Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Would like help removing astromenda
Message
<blockquote data-quote="Bernynhel" data-source="post: 297978" data-attributes="member: 29955"><p>Its mighty nice of you to help all of these people and I appreciate it. Thanks! - Bill</p><p></p><p></p><p>Zoek.exe v5.0.0.0 Updated 11-November-2014</p><p>Tool run by bernynhel on Wed 11/12/2014 at 7:45:25.60.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\bernynhel\Downloads\zoek (1).exe [Scan all users] [Script inserted] </p><p></p><p>==== System Restore Info ======================</p><p></p><p>11/12/2014 7:54:01 AM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} deleted successfully</p><p>HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{51B21956-592C-47C3-AC00-D3DDB1AD0304} deleted successfully</p><p>HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A00AC02E-DC8D-4D61-AF5C-7D9EFC15D48C} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\70e6ca8c deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\70e6ca8c deleted successfully</p><p></p><p>==== FireFox Fix ======================</p><p></p><p>ProfilePath: C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default</p><p></p><p>---- Lines astrmndasr removed from user.js ----</p><p></p><p>user_pref("extensions.astrmndasr.hmpg", true);</p><p>user_pref("extensions.astrmndasr.hmpgUrl", "<a href="http://astromenda.com/?f=1&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=" target="_blank">http://astromenda.com/?f=1&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=</a>");</p><p>user_pref("extensions.astrmndasr.dfltSrch", true);</p><p>user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");</p><p>user_pref("extensions.astrmndasr.dnsErr", true);</p><p>user_pref("extensions.astrmndasr_i.newTab", true);</p><p>user_pref("extensions.astrmndasr.newTabUrl", "<a href="http://astromenda.com/?f=2&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=" target="_blank">http://astromenda.com/?f=2&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=</a>");</p><p>user_pref("extensions.astrmndasr.tlbrSrchUrl", "<a href="http://astromenda.com/?f=3&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=&q=" target="_blank">http://astromenda.com/?f=3&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=&q=</a>");</p><p>user_pref("extensions.astrmndasr.id", "7C4FB507C486BE5A");</p><p>user_pref("extensions.astrmndasr.instlDay", "16364");</p><p>user_pref("extensions.astrmndasr.vrsn", "");</p><p>user_pref("extensions.astrmndasr.vrsni", "");</p><p>user_pref("extensions.astrmndasr_i.vrsnTs", "13:24:58");</p><p>user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");</p><p>user_pref("extensions.astrmndasr.prdct", "astrmndasr");</p><p>user_pref("extensions.astrmndasr.aflt", "ast_ggfc_14_43_ch");</p><p>user_pref("extensions.astrmndasr_i.smplGrp", "none");</p><p>user_pref("extensions.astrmndasr.tlbrId", "");</p><p>user_pref("extensions.astrmndasr.instlRef", "142905_a");</p><p>user_pref("extensions.astrmndasr.dfltLng", "");</p><p>user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}");</p><p>user_pref("extensions.astrmndasr.excTlbr", false);</p><p>user_pref("extensions.astrmndasr.cr", "1543690085");</p><p>user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q");</p><p>user_pref("extensions.astrmndasr.AL", 4);</p><p></p><p>---- Lines Adanak removed from prefs.js ----</p><p>user_pref("extensions.Adanak.asul", "1407997964699");</p><p>user_pref("extensions.Adanak.aul", "1407996473239");</p><p>user_pref("extensions.Adanak.irl", true);</p><p>user_pref("extensions.Adanak.is", "EF23DDUS");</p><p>user_pref("extensions.Adanak.ug", "10788068-D4A3-4128-A1F2-6A11F6802B2B");</p><p>---- Lines Deal Keeper removed from prefs.js ----</p><p>user_pref("extensions.Deal Keeper.asul", "1407006451881");</p><p>user_pref("extensions.Deal Keeper.aul", "1406787845660");</p><p>user_pref("extensions.Deal Keeper.irl", true);</p><p>user_pref("extensions.Deal Keeper.is", "isgizzUS");</p><p>user_pref("extensions.Deal Keeper.ug", "7B91B718-C54B-4DDD-BB17-F02AA94FCDD4");</p><p>---- Lines astrmndant removed from prefs.js ----</p><p>user_pref("extensions.astrmndant.aflt", "ast_dnldstr_14_31_ff");</p><p>user_pref("extensions.astrmndant.