Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ad opens in new tab across all browsers
Message
<blockquote data-quote="Flyingfuzz" data-source="post: 302312" data-attributes="member: 30954"><p>Hi TwinHeadedEagle, thanks for your help in this matter.</p><p></p><p>Log from zoek.</p><p>Zoek.exe v5.0.0.0 Updated 19-November-2014</p><p>Tool run by Keith on 20/11/2014 at 13:49:28.77.</p><p>Microsoft Windows 8.1 Pro 6.3.9600 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: D:\Users\Keith\Downloads\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== System Restore Info ======================</p><p></p><p>20/11/2014 13:54:31 Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D48AA73-1A7-4E34-B1FB-4C243ADFBBA1} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26ABBDF8-8ACC-41BE-875E-518B97B24419} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F1A452C-DC7D-4B78-B62-B599F24C6810} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD869D9-A9C5-4A9C-AE3A-539ACD94D562} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CF0499F-FE09-44D9-A7E9-FFCA4A151854} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8846B49B-51B4-4309-9DE4-CDB11D5C1089} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93788FAB-1CBC-4643-AF5E-D099FFCD7A91} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{958B544E-7F20-4ED8-895F-3C6CD26DBA3} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99DCE4A6-91FF-402E-9358-EB98501DF75} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7C778B9-8554-402F-82E-C32E99CF21AD} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A84126BA-B3FF-4E1C-AE70-24BD4CE6FD1E} deleted successfully</p><p>HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C60C7D2A-BDF6-473E-931E-5A393DD3CE57} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\Users\Keith\Desktop\Continue Download &amp not found</p><p>C:\Users\Keith\AppData\LocalLow\{8259662E-521C-1C81-D4A4-D92FC36F7C7C} deleted</p><p>C:\Users\Keith\AppData\LocalLow\{8370D833-5776-278B-6B84-47BCC525382F} deleted</p><p>C:\Users\Keith\AppData\LocalLow\{8ED36994-BF5E-D8D8-69AF-6D148886895F} deleted</p><p>C:\Users\Keith\AppData\Local\Packages\windows_ie_ac_001\AC\{8259662E-521C-1C81-D4A4-D92FC36F7C7C} deleted</p><p>C:\Users\Keith\AppData\Local\Packages\windows_ie_ac_001\AC\{8370D833-5776-278B-6B84-47BCC525382F} deleted</p><p>C:\Users\Keith\AppData\Local\Packages\windows_ie_ac_001\AC\{8ED36994-BF5E-D8D8-69AF-6D148886895F} deleted</p><p>C:\Users\Keith\.android deleted</p><p>C:\Users\Keith\AppData\Roaming\WB.CFG deleted</p><p>C:\Users\Keith\AppData\Roaming\Wondershare deleted</p><p>C:\Users\Keith\AppData\Local\CRE deleted</p><p>C:\Users\Keith\AppData\Local\cache deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted</p><p>C:\Users\Keith\AppData\LocalLow\{A44D5795-7046-1A82-5094-5B7B7F8EA228} deleted</p><p>C:\WINDOWS\SysNative\config\systemprofile\Searches deleted</p><p>C:\windows\SysNative\GroupPolicy\Machine deleted</p><p>C:\windows\SysNative\GroupPolicy\User deleted</p><p>C:\windows\SysNative\GroupPolicy\GPT.INI deleted</p><p>C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted</p><p>C:\WINDOWS\SysWow64\searchplugins deleted</p><p>C:\WINDOWS\SysWow64\Extensions deleted</p><p>"C:\Users\Keith\AppData\Roaming\HQJAV" deleted</p><p>"C:\WINDOWS\tasks\HQJAV.job" deleted</p><p>"C:\WINDOWS\SysNative\tasks\HQJAV" deleted</p><p>"C:\Users\Keith\AppData\Roaming\OYE" deleted</p><p>"C:\WINDOWS\tasks\OYE.job" deleted</p><p>"C:\WINDOWS\SysNative\tasks\OYE" deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]</p><p>"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 10:36]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\dpgid0dr.default</p><p>- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\<a href="mailto:firefox-hotfix@mozilla.org.xpi">firefox-hotfix@mozilla.org.xpi</a></p><p></p><p>ProfilePath: C:\Users\Keith\AppData\Roaming\TomTom\HOME\Profiles\irvd8pcj.default</p><p>- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\<a href="mailto:MapShare-status@tomtom.com">MapShare-status@tomtom.com</a></p><p>- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\<a href="mailto:baseTheme@tomtom.com">baseTheme@tomtom.com</a></p><p>- Emulator - %ProfilePath%\extensions\<a href="mailto:Navcore.9.510.1234792@tomtom.com">Navcore.9.510.1234792@tomtom.com</a></p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\dpgid0dr.default</p><p>67D325B5AEB28E381B84E8DE1A90C7A8 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash</p><p></p><p></p><p>==== Fake Chromium Profiles Check ======================</p><p></p><p>Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted</p><p>Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted</p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>lfoibgciimcbjkngfcdkebkgbecoeimf - C:\Users\Keith\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx[]</p><p>pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[19/10/2014 18:34]</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions</p><p>apdfllckaahabafndbhieahigkjlhalf - C:\Users\Keith\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]</p><p>lfoibgciimcbjkngfcdkebkgbecoeimf - C:\Users\Keith\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx[]</p><p></p><p>Docs - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake</p><p>Docs - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake</p><p>Google Voice Search Hotword (Beta) - Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>AdBlock - Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom</p><p>RoboForm - Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob</p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully</p><p>C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.re-newbury.co.uk/" target="_blank">http://www.re-newbury.co.uk/</a>"</p><p>"Use Search Asst"="yes"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"Default"="<a href="http://www.google.com" target="_blank">www.google.com</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]</p><p>"Default"="<a href="http://www.google.com" target="_blank">www.google.com</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"Default"="<a href="http://www.google.com" target="_blank">www.google.com</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.re-newbury.co.uk/" target="_blank">http://www.re-newbury.co.uk/</a>"</p><p>"Use Search Asst"="no"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"(Default)"="<a href="http://search.msn.com/results.asp?q=%s" target="_blank">http://search.msn.com/results.asp?q=%s</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]</p><p>"(Default)"="<a href="http://search.msn.com/results.asp?q=%s" target="_blank">http://search.msn.com/results.asp?q=%s</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"(Default)"="<a href="http://search.msn.com/results.asp?q=%s" target="_blank">http://search.msn.com/results.asp?q=%s</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\135aaf6a-701e-4949-98ba-7168d9ca3cb3 deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lfoibgciimcbjkngfcdkebkgbecoeimf deleted successfully</p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully</p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lfoibgciimcbjkngfcdkebkgbecoeimf deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Keith\AppData\Local\Mozilla\Firefox\Profiles\dpgid0dr.default\Cache emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p>C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p>C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=589 folders=191 26781643 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\Keith\AppData\Local\Temp will be emptied at reboot</p><p>C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot</p><p>C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\WINDOWS\Temp successfully emptied</p><p>C:\Users\Keith\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found</p><p></p><p>==== EOF on 20/11/2014 at 14:08:25.73 ======================</p></blockquote><p></p>
[QUOTE="Flyingfuzz, post: 302312, member: 30954"] Hi TwinHeadedEagle, thanks for your help in this matter. Log from zoek. Zoek.exe v5.0.0.0 Updated 19-November-2014 Tool run by Keith on 20/11/2014 at 13:49:28.77. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Users\Keith\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 20/11/2014 13:54:31 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D48AA73-1A7-4E34-B1FB-4C243ADFBBA1} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26ABBDF8-8ACC-41BE-875E-518B97B24419} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F1A452C-DC7D-4B78-B62-B599F24C6810} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD869D9-A9C5-4A9C-AE3A-539ACD94D562} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CF0499F-FE09-44D9-A7E9-FFCA4A151854} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8846B49B-51B4-4309-9DE4-CDB11D5C1089} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93788FAB-1CBC-4643-AF5E-D099FFCD7A91} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{958B544E-7F20-4ED8-895F-3C6CD26DBA3} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99DCE4A6-91FF-402E-9358-EB98501DF75} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7C778B9-8554-402F-82E-C32E99CF21AD} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A84126BA-B3FF-4E1C-AE70-24BD4CE6FD1E} deleted