Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 1, 2014 10:16:42 GMT -8
Fix for ZoekTemporary disable your AntiVirusRight-click on icon and select Run as Administrator to start the tool. Wait patiently until the main console will appear, it may take a minute or two or 3....... In the main box please paste in the following script:createsrpoint; C:\SYSTEM.SAV\Logs\YahooSh.LOG;fs C:\Users\Cynthia\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7UKOQT3E\us.yhs4.search.yahoo[1].xml;fs C:\_OTL\MovedFiles\07202014_163732\C_Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.2_0\plugins\yahoo.js;fs autoclean; FFdefaults; CHRdefaults; iedefaults; emtpyalltemp; Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes. When the scan completes, a zoek-results logfile should open in notepad. If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ zoek-results.log) Quads
|
|
|
Post by glorywriter on Aug 1, 2014 18:29:54 GMT -8
Here are the latest results.
Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by Cynthia on Fri 08/01/2014 at 21:08:13.12.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cynthia\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-07-31-204438.log 9208 bytes
==== System Restore Info ======================
8/1/2014 9:09:35 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1099550729-1476783560-1051367394-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6CD20B4D-44F7-47BB-A419-747A946429C2} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\SYSTEM.SAV\Logs\YahooSh.LOG deleted
C:\Users\Cynthia\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7UKOQT3E\us.yhs4.search.yahoo[1].xml deleted
C:\_OTL\MovedFiles\07202014_163732\C_Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.2_0\plugins\yahoo.js deleted
C:\PROGRA~2\Coupons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Users\Cynthia\Downloads\avg_free_stb_all_2014_4577_cnet.exe deleted
C:\Users\Cynthia\Searches deleted
C:\Users\Cynthia\Downloads\couponprinter.exe deleted
C:\Users\Cynthia\Downloads\SoftonicDownloader_for_windvd.exe deleted
C:\WINDOWS\wininit.ini deleted
==== Chrome Look ======================
Google Voice Search Hotword (Beta) - Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== Reset Google Chrome ======================
C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.4 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=34 folders=4 13427387 bytes)
==== Empty Temp Folders ======================
C:\Users\Cynthia\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Cynthia\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Fri 08/01/2014 at 21:23:23.80 ======================
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 1, 2014 18:42:07 GMT -8
Now does Chrome have the redirect problem, .
Another trick is to have Chrome set to use google.ca and not Google.com as the settings (don't know why that worked)
Quads
|
|
|
Post by glorywriter on Aug 2, 2014 8:04:50 GMT -8
So far, so good. It hasn't redirected anything in a while now.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 2, 2014 15:27:03 GMT -8
Not counting my chickens just yet, after what we have gone though.
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 4, 2014 14:41:29 GMT -8
I gather that it has still not come back??
Quads
|
|
|
Post by glorywriter on Aug 6, 2014 19:03:28 GMT -8
Still acting right Quads. Thanks so much for your help!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 6, 2014 21:44:01 GMT -8
Do you still have Delfix for the removal of the tools used (second time round)??
Quads
|
|
|
Post by glorywriter on Aug 7, 2014 10:51:14 GMT -8
I haven't deleted anything myself, but I don't see it on the desktop and a search came up empty.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 7, 2014 18:12:49 GMT -8
Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administrator Make sure the Remove Disinfection tools is ticked / selected in the list Click RUNA log will be opened after the operation is finished Copy and Paste it in your next reply
|
|