Go Save won't go
- Thread starter Wardy
- Start date
- Mar 8, 2013
- 22,627
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; autoclean; emptyalltemp; ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
All done, thanks. Here is the results of the file:
Zoek.exe v5.0.0.0 Updated 26-09-2014
Tool run by Sheri on 26/09/2014 at 18:23:31.92.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sheri\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26/09/2014 18:25:09 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default
user.js not found
---- Lines easylife removed from prefs.js ----
user_pref("extensions.GdD6gdogPKb1acZJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||
---- Lines extensions.GdD6gdogPKb1acZJ removed from prefs.js ----
user_pref("extensions.GdD6gdogPKb1acZJ.epoch", "1411809447");
user_pref("extensions.GdD6gdogPKb1acZJ.url", "http://guardsetstarr.info/sync2/?q=...BNmGWj8znShGheDUojw9rdUGqTa4rjaGpchIC7n0rjnEp
---- Lines extensions.P8RVTsAVmZ8ECLn1 removed from prefs.js ----
user_pref("extensions.P8RVTsAVmZ8ECLn1.epoch", "1411830106");
user_pref("extensions.P8RVTsAVmZ8ECLn1.url", "http://jpi-syncs.info/sync2/?q=hfZ9...CNU0m9sMCMlNhd9Fqda4rjwFrjrFqdYMBzqUojw9rdUGq
---- Lines extensions.cUVOtrEgEeri6GBb removed from prefs.js ----
user_pref("extensions.cUVOtrEgEeri6GBb.epoch", "1411746895");
user_pref("extensions.cUVOtrEgEeri6GBb.url", "http://fasten-tech.com/sync2/?q=hfZ...9CNU0m9sMCMlNhd9Fqda4rjwFrjrFrTnMBzqUojw9rdUF
---- FireFox user.js and prefs.js backups ----
prefs_092014_1835_.backup
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\YaOuetUbeAdBlocKe deleted
C:\PROGRA~3\YaOuetUbeAdBlocKe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default\extensions\59@b1j.org deleted
C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default\extensions\7@AgR.com deleted
C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default\extensions\xIfeD651@ha5.com deleted
"C:\PROGRA~3\14960bba05d83103\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140926101058" deleted
"C:\PROGRA~3\14960bba05d83103\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140926103234" deleted
"C:\PROGRA~3\14960bba05d83103\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140926103235" deleted
"C:\PROGRA~3\14960bba05d83103\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140911123202" deleted
"C:\PROGRA~3\14960bba05d83103\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140926102103" deleted
"C:\PROGRA~3\14960bba05d83103\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140926102104" deleted
"C:\PROGRA~3\14960bba05d83103\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140911123213" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140911123136" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140911123149" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140926101035" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140926101059" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140926101102" deleted
"C:\PROGRA~3\14960bba05d83103" deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default
5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director
8C8616948CF274F5F7250865AEEF3087 - C:\Program Files\Lattice\Player3_x86\npxvlplay.dll - XVL Player
==== Chromium Look ======================
GGoSAvee - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
==== Chromium Fix ======================
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{FB7BB155-D434-4123-8D81-76CAC020F0B4}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{FB7BB155-D434-4123-8D81-76CAC020F0B4} Google Url="http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=403 folders=160 4799608 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sheri\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Sheri\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 26/09/2014 at 18:56:11.48 ======================
Zoek.exe v5.0.0.0 Updated 26-09-2014
Tool run by Sheri on 26/09/2014 at 18:23:31.92.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sheri\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26/09/2014 18:25:09 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default
user.js not found
---- Lines easylife removed from prefs.js ----
user_pref("extensions.GdD6gdogPKb1acZJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||
---- Lines extensions.GdD6gdogPKb1acZJ removed from prefs.js ----
user_pref("extensions.GdD6gdogPKb1acZJ.epoch", "1411809447");
user_pref("extensions.GdD6gdogPKb1acZJ.url", "http://guardsetstarr.info/sync2/?q=...BNmGWj8znShGheDUojw9rdUGqTa4rjaGpchIC7n0rjnEp
---- Lines extensions.P8RVTsAVmZ8ECLn1 removed from prefs.js ----
user_pref("extensions.P8RVTsAVmZ8ECLn1.epoch", "1411830106");
user_pref("extensions.P8RVTsAVmZ8ECLn1.url", "http://jpi-syncs.info/sync2/?q=hfZ9...CNU0m9sMCMlNhd9Fqda4rjwFrjrFqdYMBzqUojw9rdUGq
---- Lines extensions.cUVOtrEgEeri6GBb removed from prefs.js ----
user_pref("extensions.cUVOtrEgEeri6GBb.epoch", "1411746895");
