Empty Temp Folders ====================== C:\Users\Aaron\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Aaron\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-8-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on Mon 03/09/2015 at 17:25:05.53 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top