Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Arabyonline.com pop-up/malware
Message
<blockquote data-quote="iHateArabyOnline" data-source="post: 371926" data-attributes="member: 35247"><p>Ran zoek with the last script, anything else I should do now?</p><p></p><p></p><p>Zoek.exe v5.0.0.0 Updated 08-April-2015</p><p>Tool run by Admin on Thu 04/09/2015 at 14:03:57.09.</p><p>Microsoft Windows 7 Professional 6.1.7600 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== Older Logs ======================</p><p></p><p>C:\zoek-results2015-04-09-033957.log 23184 bytes</p><p></p><p>==== System Restore Info ======================</p><p></p><p>4/9/2015 2:05:41 PM Zoek.exe System Restore Point Created Successfully.</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Registry Fix Code ======================</p><p></p><p>Windows Registry Editor Version 5.00</p><p></p><p>[HKEY_USERS\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Windows\CurrentVersion\Run] </p><p>"NI4TH6NZFE"=- </p><p>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] </p><p>"NI4TH6NZFE"=- </p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\Users\Admin\AppData\Roaming\yTGD4RNoF deleted</p><p>"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a>"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a>" [12/19/2014 03:25 AM]</p><p>[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:wcapturex@deskperience.com">wcapturex@deskperience.com</a>"="C:\Program Files (x86)\WordWeb\WCaptureMoz" [04/11/2012 01:17 AM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>blbkdnmdcafmfhinpmnlhhddbepgkeaa - <a href="https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]" target="_blank">https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]</a></p><p>dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[02/27/2014 03:04 AM]</p><p>hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[02/27/2014 03:04 AM]</p><p>hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[02/27/2014 03:04 AM]</p><p>idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 03:24 PM]</p><p>jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[12/19/2014 03:19 AM]</p><p>lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM]</p><p>pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[02/27/2014 03:04 AM]</p><p></p><p>AdBlock - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom</p><p>RealDownloader - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji</p><p>Chrome Hotword Shared Module - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg</p><p>Skype Click to Call - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>"Search Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p>"Default_Search_URL"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Search Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>"</p><p>"Default_Search_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>"</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>No FireFox Cache found</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=1028 folders=97 110878310 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Admin\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\fbwuser\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\Admin\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p></p><p>==== EOF on Thu 04/09/2015 at 14:49:37.75 ======================</p></blockquote><p></p>
[QUOTE="iHateArabyOnline, post: 371926, member: 35247"] Ran zoek with the last script, anything else I should do now? Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Admin on Thu 04/09/2015 at 14:03:57.09. Microsoft Windows 7 Professional 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-04-09-033957.log 23184 bytes ==== System Restore Info ====================== 4/9/2015 2:05:41 PM Zoek.exe System Restore Point Created Successfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Windows\CurrentVersion\Run] "NI4TH6NZFE"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NI4TH6NZFE"=- ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\Users\Admin\AppData\Roaming\yTGD4RNoF deleted "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]online_banking@kaspersky.com[/email]"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]online_banking@kaspersky.com[/email]" [12/19/2014 03:25 AM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "[email]wcapturex@deskperience.com[/email]"="C:\Program Files (x86)\WordWeb\WCaptureMoz" [04/11/2012 01:17 AM] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions blbkdnmdcafmfhinpmnlhhddbepgkeaa - [URL]https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[][/URL] dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[02/27/2014 03:04 AM] hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[02/27/2014 03:04 AM] hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[02/27/2014 03:04 AM] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 03:24 PM] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[12/19/2014 03:19 AM] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[02/27/2014 03:04 AM] AdBlock - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom RealDownloader - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Chrome Hotword Shared Module - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Skype Click to Call - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" "Search Page"="[URL]http://www.google.com[/URL]" "Default_Search_URL"="[URL]http://www.google.com[/URL]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]" "Default_Search_URL"="[URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]" "Start Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[URL]http://www.google.com/search?q={searchTerms}[/URL]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/URL]" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1028 folders=97 110878310 bytes) ==== Empty Temp Folders ====================== C:\Users\Admin\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\fbwuser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on Thu 04/09/2015 at 14:49:37.75 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top