Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
buayNsAveu(buy and save) chrome extension hinders chrome browsing
Message
<blockquote data-quote="jab123" data-source="post: 318337" data-attributes="member: 32107"><p>Zoek.exe v5.0.0.0 Updated 20-December-2014</p><p>Tool run by JAB on Sat 12/20/2014 at 15:47:39.31.</p><p>Microsoft Windows 8.1 6.3.9600 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\JAB\Desktop\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== System Restore Info ======================</p><p></p><p>12/20/2014 3:48:51 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\Users\JAB\AppData\Local\PackageStaging deleted successfully</p><p>C:\Users\JAB\AppData\Local\VirtualStore deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-1357994043-1479231918-2712495411-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully</p><p>HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully</p><p>HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.2.0 deleted successfully</p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~3\hnehpkmiomonhfobppedpikpojcbppon deleted</p><p>C:\PROGRA~3\8692415340223331019 deleted</p><p>C:\Users\JAB\AppData\Local\AVG Web TuneUp deleted</p><p>C:\Program Files\AVG Web TuneUp deleted</p><p>C:\PROGRA~3\APN deleted</p><p>C:\PROGRA~3\AVG Web TuneUp deleted</p><p>C:\PROGRA~3\Avg_Update_1214tb deleted</p><p>C:\PROGRA~3\AVG Security Toolbar deleted</p><p>C:\PROGRA~3\AVG Secure Search deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted</p><p>C:\Users\JAB\AppData\LocalLow\AVG SafeGuard toolbar deleted</p><p>C:\Users\JAB\AppData\LocalLow\AVG Web TuneUp deleted</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted</p><p>C:\windows\SysNative\tasks\AVG_SYS_TASK_1014av deleted</p><p>"C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted</p><p>"C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted</p><p>"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.2.0\avgdttbx.dll" deleted</p><p>"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll" deleted</p><p>"C:\PROGRA~2\AVG Web TuneUp" not deleted</p><p>"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted</p><p>"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted</p><p>"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted</p><p>"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.2.0" deleted</p><p>"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.2.0" deleted</p><p></p><p>==== Chromium Look ======================</p><p></p><p>Google Voice Search Hotword (Beta) - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>LoL Stream Browser - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp</p><p>ProxMate - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki</p><p>Reddit Enhancement Suite - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb</p><p>League of Legends Events - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk</p><p>AVG Secure Search - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof</p><p>Hover Zoom - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl</p><p></p><p>==== Chromium Startpages ======================</p><p></p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p>"homepage": "<a href="http://www.google.ca/" target="_blank">http://www.google.ca/</a>",</p><p>"startup_urls": [ "<a href="http://www.google.ca/" target="_blank">http://www.google.ca/</a>", "<a href="http://www.youtube.com/" target="_blank">http://www.youtube.com/</a>", "<a href="http://www.reddit.com/r/leagueoflegends" target="_blank">http://www.reddit.com/r/leagueoflegends</a>", "<a href="http://www.facebook.com/?ref=logo" target="_blank">http://www.facebook.com/?ref=logo</a>", "<a href="http://mail.google.com/" target="_blank">http://mail.google.com/</a>", "<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>", "<a href="http://www.google.com" target="_blank">http://www.google.com</a>", "<a href="http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13" target="_blank">http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13</a> 14:14:45&v=17.1.2.1&pid=safeguard&sg=&sap=hp", "<a href="http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13" target="_blank">http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13</a> 14:14:45&v=17.2.0.38&pid=safeguard&sg=0&sap=hp", "<a href="http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05" target="_blank">http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05</a> 23:03:47&v=17.3.1.204&pid=safeguard&sg=0&sap=hp", "<a href="http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13" target="_blank">http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13</a> 14:14:45&v=18.0.5.292&pid=safeguard&sg=0&sap=hp|<a href="http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13" target="_blank">http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13</a> 14:14:45&v=17.2.0.38&pid=safeguard&sg=0&sap=hp|<a href="http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05" target="_blank">http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05</a> 23:03:47&v=17.3.1.204&pid=safeguard&sg=0&sap=hp", "<a href="http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05" target="_blank">http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05</a> 23:03:47&v=18.1.0.443&pid=safeguard&sg=0&sap=hp", "<a href="http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05" target="_blank">http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05</a> 23:03:47&v=18.1.5.512&pid=safeguard&sg=0&sap=hp", "<a href="http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05" target="_blank">http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05</a> 23:03:47&v=18.1.7.598&pid=safeguard&sg=0&sap=hp", "<a href="https://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05" target="_blank">https://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05</a> 23:03:47&v=18.1.9.786&pid=safeguard&sg=0&sap=hp", "<a href="https://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05" target="_blank">https://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05</a> 23:03:47&v=18.1.9.799&pid=safeguard&sg=0&sap=hp", "<a href="http://websearch.searchmania.info/?pid=2921&r=2014/12/14&hid=2209911108174551659&lg=EN&cc=CA&unqvl=70" target="_blank">http://websearch.searchmania.info/?pid=2921&r=2014/12/14&hid=2209911108174551659&lg=EN&cc=CA&unqvl=70</a>" ],</p><p></p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchmania.info_0.localstorage deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchmania.info_0.localstorage-journal deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savelocations.wikia.com_0.localstorage deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savelocations.wikia.com_0.localstorage-journal deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully</p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>No