Solved Fake Adobe Flash update and Chrome update

Status
Not open for further replies.

Chris1288

New Member
Thread author
Dec 10, 2014
10
Keep getting pop ups for Adobe Flash update and for Chrome(mostly Adobe Flash). I will be browsing the web and bammm! it pops up again and again. Tried searching the web on how to remove it and must of done a gazillion things and still a no go. I have run out of answers and I hope you will be able to help. Thanks....
 

Attachments

  • FRST.txt
    55.2 KB · Views: 76
  • Addition.txt
    27.1 KB · Views: 60

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Helllo,

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.




51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Chris1288

New Member
Thread author
Dec 10, 2014
10
Helllo,

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.




51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Zoek.exe v5.0.0.0 Updated 10-December-2014
Tool run by Cgwei_000 on Wed 12/10/2014 at 23:42:10.33.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cgwei_000\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/10/2014 11:46:17 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~3\CLSK deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Cgwei_000\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Cgwei_000\AppData\Local\PackageStaging deleted successfully
C:\Users\Heidi\AppData\Local\Intel WiDi deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

"c:\Windows\Installer\15197553.msi" not found
C:\Users\Cgwei_000\.android deleted
C:\Users\Heidi\.android deleted
C:\Users\Cgwei_000\AppData\Roaming\WB.CFG deleted
C:\Users\Cgwei_000\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Cgwei_000\AppData\Roaming\GetRightToGo deleted
C:\Users\Heidi\AppData\Roaming\WB.CFG deleted
C:\Users\Heidi\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Heidi\AppData\Roaming\Open Download Manager deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Heidi\AppData\Local\nsrBB7C.tmp deleted
C:\Users\Heidi\AppData\Local\CRE deleted
C:\Users\Heidi\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\WINDOWS\Installer\20ec6abf.msi" deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaakabcghbhlohjjnonbaadlhlkhaob - C:\ProgramData\AskPartnerNetwork\Toolbar\EPNV64\CRX\ToolbarCR.crx[]
ffekppndigniegkobcngkdmaadbhhonj - C:\Users\Heidi\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx[]

Ask Toolbar for Epson - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob
Angry Birds - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
avast Online Security - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
God is Love - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Ask Toolbar for Epson - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Skype Click to Call - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Voice Search Hotword (Beta) - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Battlefield Heroes - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh

==== Chromium Startpages ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.com/" ]


==== Chromium Fix ======================

C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_astromendagames.com_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_astromendagames.com_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F274703B9DB704042955ECD6A611693A deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B307472F-7BD9-4040-9255-CE6D6A1196A3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F274703B9DB704042955ECD6A611693A deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=449 folders=133 103990031 bytes)

==== Empty Temp Folders ======================

C:\Users\Cgwei_000\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Heidi\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CGWEI_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found

==== EOF on Wed 12/10/2014 at 23:59:46.16 ======================
 

Chris1288

New Member
Thread author
Dec 10, 2014
10
Zoek.exe v5.0.0.0 Updated 10-December-2014
Tool run by Cgwei_000 on Wed 12/10/2014 at 23:42:10.33.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cgwei_000\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/10/2014 11:46:17 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~3\CLSK deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Cgwei_000\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Cgwei_000\AppData\Local\PackageStaging deleted successfully
C:\Users\Heidi\AppData\Local\Intel WiDi deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

"c:\Windows\Installer\15197553.msi" not found
C:\Users\Cgwei_000\.android deleted
C:\Users\Heidi\.android deleted
C:\Users\Cgwei_000\AppData\Roaming\WB.CFG deleted
C:\Users\Cgwei_000\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Cgwei_000\AppData\Roaming\GetRightToGo deleted
C:\Users\Heidi\AppData\Roaming\WB.CFG deleted
C:\Users\Heidi\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Heidi\AppData\Roaming\Open Download Manager deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Heidi\AppData\Local\nsrBB7C.tmp deleted
C:\Users\Heidi\AppData\Local\CRE deleted
C:\Users\Heidi\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\WINDOWS\Installer\20ec6abf.msi" deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaakabcghbhlohjjnonbaadlhlkhaob - C:\ProgramData\AskPartnerNetwork\Toolbar\EPNV64\CRX\ToolbarCR.crx[]
ffekppndigniegkobcngkdmaadbhhonj - C:\Users\Heidi\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx[]

Ask Toolbar for Epson - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob
Angry Birds - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
avast Online Security - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
God is Love - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Ask Toolbar for Epson - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Skype Click to Call - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Voice Search Hotword (Beta) - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Battlefield Heroes - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh

==== Chromium Startpages ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.com/" ]


==== Chromium Fix ======================

C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_astromendagames.com_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_astromendagames.com_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F274703B9DB704042955ECD6A611693A deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaakabcghbhlohjjnonbaadlhlkhaob deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B307472F-7BD9-4040-9255-CE6D6A1196A3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F274703B9DB704042955ECD6A611693A deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=449 folders=133 103990031 bytes)

==== Empty Temp Folders ======================

C:\Users\Cgwei_000\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Heidi\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CGWEI_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found