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0SzyyEtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1</p><p>user_pref("extensions.astrmndant.cr", "289358700");</p><p>user_pref("extensions.astrmndant.data.1c4755f318c6fdb260c47f26d0a24f0ca", "1");</p><p>user_pref("extensions.astrmndant.data.activeDate", "20141013");</p><p>user_pref("extensions.astrmndant.data.aliveDate", "20141013");</p><p>user_pref("extensions.astrmndant.data.ch_dv2", "true");</p><p>user_pref("extensions.astrmndant.data.instlDate", "20140728");</p><p>user_pref("extensions.astrmndant.data.ntopen", "23554291");</p><p>user_pref("extensions.astrmndant.general.content", "favorites-6dd849c03955c143ef307f40b5ea2ca5");</p><p>user_pref("extensions.astrmndant.general.firstRun", false);</p><p>user_pref("extensions.astrmndant.general.guid", "34530e2a-5f73-4b14-babc-04f6776ac01a");</p><p>user_pref("extensions.astrmndant.general.version", "5.1");</p><p>user_pref("extensions.astrmndant.instlRef", "142905_b");</p><p>---- Lines astrmndant removed from user.js ----</p><p></p><p>user_pref("extensions.astrmndant.aflt", "ast_dnldstr_14_31_ff");</p><p>user_pref("extensions.astrmndant.instlRef", "142905_b");</p><p>user_pref("extensions.astrmndant.cr", "289358700");</p><p>user_pref("extensions.astrmndant.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0SzyyEtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyzzzz0F0EtCtDtGzz0EyCtBtGzztCtAtAtG0C0E0CzytGyDyC0EtDyD0AzyyD0DtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0A0EtAtB0BzytG0A0C0B0DtG0B0E0A0BtG0EyEzz0CtGyEtBtBzytByEyCyB0Czy0AyD2Q");</p><p></p><p>---- Lines Astromenda removed from prefs.js ----</p><p>user_pref("browser.search.selectedEngine", "Astromenda");</p><p>user_pref("browser.startup.homepage", "<a href="http://astromenda.com/?f=1&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCt" target="_blank">http://astromenda.com/?f=1&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCt</a></p><p>---- Lines Customized removed from prefs.js ----</p><p>user_pref("extensions.testpilot.alreadyCustomizedToolbar", true);</p><p>---- Lines browser.startup.page removed from prefs.js ----</p><p>user_pref("browser.startup.page", 3);</p><p>---- FireFox user.js and prefs.js backups ---- </p><p></p><p>user_20141112_0808_.backup</p><p>prefs_20141112_0808_.backup</p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~2\Coupons deleted</p><p>C:\PROGRA~2\Tweaks deleted</p><p>C:\PROGRA~2\LuckyTab deleted</p><p>C:\Users\bernynhel\AppData\Roaming\WB.CFG deleted</p><p>C:\Users\bernynhel\AppData\Roaming\ZoomBrowser EX deleted</p><p>C:\Users\bernynhel\AppData\Roaming\PCCUStubInstaller deleted</p><p>C:\Users\bernynhel\AppData\Roaming\Astromenda deleted</p><p>C:\Users\bernynhel\AppData\Roaming\YourFileDownloader deleted</p><p>C:\PROGRA~3\APN deleted</p><p>C:\PROGRA~3\Yahoo! deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener deleted</p><p>C:\windows\SysNative\tasks\LuckyTab deleted</p><p>C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted</p><p>C:\windows\SysNative\tasks\YourFile DownloaderUpdate deleted</p><p>C:\windows\SysNative\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys deleted</p><p>C:\windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\Users\bernynhel\Documents\Optimizer Pro deleted</p><p>C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\jetpack deleted</p><p>C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\staged deleted</p><p>C:\Users\Public\Desktop\FileOpener.lnk deleted</p><p>C:\Users\bernynhel\Desktop\Continue File Opener Installation.lnk deleted</p><p>C:\Users\bernynhel\AppData\Local\74433833dsisetup744406352.exe deleted</p><p>C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\astrmndant deleted</p><p>"C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\searchplugins\Astromenda.xml" deleted</p><p>"C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{849ded12-59e9-4dae-8f86-918b70d213dc}" deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:bdwteff@bitdefender.com">bdwteff@bitdefender.com</a>"="C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [07/11/2014 04:33 PM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default</p><p>- DoNotTrackMe - C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\<a href="mailto:donottrackplus@abine.com">donottrackplus@abine.com</a></p><p>- Empty Cache Button - C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}</p><p>- DoNotTrackMe - %ProfilePath%\extensions\<a href="mailto:donottrackplus@abine.com">donottrackplus@abine.com</a></p><p>- Empty Cache Button - %ProfilePath%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}</p><p>- Webroot - %ProfilePath%\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted</p><p>- Instrument Test - %ProfilePath%\extensions\<a href="mailto:testpilot@labs.mozilla.com.xpi">testpilot@labs.mozilla.com.xpi</a></p><p>- Undo Closed Tabs Button - %ProfilePath%\extensions\<a href="mailto:undoclosedtabsbutton@supernova00.biz.xpi">undoclosedtabsbutton@supernova00.biz.xpi</a></p><p>- SaveAS - %ProfilePath%\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8}.xpi</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p>- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default</p><p>F733C59712465B0BD2130BB7C1A6D6E3 