DefaultScope Set For HKCU</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02</a>"</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1ALCLSEC will be deleted at reboot</p><p>C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1V12YQ80 will be deleted at reboot</p><p>C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\DNOFH8HE will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>No FireFox Profiles found</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=332 folders=109 142812545 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Administrator\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\JAB\AppData\Local\Temp will be emptied at reboot</p><p>C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\WINDOWS\Temp successfully emptied</p><p>C:\Users\JAB\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\PROGRA~2\AVG Web TuneUp" not found</p><p>"C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1ALCLSEC" not found</p><p>"C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1V12YQ80" not found</p><p>"C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\DNOFH8HE" not found</p><p></p><p>==== EOF on Sat 12/20/2014 at 15:57:31.06 ======================</p></blockquote><p></p>
[QUOTE="jab123, post: 318337, member: 32107"] Zoek.exe v5.0.0.0 Updated 20-December-2014 Tool run by JAB on Sat 12/20/2014 at 15:47:39.31. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\JAB\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 12/20/2014 3:48:51 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\JAB\AppData\Local\PackageStaging deleted successfully C:\Users\JAB\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1357994043-1479231918-2712495411-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.2.0 deleted successfully ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\hnehpkmiomonhfobppedpikpojcbppon deleted C:\PROGRA~3\8692415340223331019 deleted C:\Users\JAB\AppData\Local\AVG Web TuneUp deleted C:\Program Files\AVG Web TuneUp deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_1214tb deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\JAB\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Users\JAB\AppData\LocalLow\AVG Web TuneUp deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\windows\SysNative\tasks\AVG_SYS_TASK_1014av deleted "C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.2.0\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll" deleted "C:\PROGRA~2\AVG Web TuneUp" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.2.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.2.0" deleted ==== Chromium Look ====================== Google Voice Search Hotword (Beta) - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn LoL Stream Browser - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp ProxMate - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki Reddit Enhancement Suite - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb League of Legends Events - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk AVG Secure Search - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Hover Zoom - JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl ==== Chromium Startpages ====================== C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "[url]http://www.google.ca/[/url]", "startup_urls": [ "[url]http://www.google.ca/[/url]", "[url]http://www.youtube.com/[/url]", "[url]http://www.reddit.com/r/leagueoflegends[/url]", "[url]http://www.facebook.com/?ref=logo[/url]", "[url]http://mail.google.com/[/url]", "[url]http://www.google.com/[/url]", "[url]http://www.google.com[/url]", "[url]http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13[/url] 14:14:45&v=17.1.2.1&pid=safeguard&sg=&sap=hp", "[url]http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13[/url] 14:14:45&v=17.2.0.38&pid=safeguard&sg=0&sap=hp", "[url]http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05[/url] 23:03:47&v=17.3.1.204&pid=safeguard&sg=0&sap=hp", "[url]http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13[/url] 14:14:45&v=18.0.5.292&pid=safeguard&sg=0&sap=hp|[url]http://www.google.ca/|http://www.youtube.com/|http://www.reddit.com/r/leagueoflegends|http://www.facebook.com/?ref=logo|http://mail.google.com/|http://www.google.com/|http://www.google.com|http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13[/url] 14:14:45&v=17.2.0.38&pid=safeguard&sg=0&sap=hp|[url]http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05[/url] 23:03:47&v=17.3.1.204&pid=safeguard&sg=0&sap=hp", "[url]http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05[/url] 23:03:47&v=18.1.0.443&pid=safeguard&sg=0&sap=hp", "[url]http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05[/url] 23:03:47&v=18.1.5.512&pid=safeguard&sg=0&sap=hp", "[url]http://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05[/url] 23:03:47&v=18.1.7.598&pid=safeguard&sg=0&sap=hp", "[url]https://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05[/url] 23:03:47&v=18.1.9.786&pid=safeguard&sg=0&sap=hp", "[url]https://mysearch.avg.com?cid={23C7D659-DD4B-49A8-BB09-4DA42C3EEC4E}&mid=4026943054d947d3a1e2057438098164-2368666159542c44fed7465d8472bf4de7a12f48&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05[/url] 23:03:47&v=18.1.9.799&pid=safeguard&sg=0&sap=hp", "[url]http://websearch.searchmania.info/?pid=2921&r=2014/12/14&hid=2209911108174551659&lg=EN&cc=CA&unqvl=70[/url]" ], ==== Chromium Fix ====================== C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchmania.info_0.localstorage deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchmania.info_0.localstorage-journal deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savelocations.wikia.com_0.localstorage deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savelocations.wikia.com_0.localstorage-journal deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02[/url]" ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1ALCLSEC will be deleted at reboot C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1V12YQ80 will be deleted at reboot C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\DNOFH8HE will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\JAB\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=332 folders=109 142812545 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\JAB\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\JAB\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\AVG Web TuneUp" not found "C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1ALCLSEC" not found "C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\1V12YQ80" not found "C:\Users\JAB\AppData\Local\Microsoft\Windows\INetCache\IE\DNOFH8HE" not found ==== EOF on Sat 12/20/2014 at 15:57:31.06 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top