==== EOF on Wed 12/10/2014 at 23:59:46.16 ======================
 

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Re-run zoek and run this script:


Code:
aaaakabcghbhlohjjnonbaadlhlkhaob;chr
ffekppndigniegkobcngkdmaadbhhonj;chr
C:\ProgramData\AskPartnerNetwork\Toolbar;fs
C:\Users\Heidi\AppData\Local\CRE;fs
aaaakabcghbhlohjjnonbaadlhlkhaob;chr
bepbmhgboaologfdajaanbcjmnhjmhfn;chr
cehdakiococlfmjcbebbkjkfjhbieknh;chr
autoclean;
emptyalltemp;
ipconfig /flushdns;b
 

Chris1288

New Member
Thread author
Dec 10, 2014
10
Zoek.exe v5.0.0.0 Updated 10-December-2014
Tool run by Cgwei_000 on Thu 12/11/2014 at 7:38:44.78.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cgwei_000\Downloads\zoek (2).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-11-055946.log 10554 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\ProgramData\AskPartnerNetwork\Toolbar not found
C:\Users\Heidi\AppData\Local\CRE not found
C:\Users\Cgwei_000\.android deleted

==== Chromium Look ======================

Angry Birds - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Drive - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
God is Love - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea
Google Wallet - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Drive - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Skype Click to Call - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Voice Search Hotword (Beta) - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Battlefield Heroes - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
Google Wallet - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.com/" ]


==== Chromium Fix ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_bepbmhgboaologfdajaanbcjmnhjmhfn_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bepbmhgboaologfdajaanbcjmnhjmhfn_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=569 folders=172 110370246 bytes)

==== Empty Temp Folders ======================

C:\Users\Cgwei_000\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Heidi\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CGWEI_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 12/11/2014 at 7:55:10.94 ======================
 
  • Like
Reactions: Thunderbold

Chris1288

New Member
Thread author
Dec 10, 2014
10
Works ok for now, will I have to run the repeated steps for a different user at log in? When I signed in under a different user(wifes) it came up but not under mine when I signed in.
 

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
let's look at that profile



51a612a8b27e2-Zoek.png
Scan with ZOEK




Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Chris1288

New Member
Thread author
Dec 10, 2014
10
Zoek.exe v5.0.0.0 Updated 10-December-2014
Tool run by Heidi on Thu 12/11/2014 at 23:45:17.63.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Heidi\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-11-055946.log 10554 bytes
C:\zoek-results2014-12-11-135510.log 9351 bytes

==== System Restore Info ======================

12/11/2014 11:47:24 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-999681477-4271743386-3363216655-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-999681477-4271743386-3363216655-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8D7AF852-C15B-498E-BA9E-50BF50ED915E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Cgwei_000\.android deleted

==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ffekppndigniegkobcngkdmaadbhhonj - C:\Users\Heidi\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx[]

Angry Birds - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
avast Online Security - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
God is Love - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea
Skype Click to Call - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chromium Startpages ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.com/" ]


==== Chromium Fix ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{23E51FCE-E112-4682-960D-BE14FFAF677F} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{497A76C4-688A-4041-AF89-3481B0C64551} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-999681477-4271743386-3363216655-1001\Software\Microsoft\Internet Explorer\SearchScopes\{497A76C4-688A-4041-AF89-3481B0C64551} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=577 folders=172 110483315 bytes)

==== Empty Temp Folders ======================

C:\Users\Cgwei_000\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Heidi\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Heidi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 12/12/2014 at 0:13:06.82 ======================
 

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Re-run zoek and run this script:

Code:
ffekppndigniegkobcngkdmaadbhhonj.crx;chr
{497A76C4-688A-4041-AF89-3481B0C64551};c
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
 

Chris1288

New Member
Thread author
Dec 10, 2014
10
Zoek.exe v5.0.0.0 Updated 12-December-2014
Tool run by Heidi on Fri 12/12/2014 at 8:02:43.69.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Heidi\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-11-055946.log 10554 bytes
C:\zoek-results2014-12-11-135510.log 9351 bytes
C:\zoek-results2014-12-12-061306.log 8900 bytes

==== System Restore Info ======================

12/12/2014 8:04:40 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Heidi\.android deleted

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)


Angry Birds - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Drive - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
God is Love - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea
Google Wallet - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Drive - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Skype Click to Call - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Wallet - Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.com/" ]


==== Chromium Fix ======================

C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_freedeals4utoday.com_0.localstorage deleted successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_freedeals4utoday.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{23E51FCE-E112-4682-960D-BE14FFAF677F} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Cgwei_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Heidi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Cgwei_000\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=579 folders=172 110480940 bytes)

==== Empty Temp Folders ======================

C:\Users\Cgwei_000\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Heidi\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Heidi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 12/12/2014 at 8:30:29.70 ======================
 

Chris1288

New Member
Thread author
Dec 10, 2014
10
Winner Winner Chicken Diner!!!! I think you may have solved the problem. I thank you. Enjoy the beer, cause I am buying a round.
 

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Thank you.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top