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll - Shockwave Flash</p><p>FDF7B2D69F2B7AF5B77124FCCB1DE2FC - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer</p><p></p><p></p><p>==== Deleted Firefox Extensions ======================</p><p></p><p>C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8}.xpi deleted</p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>ccahoghmggldkcdjiebjkidpfongdfbl - No path found[]</p><p>fabcmochhfpldjekobfaaggijgohadih - No path found[]</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions</p><p>apdfllckaahabafndbhieahigkjlhalf - C:\Users\BERNYN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[11/06/2014 08:37 PM]</p><p>lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]</p><p></p><p>Google Voice Search Hotword (Beta) - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>Google Cast - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd</p><p>OneTab - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall</p><p>Netflix - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh</p><p>Google Drive App Launcher - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh</p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.ask.com_0.localstorage" target="_blank">www.ask.com_0.localstorage</a> deleted successfully</p><p>C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.ask.com_0.localstorage-journal" target="_blank">www.ask.com_0.localstorage-journal</a> deleted successfully</p><p>C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage deleted successfully</p><p>C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage-journal deleted successfully</p><p>C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}] not found</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p>{F6A0B469-F4F7-413E-932F-6A2D5629358F} Google Url="<a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF</a>"</p><p>{F784E0A2-C532-4D25-A174-9D1A84B2EFA7} Unknown Url="Not_Found"</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully</p><p>HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F784E0A2-C532-4D25-A174-9D1A84B2EFA7} deleted successfully</p><p>HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p>HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\<a href="mailto:ffpwdman@bitdefender.com">ffpwdman@bitdefender.com</a> deleted successfully</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih deleted successfully</p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\bernynhel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\bernynhel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\bernynhel\AppData\Local\Mozilla\Firefox\Profiles\b5119utl.default\Cache emptied successfully</p><p>C:\Users\bernynhel\AppData\Local\Mozilla\Firefox\Profiles\b5119utl.default\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache is not empty, a reboot is needed</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=208 folders=52 8499188 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\bernynhel\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\windows\Temp successfully emptied</p><p>C:\Users\BERNYN~1\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Users\bernynhel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VFW3YJNM\wpc.61dd.edgecastcdn.net" not found</p><p></p><p>==== EOF on Wed 11/12/2014 at 8:22:34.78 ======================</p></blockquote><p></p>
[QUOTE="Bernynhel, post: 297978, member: 29955"] Its mighty nice of you to help all of these people and I appreciate it. Thanks! - Bill Zoek.exe v5.0.0.0 Updated 11-November-2014 Tool run by bernynhel on Wed 11/12/2014 at 7:45:25.60. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\bernynhel\Downloads\zoek (1).exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11/12/2014 7:54:01 AM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} deleted successfully HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{51B21956-592C-47C3-AC00-D3DDB1AD0304} deleted successfully HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A00AC02E-DC8D-4D61-AF5C-7D9EFC15D48C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\70e6ca8c deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\70e6ca8c deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default ---- Lines astrmndasr removed from user.js ---- user_pref("extensions.astrmndasr.hmpg", true); user_pref("extensions.astrmndasr.hmpgUrl", "[url]http://astromenda.com/?f=1&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=[/url]"); user_pref("extensions.astrmndasr.dfltSrch", true); user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda"); user_pref("extensions.astrmndasr.dnsErr", true); user_pref("extensions.astrmndasr_i.newTab", true); user_pref("extensions.astrmndasr.newTabUrl", "[url]http://astromenda.com/?f=2&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=[/url]"); user_pref("extensions.astrmndasr.tlbrSrchUrl", "[url]http://astromenda.com/?f=3&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q&cr=1543690085&ir=&q=[/url]"); user_pref("extensions.astrmndasr.id", "7C4FB507C486BE5A"); user_pref("extensions.astrmndasr.instlDay", "16364"); user_pref("extensions.astrmndasr.vrsn", ""); user_pref("extensions.astrmndasr.vrsni", ""); user_pref("extensions.astrmndasr_i.vrsnTs", "13:24:58"); user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda"); user_pref("extensions.astrmndasr.prdct", "astrmndasr"); user_pref("extensions.astrmndasr.aflt", "ast_ggfc_14_43_ch"); user_pref("extensions.astrmndasr_i.smplGrp", "none"); user_pref("extensions.astrmndasr.tlbrId", ""); user_pref("extensions.astrmndasr.instlRef", "142905_a"); user_pref("extensions.astrmndasr.dfltLng", ""); user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}"); user_pref("extensions.astrmndasr.excTlbr", false); user_pref("extensions.astrmndasr.cr", "1543690085"); user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCtA0DtCtAtA0BtG0B0B0FyBtG0AzyyDtDtGtAtAyB0AtGyC0A0EyC0EtC0Czy0A0Czz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0A0ByBtD0AzytG0B0B0BtBtGyEyD0D0AtG0AyD0EtAtG0B0CtBtDtBtCyDzz0A0Czz0F2Q"); user_pref("extensions.astrmndasr.AL", 4); ---- Lines Adanak removed from prefs.js ---- user_pref("extensions.Adanak.asul", "1407997964699"); user_pref("extensions.Adanak.aul", "1407996473239"); user_pref("extensions.Adanak.irl", true); user_pref("extensions.Adanak.is", "EF23DDUS"); user_pref("extensions.Adanak.ug", "10788068-D4A3-4128-A1F2-6A11F6802B2B"); ---- Lines Deal Keeper removed from prefs.js ---- user_pref("extensions.Deal Keeper.asul", "1407006451881"); user_pref("extensions.Deal Keeper.aul", "1406787845660"); user_pref("extensions.Deal Keeper.irl", true); user_pref("extensions.Deal Keeper.is", "isgizzUS"); user_pref("extensions.Deal Keeper.ug", "7B91B718-C54B-4DDD-BB17-F02AA94FCDD4"); ---- Lines astrmndant removed from prefs.js ---- user_pref("extensions.astrmndant.aflt", "ast_dnldstr_14_31_ff"); user_pref("extensions.astrmndant.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0SzyyEtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1 user_pref("extensions.astrmndant.cr", "289358700"); user_pref("extensions.astrmndant.data.1c4755f318c6fdb260c47f26d0a24f0ca", "1"); user_pref("extensions.astrmndant.data.activeDate", "20141013"); user_pref("extensions.astrmndant.data.aliveDate", "20141013"); user_pref("extensions.astrmndant.data.ch_dv2", "true"); user_pref("extensions.astrmndant.data.instlDate", "20140728"); user_pref("extensions.astrmndant.data.ntopen", "23554291"); user_pref("extensions.astrmndant.general.content", "favorites-6dd849c03955c143ef307f40b5ea2ca5"); user_pref("extensions.astrmndant.general.firstRun", false); user_pref("extensions.astrmndant.general.guid", "34530e2a-5f73-4b14-babc-04f6776ac01a"); user_pref("extensions.astrmndant.general.version", "5.1"); user_pref("extensions.astrmndant.instlRef", "142905_b"); ---- Lines astrmndant removed from user.js ---- user_pref("extensions.astrmndant.aflt", "ast_dnldstr_14_31_ff"); user_pref("extensions.astrmndant.instlRef", "142905_b"); user_pref("extensions.astrmndant.cr", "289358700"); user_pref("extensions.astrmndant.cd", "2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0SzyyEtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyzzzz0F0EtCtDtGzz0EyCtBtGzztCtAtAtG0C0E0CzytGyDyC0EtDyD0AzyyD0DtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0A0EtAtB0BzytG0A0C0B0DtG0B0E0A0BtG0EyEzz0CtGyEtBtBzytByEyCyB0Czy0AyD2Q"); ---- Lines Astromenda removed from prefs.js ---- user_pref("browser.search.selectedEngine", "Astromenda"); user_pref("browser.startup.homepage", "[url]http://astromenda.com/?f=1&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0CyE0F0ByDtDyB0CyEzzyC0B0EyD0AtN0D0Tzu0StCt[/url] ---- Lines Customized removed from prefs.js ---- user_pref("extensions.testpilot.alreadyCustomizedToolbar", true); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- user_20141112_0808_.backup prefs_20141112_0808_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Coupons deleted C:\PROGRA~2\Tweaks deleted C:\PROGRA~2\LuckyTab deleted C:\Users\bernynhel\AppData\Roaming\WB.CFG deleted C:\Users\bernynhel\AppData\Roaming\ZoomBrowser EX deleted C:\Users\bernynhel\AppData\Roaming\PCCUStubInstaller deleted C:\Users\bernynhel\AppData\Roaming\Astromenda deleted C:\Users\bernynhel\AppData\Roaming\YourFileDownloader deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Yahoo! deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener deleted C:\windows\SysNative\tasks\LuckyTab deleted C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted