Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
SysWOW64/rundll32.exe
Message
<blockquote data-quote="Felipe Cota" data-source="post: 404618" data-attributes="member: 37511"><p>Zoek.exe v5.0.0.0 Updated 04-May-2015</p><p>Tool run by Felipe Cota on 30/06/2015 at 6:56:42,35.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Felipe Cota\Downloads\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== System Restore Info ======================</p><p></p><p>30/06/2015 06:58:17 Zoek.exe System Restore Point Created Successfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\PROGRA~2\AAALOGO deleted successfully</p><p>C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 deleted successfully</p><p>C:\PROGRA~2\Disktrix deleted successfully</p><p>C:\PROGRA~2\FreeTime deleted successfully</p><p>C:\PROGRA~2\IObit deleted successfully</p><p>C:\PROGRA~2\Kalypso Media deleted successfully</p><p>C:\PROGRA~2\MSXML 4.0 deleted successfully</p><p>C:\PROGRA~2\Roxio deleted successfully</p><p>C:\PROGRA~2\WildTangent deleted successfully</p><p>C:\PROGRA~2\Wondershare deleted successfully</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully</p><p>C:\PROGRA~3\Nero deleted successfully</p><p>C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Roaming\BitTorrent Sync deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Roaming\HpUpdate deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Roaming\LogoMaker deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Roaming\Roxio deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Roaming\TeamViewer deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Roaming\VIVO INTERNET deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully</p><p>C:\Users\Felipe Cota\AppData\Local\calibre-cache deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BD7A7647-CE97-447F-B1A9-6C2C23EAFB5D} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~2\AAALOGO not found</p><p>C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 not found</p><p>C:\PROGRA~2\Disktrix not found</p><p>C:\PROGRA~2\FreeTime not found</p><p>C:\PROGRA~2\IObit not found</p><p>C:\PROGRA~2\Kalypso Media not found</p><p>C:\PROGRA~2\Roxio not found</p><p>C:\PROGRA~2\WildTangent not found</p><p>C:\PROGRA~2\Wondershare not found</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found</p><p>C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found</p><p>C:\Users\Felipe Cota\AppData\Roaming\Arduino15 deleted</p><p>C:\Users\Felipe Cota\AppData\Roaming\calibre deleted</p><p>C:\PROGRA~3\fhhpadcigcgkpmlcmgbbmbgllgmcjmcb deleted</p><p>C:\PROGRA~2\unisalees deleted</p><p>C:\PROGRA~2\COMMON~1\Wondershare deleted</p><p>C:\install.exe deleted</p><p>C:\found.000 deleted</p><p>C:\Users\Felipe Cota\AppData\Roaming\IHlpr deleted</p><p>C:\Users\Felipe Cota\AppData\Roaming\Thinstall deleted</p><p>C:\PROGRA~3\Wondershare Video Converter Ultimate deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\Users\Felipe Cota\AppData\Local\Thinstall deleted</p><p>C:\Users\Felipe Cota\AppData\Local\Wondershare deleted</p><p>C:\Users\Felipe Cota\AppData\Local\cache deleted</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted</p><p>C:\Windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\Users\wangzhisong deleted</p><p>C:\Windows\Syswow64\InstallUtil.InstallLog deleted</p><p>C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\jetpack deleted</p><p>C:\Users\Felipe Cota\AppData\Roaming\unins000.exe deleted</p><p>"C:\Windows\Installer\2e6af7.msi" deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com">online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com</a>"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a>" [24/05/2015 17:51]</p><p>[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]</p><p>"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" []</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706</p><p>- FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso</p><p>- GBBD Banco do Brasil - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\bb\xpi</p><p>- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>- NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:<a href="http://www.netvideohunter.com" target="_blank">www.netvideohunter.com</a> em<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />ptionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\<a href="mailto:netvideohunter@netvideohunter.com">netvideohunter@netvideohunter.com</a></p><p>- Ant Video Downloader - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\<a href="mailto:anttoolbar@ant.com">anttoolbar@ant.com</a></p><p>- Flash and Video Download - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}</p><p>- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>- Ant Video Downloader - %ProfilePath%\extensions\<a href="mailto:anttoolbar@ant.com">anttoolbar@ant.com</a></p><p>- NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:<a href="http://www.netvideohunter.com" target="_blank">www.netvideohunter.com</a> em<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />ptionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - %ProfilePath%\extensions\<a href="mailto:netvideohunter@netvideohunter.com">netvideohunter@netvideohunter.com</a></p><p>- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}</p><p>- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706</p><p>FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin</p><p>F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)</p><p>C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)</p><p>A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)</p><p>2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash</p><p>E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Felipe Cota\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104</p><p>7E22425470F2072890C5747F07628846 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil</p><p>D87C0639158DFC59B39E1B804F297B40 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>Google Chrome Version: 43.0.2357.130</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions</p><p>apdfllckaahabafndbhieahigkjlhalf - C:\Users\FELIPE~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[17/02/2015 09:49]</p><p></p><p>RealDownloader - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji</p><p>Lingua.ly - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilcekgoelpgecpjnnoikhbleipnjdhf</p><p>Google Drive App Launcher - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p>"Default_Page_URL"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_CLASSES_ROOT\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully</p><p>HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p>HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873} deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\<a href="mailto:WSVCU@Wondershare.com">WSVCU@Wondershare.com</a> deleted successfully</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent Sync deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_VIVO INTERNET deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Felipe Cota\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Felipe Cota\AppData\Local\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=880 folders=242 324065504 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Felipe Cota\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\USURIO~1\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\FELIPE~1\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== EOF on 30/06/2015 at 7:21:52,98 ======================</p></blockquote><p></p>