successfully HKEY_USERS\S-1-5-21-325601912-3133953203-193938200-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C60C7D2A-BDF6-473E-931E-5A393DD3CE57} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\Users\Keith\Desktop\Continue Download & not found C:\Users\Keith\AppData\LocalLow\{8259662E-521C-1C81-D4A4-D92FC36F7C7C} deleted C:\Users\Keith\AppData\LocalLow\{8370D833-5776-278B-6B84-47BCC525382F} deleted C:\Users\Keith\AppData\LocalLow\{8ED36994-BF5E-D8D8-69AF-6D148886895F} deleted C:\Users\Keith\AppData\Local\Packages\windows_ie_ac_001\AC\{8259662E-521C-1C81-D4A4-D92FC36F7C7C} deleted C:\Users\Keith\AppData\Local\Packages\windows_ie_ac_001\AC\{8370D833-5776-278B-6B84-47BCC525382F} deleted C:\Users\Keith\AppData\Local\Packages\windows_ie_ac_001\AC\{8ED36994-BF5E-D8D8-69AF-6D148886895F} deleted C:\Users\Keith\.android deleted C:\Users\Keith\AppData\Roaming\WB.CFG deleted C:\Users\Keith\AppData\Roaming\Wondershare deleted C:\Users\Keith\AppData\Local\CRE deleted C:\Users\Keith\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Keith\AppData\LocalLow\{A44D5795-7046-1A82-5094-5B7B7F8EA228} deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\SysWow64\searchplugins deleted C:\WINDOWS\SysWow64\Extensions deleted "C:\Users\Keith\AppData\Roaming\HQJAV" deleted "C:\WINDOWS\tasks\HQJAV.job" deleted "C:\WINDOWS\SysNative\tasks\HQJAV" deleted "C:\Users\Keith\AppData\Roaming\OYE" deleted "C:\WINDOWS\tasks\OYE.job" deleted "C:\WINDOWS\SysNative\tasks\OYE" deleted ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 10:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\dpgid0dr.default - Firefox Old Version Update Hotfix - %ProfilePath%\extensions\[email]firefox-hotfix@mozilla.org.xpi[/email] ProfilePath: C:\Users\Keith\AppData\Roaming\TomTom\HOME\Profiles\irvd8pcj.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email]MapShare-status@tomtom.com[/email] - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email]baseTheme@tomtom.com[/email] - Emulator - %ProfilePath%\extensions\[email]Navcore.9.510.1234792@tomtom.com[/email] AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\dpgid0dr.default 67D325B5AEB28E381B84E8DE1A90C7A8 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lfoibgciimcbjkngfcdkebkgbecoeimf - C:\Users\Keith\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx[] pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[19/10/2014 18:34] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Keith\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[] lfoibgciimcbjkngfcdkebkgbecoeimf - C:\Users\Keith\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx[] Docs - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Docs - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Voice Search Hotword (Beta) - Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn AdBlock - Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom RoboForm - Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob ==== Chromium Fix ====================== C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.re-newbury.co.uk/[/url]" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="[url="http://www.google.com"]www.google.com[/url]" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="[url="http://www.google.com"]www.google.com[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="[url="http://www.google.com"]www.google.com[/url]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.re-newbury.co.uk/[/url]" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="[url]http://search.msn.com/results.asp?q=%s[/url]" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="[url]http://search.msn.com/results.asp?q=%s[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="[url]http://search.msn.com/results.asp?q=%s[/url]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02[/url]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\135aaf6a-701e-4949-98ba-7168d9ca3cb3 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lfoibgciimcbjkngfcdkebkgbecoeimf deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lfoibgciimcbjkngfcdkebkgbecoeimf deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Keith\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Keith\AppData\Local\Mozilla\Firefox\Profiles\dpgid0dr.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=589 folders=191 26781643 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Keith\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Keith\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on 20/11/2014 at 14:08:25.73 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top