Reply to thread

Message: <blockquote data-quote="basketball2323" data-source="post: 475442" data-attributes="member: 49049">Zoek.exe v5.0.0.1 Updated 31-December-2015Tool run by Cam on 01/02/2016 at  1:00:29.32.Microsoft Windows 8 Pro 6.2.9200  x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Cam\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ======================01/02/2016 01:08:27 Zoek.exe System Restore Point Created Successfully.==== Empty Folders Check ======================C:\PROGRA~2\AGEIA Technologies deleted successfullyC:\PROGRA~2\DivX deleted successfullyC:\PROGRA~3\Avg deleted successfullyC:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfullyC:\Users\Cam\AppData\Roaming\sparta111 deleted successfullyC:\Users\Cam\AppData\Roaming\uTorrent deleted successfullyC:\Users\Cam\AppData\Local\Skype deleted successfullyC:\Users\Cam\AppData\Local\Sparta deleted successfullyC:\Users\Cam\AppData\Local\WarThunder deleted successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully==== Deleting CLSID Registry Keys ======================HKEY_USERS\S-1-5-21-626473118-3010605479-898090307-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully==== Deleting CLSID Registry Values ======================HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully==== Deleting Services ======================HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater14.2.0 deleted successfully==== Batch Command(s) Run By Tool======================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.==== Deleting Files \ Folders ======================C:\PROGRA~2\AGEIA Technologies not foundC:\PROGRA~2\DivX not foundC:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not foundC:\PROGRA~2\Flyordie Plugin deletedC:\windows\SysNative\Tasks\Bidaily Synchronize Task[973b] deletedC:\Windows\tasks\Bidaily Synchronize Task[973b].job deletedC:\PROGRA~3\{7c12c1dc-c294-1c6e-7c12-2c1dcc290773} deletedC:\PROGRA~3\5767796595995162811 deletedC:\PROGRA~3\DivX deletedC:\PROGRA~2\SearchProtect deletedC:\PROGRA~2\File Scout deletedC:\PROGRA~2\COMMON~1\AVG Secure Search deletedC:\prefs.js deletedC:\Users\Cam\AppData\Roaming\RHEng deletedC:\Users\Cam\AppData\Roaming\Systweak deletedC:\Users\Cam\AppData\Roaming\OpenCandy deletedC:\PROGRA~3\AVG Security Toolbar deletedC:\PROGRA~3\IBUpdaterService deletedC:\PROGRA~3\AVG SafeGuard toolbar deletedC:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deletedC:\PROGRA~3\Package Cache deletedC:\Users\Cam\AppData\Local\SearchProtect deletedC:\Users\Cam\AppData\Local\Unity deletedC:\Users\Cam\AppData\Local\AVG Secure Search deletedC:\Users\Cam\AppData\Local\Systweak deletedC:\Users\Cam\AppData\Local\AVG SafeGuard toolbar deletedC:\Users\Cam\AppData\Local\adawarebp deletedC:\Users\Cam\AppData\Local\AVG Nation toolbar deletedC:\Users\Cam\AppData\Local\CrashRpt deletedC:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta deletedC:\Windows\SysNative\roboot64.exe deletedC:\Users\Cam\AppData\LocalLow\AVG SafeGuard toolbar deletedC:\Users\Cam\AppData\LocalLow\Unity deletedC:\END deletedC:\Windows\SysNative\config\systemprofile\Searches deletedC:\Windows\Syswow64\SearchProtect deleted==== Firefox Extensions Registry ======================[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"avg@toolbar"="C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1" []==== Chromium Look ======================Google Chrome Version: 46.0.2490.86HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionslfffjahnfbocnaooecgijfnbpcfekoik - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx[]lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08/01/2016 10:47]ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\14.2.0.1\avg.crx[]Ask Toolbar - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflkoComodo Drag&Drop Service - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogoComodo Web Inspector - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnnPrivDog - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohjaComodo Media Downloader - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendoAbsolute Radio Live Scores - Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgmkadilkeimcolingoooifhoknpkifiAVG SafeGuard toolbar - Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof==== Chromium Startpages ======================C:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Preferences"homepage": "<a href="http://websearch.searchtotal.info/?pid=24388&r=2015/06/01&hid=5087950222676336109&lg=EN&cc=AU&unqvl=88" target="_blank">Search</a>",==== Chromium Fix ======================C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_admtpmp123.adk2x.com_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_admtpmp123.adk2x.com_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.tunefind.com_0.localstorage" target="_blank">www.tunefind.com_0.localstorage</a> deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.tunefind.com_0.localstorage-journal" target="_blank">www.tunefind.com_0.localstorage-journal</a> deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_career-services.careerone.com.au_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_career-services.careerone.com.au_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_roysautoservices.com_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_roysautoservices.com_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfullyC:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfullyC:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfullyC:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal deleted successfullyC:\Users\Cam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgmkadilkeimcolingoooifhoknpkifi deleted successfully==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130986366714421902&GUID=BF406046-4567-454B-8EA1-7975E2173FAC" target="_blank">MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos</a>""Search Page"="<a href="http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}" target="_blank">http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}</a>""Default_Page_URL"="<a href="http://www.google.com/" target="_blank">Google</a>""Default_Search_URL"="<a href="http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}" target="_blank">http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}</a>"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Search_URL"="<a href="http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}" target="_blank">http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}</a>""Default_Page_URL"="<a href="http://www.google.com/" target="_blank">Google</a>""Search Page"="<a href="http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}" target="_blank">http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}</a>"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Default_Search_URL"="<a href="http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}" target="_blank">http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}</a>""Default_Page_URL"="<a href="http://www.google.com/" target="_blank">Google</a>""Search Page"="<a href="http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}" target="_blank">http://isearch.omiga-plus.com/web/?type=dspp&ts=1420951040&from=cor&uid=HitachiXHDS721010DLE630_MSK5215H01Z0PG01Z0PGX&q={searchTerms}</a>"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]"Tabs"="res://ieframe.dll/tabswelcome.htm"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]"Tabs"="res://ieframe.dll/tabswelcome.htm"New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Search Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">Bing</a>""Default_Search_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">Bing</a>""Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos</a>""Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130986366714421902&GUID=BF406046-4567-454B-8EA1-7975E2173FAC" target="_blank">MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos</a>"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Search_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">Bing</a>""Search Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">Bing</a>""Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos</a>"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Default_Search_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">Bing</a>""Search Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">Bing</a>""Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos</a>"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]"Tabs"="about:newtab"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]"Tabs"="about:newtab"==== All HKLM and HKCU SearchScopes ======================HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - <a href="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" target="_blank">{searchTerms} - Bing</a>HKLM\Wow6432Node\SearchScopes "DefaultScope"="{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}"HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - <a href="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" target="_blank">{searchTerms} - Bing</a>HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - <a href="http://www.google.com/search?q={searchTerms}" target="_blank">{searchTerms} - Google Search</a>HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - <a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" target="_blank">{searchTerms} - Bing</a>==== Deleting Registry Keys ======================HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfullyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall deleted successfully==== Empty IE Cache ======================</blockquote>

Verification

Top