user_pref("extensions.cUVOtrEgEeri6GBb.url", "http://fasten-tech.com/sync2/?q=hfZ...9CNU0m9sMCMlNhd9Fqda4rjwFrjrFrTnMBzqUojw9rdUF
---- FireFox user.js and prefs.js backups ----
prefs_092014_1835_.backup
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\YaOuetUbeAdBlocKe deleted
C:\PROGRA~3\YaOuetUbeAdBlocKe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default\extensions\59@b1j.org deleted
C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default\extensions\7@AgR.com deleted
C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default\extensions\xIfeD651@ha5.com deleted
"C:\PROGRA~3\14960bba05d83103\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140926101058" deleted
"C:\PROGRA~3\14960bba05d83103\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140926103234" deleted
"C:\PROGRA~3\14960bba05d83103\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140926103235" deleted
"C:\PROGRA~3\14960bba05d83103\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140911123202" deleted
"C:\PROGRA~3\14960bba05d83103\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140926102103" deleted
"C:\PROGRA~3\14960bba05d83103\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140926102104" deleted
"C:\PROGRA~3\14960bba05d83103\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140911123213" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140911123136" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140911123149" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140926101035" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140926101059" deleted
"C:\PROGRA~3\14960bba05d83103\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140926101102" deleted
"C:\PROGRA~3\14960bba05d83103" deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\r6oitax4.default
5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director
8C8616948CF274F5F7250865AEEF3087 - C:\Program Files\Lattice\Player3_x86\npxvlplay.dll - XVL Player
==== Chromium Look ======================
GGoSAvee - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Administrator\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Guest\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Guest\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Guest\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - Sheri\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - Sheri\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - Sheri\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
GGoSAvee - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak
Browse Save Win - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho
NextCuooup - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh
==== Chromium Fix ======================
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Sheri\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\kgbmnjgmjcmjfpbgjpbnfnojdjbodnhh deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Sheri\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\aahnenmkfkegmckahlffnneoknffijak deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\Sheri\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{FB7BB155-D434-4123-8D81-76CAC020F0B4}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{FB7BB155-D434-4123-8D81-76CAC020F0B4} Google Url="http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=403 folders=160 4799608 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sheri\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Sheri\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 26/09/2014 at 18:56:11.48 ======================
- Mar 8, 2013
- 22,627
Oh wow, yes it appears to be back to normal. Sorry I didn't post that the other day as I thought that file you had me running was just to check over it and wasn't actually fixing it!
You sir are a gent!
- Mar 8, 2013
- 22,627
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself
MUST READ - security tips:
MUST READ - general maintenance:
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.
TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
FiheHippo.com Update Checker - to keep your programs up-to-date.
Adblock - to surf the web without annoying ads!
Download DelFix by Xplode and save it to your desktop.
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Stay safe,
TwinHeadedEagle
Recommended reading:
- Computer Security - a short guide to staying safer online.
- Simple and easy ways to keep your computer safe and secure on the Internet
The Importance of Software Updating:
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.
Recommended additional software:
Post-cleanup procedures:
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the
icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run and wait until the tool completes his work.
- All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
Tool deletes old system restore points and create a fresh system restore point after cleaning.
My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
Stay safe,
TwinHeadedEagle
Similar threads
- Locked
