Solved GoSave ruining my computer

A

AliRumri101

New Member
Thread author
Sep 26, 2014
3
Ever since the "GoSave" program infected my computer, I've been having problems with it, including the computer going to the blue screen and crashing. I've tried absolutely everything, and uninstalled it from my computer, but it still remains on Chrome and I have to disable it every time I go onto the internet. I really need help, because my computer is starting to get worse and recently started freezing up so I'd have to restart it all together in order to simply use it.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
A

AliRumri101

New Member
Thread author
Sep 26, 2014
3
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Aliyah on Sat 09/27/2014 at 8:36:01.23.
Microsoft® Windows Vista™ Home Premium 6.0.6001 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aliyah\Desktop\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

9/27/2014 8:39:24 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2912551184-3471886219-3984148982-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\NeXTCouP deleted
C:\ProgramData\NeXTCouP deleted
C:\PROGRA~2\COMMON~1\Config\uninstinethnfd.exe deleted
C:\PROGRA~2\RocketTab deleted
C:\PROGRA~2\globalUpdate deleted
C:\PROGRA~2\predm deleted
C:\PROGRA~2\COMMON~1\Config deleted
C:\Users\Aliyah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk deleted
C:\Users\Aliyah\AppData\Roaming\SendSpace deleted
C:\PROGRA~3\Trusted Publisher deleted
C:\Users\Aliyah\AppData\Local\globalUpdate deleted
C:\Users\Aliyah\AppData\Local\SearchProtect deleted
C:\Users\Aliyah\AppData\Local\WeatherAlerts deleted
C:\Users\Aliyah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\tasks\RocketTab deleted
C:\windows\SysNative\tasks\RocketTab Update Task deleted
C:\end deleted
C:\Windows\SysWOW64\hfpapi.dll deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Aliyah\Desktop\eMu3Ds_downloader-I7Sewe59b.exe deleted
"C:\PROGRA~3\4e6b2cc223aa1584\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140918175325" deleted
"C:\PROGRA~3\4e6b2cc223aa1584\{64A4ABCA-CF3D-C548-2DC4-72A55DC5882A}.20140917171156" deleted
"C:\PROGRA~3\4e6b2cc223aa1584\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140917171206" deleted
"C:\PROGRA~3\4e6b2cc223aa1584\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140918175240" deleted
"C:\PROGRA~3\4e6b2cc223aa1584\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140918175246" deleted
"C:\PROGRA~3\4e6b2cc223aa1584\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140918175330" deleted
"C:\PROGRA~3\4e6b2cc223aa1584\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140918175331" deleted
"C:\PROGRA~3\4e6b2cc223aa1584" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [08/28/2014 10:23 AM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/17/2014 02:27 PM]

NeXTCouP - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Administrator\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Aliyah\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Aliyah\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Aliyah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Aliyah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
Google Voice Search Hotword (Beta) - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
NeXTCouP - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
AdBlock - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
GoSaVe - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Aliyah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Aliyah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Aliyah\AppData\Local\Torch\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Aliyah\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
NeXTCouP - Guest\AppData\Local\Torch\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai
GoSaVe - Guest\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi

==== Chromium Fix ======================

C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Aliyah\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Aliyah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Aliyah\AppData\Local\Torch\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fbgejfncaffennpjmbpchkkckmlbbiai deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://feed.snapdo.com/?p=mKO_AwFzX...Qi4St7jXvtmek17sRm_3cFkMwOvhxyfVgAwZslJ3tQQuQ,,"
"Search Page"="http://feed.snapdo.com/?p=mKO_AwFzX...pP7xlfyUzT4GO5r2IOfVzxoy6pQ,,&q={searchTerms}"
"Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzX...pP7xlfyUzT4GO5r2IOfVzxoy6pQ,,&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snapdo.com/?p=mKO_AwFzX...pP7xlfyUzT4GO5r2IOfVzxoy6og,,&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snapdo.com/?p=mKO_AwFzX...pP7xlfyUzT4GO5r2IOfVzxoy6og,,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snapdo.com/?p=mKO_AwFzX...pP7xlfyUzT4GO5r2IOfVzxoy6pQ,,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzX...pP7xlfyUzT4GO5r2IOfVzxoy6pQ,,&q={searchTerms}"
"SearchAssistant"="http://feed.snapdo.com/?p=mKO_AwFzX...pP7xlfyUzT4GO5r2IOfVzxoy6pQ,,&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2912551184-3471886219-3984148982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1b68e0c3-0b3e-4f4d-8688-27ba183b6b24} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1b68e0c3-0b3e-4f4d-8688-27ba183b6b24} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1b68e0c3-0b3e-4f4d-8688-27ba183b6b24} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1b68e0c3-0b3e-4f4d-8688-27ba183b6b24} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1b68e0c3-0b3e-4f4d-8688-27ba183b6b24} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b68e0c3-0b3e-4f4d-8688-27ba183b6b24} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b68e0c3-0b3e-4f4d-8688-27ba183b6b24} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aliyah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aliyah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=117 folders=55 9191251 bytes)

==== Empty Temp Folders ======================

C:\Users\Aliyah\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aliyah\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Aliyah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Sat 09/27/2014 at 9:20:43.28 ======================


It wouldn't let me upload the file itself because it kept saying the file was empty when it wasn't. Anyway, here's the report. And to let you know one of the GoSave applications that usually loads up in my Google Chrome Extensions has disappeared so it might have some how gotten rid of it. There's still one left.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
We need one more fix. Tell me how is your PC after?


51a612a8b27e2-Zoek.png
Fix with ZOEK

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
pmchblgchdpdhnpmgfegolckfdjbcboi;chr
autoclean;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
A

AliRumri101

New Member
Thread author
Sep 26, 2014
3
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Aliyah on Sun 09/28/2014 at 9:13:57.31.
Microsoft® Windows Vista™ Home Premium 6.0.6001 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aliyah\Desktop\zoek.scr [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-09-27-132043.log 18150 bytes

==== System Restore Info ======================

9/28/2014 9:17:17 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [08/28/2014 10:23 AM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/17/2014 02:27 PM]

GoSaVe - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Administrator\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Aliyah\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Aliyah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
Google Docs - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
GoSaVe - Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Aliyah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Aliyah\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi
GoSaVe - Guest\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi

==== Chromium Fix ======================

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Aliyah\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Aliyah\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Aliyah\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Aliyah\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\pmchblgchdpdhnpmgfegolckfdjbcboi deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aliyah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aliyah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Aliyah\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=192 folders=85 10065676 bytes)

==== Empty Temp Folders ======================

C:\Users\Aliyah\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aliyah\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Aliyah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Sun 09/28/2014 at 10:02:48.26 ======================

Omg both of them are gone! Thank you so much!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

Similar threads

S
  • Locked
No Reply Malware on my chrome and redirect to bing and yahoo
Replies
3
Views
428
Windows Malware Removal Help & Support
icotonev
icotonev
B
  • Locked
No Reply Browser Redirect - Can't Download and Run FRST Software
Replies
2
Views
351
Windows Malware Removal Help & Support
icotonev
icotonev
JuniperBarry
  • Locked
No Reply Your search bar is not being removed
Replies
2
Views
268
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top