[QUOTE="Felipe Cota, post: 404618, member: 37511"] Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Felipe Cota on 30/06/2015 at 6:56:42,35. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Felipe Cota\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 30/06/2015 06:58:17 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AAALOGO deleted successfully C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 deleted successfully C:\PROGRA~2\Disktrix deleted successfully C:\PROGRA~2\FreeTime deleted successfully C:\PROGRA~2\IObit deleted successfully C:\PROGRA~2\Kalypso Media deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Roxio deleted successfully C:\PROGRA~2\WildTangent deleted successfully C:\PROGRA~2\Wondershare deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\Nero deleted successfully C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully C:\Users\Felipe Cota\AppData\Roaming\BitTorrent Sync deleted successfully C:\Users\Felipe Cota\AppData\Roaming\HpUpdate deleted successfully C:\Users\Felipe Cota\AppData\Roaming\LogoMaker deleted successfully C:\Users\Felipe Cota\AppData\Roaming\Roxio deleted successfully C:\Users\Felipe Cota\AppData\Roaming\TeamViewer deleted successfully C:\Users\Felipe Cota\AppData\Roaming\VIVO INTERNET deleted successfully C:\Users\Felipe Cota\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\Felipe Cota\AppData\Local\calibre-cache deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BD7A7647-CE97-447F-B1A9-6C2C23EAFB5D} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AAALOGO not found C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 not found C:\PROGRA~2\Disktrix not found C:\PROGRA~2\FreeTime not found C:\PROGRA~2\IObit not found C:\PROGRA~2\Kalypso Media not found C:\PROGRA~2\Roxio not found C:\PROGRA~2\WildTangent not found C:\PROGRA~2\Wondershare not found C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found C:\Users\Felipe Cota\AppData\Roaming\Arduino15 deleted C:\Users\Felipe Cota\AppData\Roaming\calibre deleted C:\PROGRA~3\fhhpadcigcgkpmlcmgbbmbgllgmcjmcb deleted C:\PROGRA~2\unisalees deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\install.exe deleted C:\found.000 deleted C:\Users\Felipe Cota\AppData\Roaming\IHlpr deleted C:\Users\Felipe Cota\AppData\Roaming\Thinstall deleted C:\PROGRA~3\Wondershare Video Converter Ultimate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Felipe Cota\AppData\Local\Thinstall deleted C:\Users\Felipe Cota\AppData\Local\Wondershare deleted C:\Users\Felipe Cota\AppData\Local\cache deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\wangzhisong deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\jetpack deleted C:\Users\Felipe Cota\AppData\Roaming\unins000.exe deleted "C:\Windows\Installer\2e6af7.msi" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com[/email]"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email]online_banking@kaspersky.com[/email]" [24/05/2015 17:51] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706 - FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso - GBBD Banco do Brasil - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\bb\xpi - Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email]online_banking@kaspersky.com[/email] - NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:[URL="http://www.netvideohunter.com"]www.netvideohunter.com[/URL] em:optionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\[email]netvideohunter@netvideohunter.com[/email] - Ant Video Downloader - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\[email]anttoolbar@ant.com[/email] - Flash and Video Download - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email]content_blocker@kaspersky.com[/email] - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email]virtual_keyboard@kaspersky.com[/email] - Ant Video Downloader - %ProfilePath%\extensions\[email]anttoolbar@ant.com[/email] - NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:[URL="http://www.netvideohunter.com"]www.netvideohunter.com[/URL] em:optionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - %ProfilePath%\extensions\[email]netvideohunter@netvideohunter.com[/email] - Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706 FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) 2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Felipe Cota\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 7E22425470F2072890C5747F07628846 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil D87C0639158DFC59B39E1B804F297B40 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\FELIPE~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[17/02/2015 09:49] RealDownloader - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Lingua.ly - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilcekgoelpgecpjnnoikhbleipnjdhf Google Drive App Launcher - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.google.com/[/URL]" "Default_Page_URL"="[URL]http://www.google.com[/URL]" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.google.com[/URL]" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.google.com[/URL]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" "Start Page"="[URL]http://www.google.com/[/URL]" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[URL]http://www.google.com/search?q={searchTerms}[/URL]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/URL]" ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\[email]WSVCU@Wondershare.com[/email] deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent Sync deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_VIVO INTERNET deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Felipe Cota\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Felipe Cota\AppData\Local\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=880 folders=242 324065504 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Felipe Cota\AppData\Local\Temp will be emptied at reboot C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\FELIPE~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 30/06/2015 at 7:21:52,98 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top