C:\windows\SysNative\tasks\YourFile DownloaderUpdate deleted C:\windows\SysNative\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\Users\bernynhel\Documents\Optimizer Pro deleted C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\jetpack deleted C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\staged deleted C:\Users\Public\Desktop\FileOpener.lnk deleted C:\Users\bernynhel\Desktop\Continue File Opener Installation.lnk deleted C:\Users\bernynhel\AppData\Local\74433833dsisetup744406352.exe deleted C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\astrmndant deleted "C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\searchplugins\Astromenda.xml" deleted "C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{849ded12-59e9-4dae-8f86-918b70d213dc}" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]bdwteff@bitdefender.com[/email]"="C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [07/11/2014 04:33 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default - DoNotTrackMe - C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\[email]donottrackplus@abine.com[/email] - Empty Cache Button - C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} - DoNotTrackMe - %ProfilePath%\extensions\[email]donottrackplus@abine.com[/email] - Empty Cache Button - %ProfilePath%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} - Webroot - %ProfilePath%\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted - Instrument Test - %ProfilePath%\extensions\[email]testpilot@labs.mozilla.com.xpi[/email] - Undo Closed Tabs Button - %ProfilePath%\extensions\[email]undoclosedtabsbutton@supernova00.biz.xpi[/email] - SaveAS - %ProfilePath%\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\bernynhel\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default F733C59712465B0BD2130BB7C1A6D6E3 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll - Shockwave Flash FDF7B2D69F2B7AF5B77124FCCB1DE2FC - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer ==== Deleted Firefox Extensions ====================== C:\Users\BERNYN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b5119utl.default\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8}.xpi deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - No path found[] fabcmochhfpldjekobfaaggijgohadih - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\BERNYN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[11/06/2014 08:37 PM] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Voice Search Hotword (Beta) - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Google Cast - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd OneTab - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall Netflix - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh Google Drive App Launcher - bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh ==== Chromium Fix ====================== C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_[url="http://www.ask.com_0.localstorage"]www.ask.com_0.localstorage[/url] deleted successfully C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_[url="http://www.ask.com_0.localstorage-journal"]www.ask.com_0.localstorage-journal[/url] deleted successfully C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage deleted successfully C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage-journal deleted successfully C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url]" {F6A0B469-F4F7-413E-932F-6A2D5629358F} Google Url="[url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF[/url]" {F784E0A2-C532-4D25-A174-9D1A84B2EFA7} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully HKEY_USERS\S-1-5-21-204296032-4178023364-1318104935-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F784E0A2-C532-4D25-A174-9D1A84B2EFA7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\[email]ffpwdman@bitdefender.com[/email] deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\bernynhel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\bernynhel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\bernynhel\AppData\Local\Mozilla\Firefox\Profiles\b5119utl.default\Cache emptied successfully C:\Users\bernynhel\AppData\Local\Mozilla\Firefox\Profiles\b5119utl.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\bernynhel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=208 folders=52 8499188 bytes) ==== Empty Temp Folders ====================== C:\Users\bernynhel\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\BERNYN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\bernynhel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VFW3YJNM\wpc.61dd.edgecastcdn.net" not found ==== EOF on Wed 11/12/2014 at 8:22:34.78 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top