Jump to content

Glukcher

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. That worked, the popup is gone now It seems like just router was infected? Thanks for your helping, you're doing great job.
  2. Yes. Even in not-so-browsers, in steam and desura for example.
  3. That popup still remains in all browsers including reinstalled chrome. However, i got rid of other minor adware in browsers which i got used to and just didn't mention And also PC became faster i believe. But the main problem is still here.
  4. I already did scan with Malwarebytes Anti-Malware before posting here and it found a lot of stuff. Now, for the second time i did the scan it found only 2 items even with rootkits being ticked. I'll attach both old and new logs. Malwarebytes Anti-Malware log new.txt Malwarebytes Anti-Malware log old.txt AdwCleanerS1.txt FRST.txt Addition.txt
  5. Zoek.exe v5.0.0.0 Updated 22-12-2014 Tool run by Glukcher on 23.12.2014 at 20:59:22,50. Microsoft Windows 7 Максимальная 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Glukcher\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 23.12.2014 21:02:53 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Driver Checker deleted successfully C:\PROGRA~2\GMT-MAX.ORG deleted successfully C:\PROGRA~2\Marvell deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Sang-Froid - Tales of Werewolves deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\ReaConverter deleted successfully C:\PROGRA~3\regid.1986-12.com.adobe deleted successfully C:\PROGRA~3\VKSaver deleted successfully C:\Users\Glukcher\AppData\Roaming\BrowserSetup deleted successfully C:\Users\Glukcher\AppData\Roaming\FearlessFantasy deleted successfully C:\Users\Glukcher\AppData\Roaming\Kalypso Media deleted successfully C:\Users\Glukcher\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Glukcher\AppData\Roaming\Publish Providers deleted successfully C:\Users\Glukcher\AppData\Local\.# deleted successfully C:\Users\Glukcher\AppData\Local\FindingTeddy deleted successfully C:\Users\Glukcher\AppData\Local\FluxSoftware deleted successfully C:\Users\Glukcher\AppData\Local\Metrocide deleted successfully C:\Users\Glukcher\AppData\Local\PACE Anti-Piracy deleted successfully C:\Users\Glukcher\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DF1ABD2-D97D-4F99-948C-B2D9EECC2728} deleted successfully HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f} deleted successfully HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.5.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater15.5.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.2.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.2.0 deleted successfully ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\Users\Glukcher\AppData\Local\AVG Web TuneUp deleted C:\PROGRA~2\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\AlterGeo deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\found.000 deleted C:\Users\Glukcher\AppData\Roaming\burnaware.ini deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0814av deleted C:\PROGRA~3\Avg_Update_1214tb deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\Package Cache deleted C:\Users\Glukcher\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Glukcher\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Glukcher\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged deleted "C:\Users\Glukcher\AppData\Local\LumaEmu" deleted "C:\Users\Glukcher\AppData\Roaming\PDFConverterApp" deleted "C:\PROGRA~3\c87ccba22342ff67\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140902193313" deleted "C:\PROGRA~3\c87ccba22342ff67\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140902193329" deleted "C:\PROGRA~3\c87ccba22342ff67\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140902193231" deleted "C:\PROGRA~3\c87ccba22342ff67\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140902193246" deleted "C:\Users\Glukcher\AppData\Roaming\bosonx\ltstate" deleted "C:\Users\Glukcher\AppData\Roaming\corrypt\savegame" deleted "C:\Users\Glukcher\AppData\Roaming\corrypt\score" deleted "C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted "C:\PROGRA~2\NVIDIA Corporation\3D Vision\nvSCPAPI.dll" deleted "C:\PROGRA~2\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" deleted "C:\PROGRA~2\NVIDIA Corporation\NetService\NvNetworkService.exe" deleted "C:\PROGRA~2\NVIDIA Corporation\Update Core\NvBackend.exe" deleted "C:\PROGRA~3\NVIDIA Corporation\NetService\NvNetService.log" not deleted "C:\PROGRA~3\NVIDIA Corporation\nvStreamSvc\nssCurrent.log" not deleted "C:\PROGRA~3\NVIDIA Corporation\nvStreamSvc\nvstreamsvcCurrent.log" not deleted "C:\PROGRA~3\NVIDIA Corporation\nvStreamSvc\SSASCurrent.log" not deleted "C:\PROGRA~3\c87ccba22342ff67" deleted "C:\Users\Glukcher\AppData\Roaming\bosonx" deleted "C:\Users\Glukcher\AppData\Roaming\corrypt" deleted "C:\PROGRA~2\NVIDIA Corporation" not deleted "C:\PROGRA~2\AVG Web TuneUp" not deleted "C:\PROGRA~3\NVIDIA Corporation" not deleted "C:\PROGRA~2\NVIDIA Corporation\3D Vision" not deleted "C:\PROGRA~2\NVIDIA Corporation\NetService" not deleted "C:\PROGRA~2\NVIDIA Corporation\Update Core" deleted "C:\PROGRA~3\NVIDIA Corporation\NetService" not deleted "C:\PROGRA~3\NVIDIA Corporation\nvStreamSvc" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{F53C93F1-07D5-430c-86D4-C9531B27DFAF}"="C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack" [03.07.2012 23:12] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "magicplayer@torrentstream.org"="C:\Users\Glukcher\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org" [17.09.2014 22:59] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Glukcher\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default - Undetermined - %ProfilePath%\extensions\dmbarff@westbyte.com - Download Master Media Monitor - %ProfilePath%\extensions\dmmm@westbyte.com - Undetermined - %ProfilePath%\extensions\dmpluginff@westbyte.com - Undetermined - %ProfilePath%\extensions\dmremote@westbyte.com - @Mail.Ru - %ProfilePath%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - AlterGeo Addons - %ProfilePath%\extensions\{B100D0FF-0001-8CE4-2790-AACE49B8AE35} - Undetermined - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24782}.xpi ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\ASPNET\AppData\Local\Torch deleted Fake profile C:\Users\ASPNET\AppData\Local\Google\Chrome deleted Fake profile C:\Users\ASPNET\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\ASPNET\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\ASPNET\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Glukcher\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Torch deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\836D~1\AppData\Local\Torch deleted Fake profile C:\Users\836D~1\AppData\Local\Google\Chrome deleted Fake profile C:\Users\836D~1\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\836D~1\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\836D~1\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\8CED~1\AppData\Local\Torch deleted Fake profile C:\Users\8CED~1\AppData\Local\Google\Chrome deleted Fake profile C:\Users\8CED~1\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\8CED~1\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\8CED~1\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== Google Chrome Version: 36.0.1985.143 (Could not determine latest Stable Version) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions hcncjpganfocbfoenaemagjjopkkindp - No path found[] jggbjbmnfmipgcanidamjfpechdeekoi - No path found[] nkcpopggjcjkiicpenikeogioednjeac - C:\Users\Glukcher\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx[] pldbienodkpgkccocelidinmciedjdok - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] kpckgflgdapkpabemgkielbefdildaio - C:\Users\Glukcher\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx[28.01.2014 14:13] AS Magic Player - Glukcher\AppData\Local\Amigo\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim { persistent: false scripts: [ background.js ] } content_scripts: [ { js: [ contentscript.js ] matches: [ http://*/* https://*/* ] run_at: document_start } ]description: Позволяет воспроизводить flash-контентmanifest_version: 2name: Adobe DTM Switchupdate_url: {"browser":{"show_home_button":true,"window_placement":{"maximized":true}},"cloud_print":{"email":""},"countryid_at_install":21077,"default_search_provider":{"enabled":true},"dns_prefetching":{"host_referral_list":[2],"startup_list":[1]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"next_check":"12962128310338820"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","webstorePrivate"]},"app_launcher_index":-2,"page_index":0}},"homepage":"http://www.yandex.ru/?clid=47639","homepage_is_newtabpage":false,"ntp":{"app_page_names":[null,""],"intro_display_count":11,"pref_version":3,"promo_build":0,"promo_closed":false,"promo_end":1299830340.0,"promo_group":3,"promo_group_max":0,"promo_group_timeslice":0,"promo_line":"Рспользуете Chrome РЅР° разных компьютерах? Возьмите СЃРІРѕРё закладки Рё РґСЂСѓРіРёРµ настройки СЃ СЃРѕР±РѕР№!","promo_resource_cache_update":"1317635236.810554","promo_start":1299830280.0,"shown_page":1024,"shown_sections":64,"webstore_last_promo_id":"1335115"},"pinned_tabs":[{"url":"http://www.yandex.ru/?clid=1790325"},{"url":"http://mail.yandex.ru/?clid=1790325"}],"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true},"profile":{"content_settings":{"pref_version":1},"exited_cleanly":true},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false},"sync_promo":{"user_skipped":true},"bookmark_bar":{"show_on_all_tabs":true},"session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?win=28&clid=135293","http://mail.yandex.ru/?win=28&clid=135293"],"startup_urls":["http://www.yandex.ru/?win=130&clid=2060561"]}} C:\Users\Glukcher\AppData\Local\Comodo\Dragon\User Data\Default\Preferences "homepage": " C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "startup_urls": [ "http://www.google.com/" ], ==== Chromium Fix ====================== C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_saveourskins.tumblr.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_saveourskins.tumblr.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videosaver.su_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videosaver.su_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveourskins.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveourskins.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kinokopilka.tv_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kinokopilka.tv_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.williamhill.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static5.cmtt.ru_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static5.cmtt.ru_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_malevich.en.softonic.com_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_malevich.en.softonic.com_0.localstorage-journal deleted successfully C:\Users\Glukcher\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_nkcpopggjcjkiicpenikeogioednjeac_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Nichrome\User Data\Default\Local Storage\chrome-extension_nkcpopggjcjkiicpenikeogioednjeac_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Xpom\User Data\Default\Local Storage\chrome-extension_nkcpopggjcjkiicpenikeogioednjeac_0.localstorage deleted successfully C:\Users\Glukcher\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emilbbipjakcancahpmhmdddohflmhck deleted successfully C:\Users\Glukcher\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohodmcahedcphoipgooelhjcfahodhcj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/ru-ru/?pc=U270&ocid=U270DHP" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y] @="http://yandex.ru/yandsearch?win=98&clid=2071976&text=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/ru-ru/?pc=U270&ocid=U270DHP" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {CCF2E7BF-50CE-4D18-B5D7-3FD6C3195A94} џ­¤ҐЄб Url="http://yandex.ru/yandsearch?clid=1782899&text={searchTerms}" {DAE21A8B-985F-4C8A-9E4A-782BDAE7DBF3} Џ®ЁбЄ@Mail.Ru Url="http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=openpart5" {FFEBBF0A-C22C-4172-89FF-45215A135AC7} Bing Url="http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4205409520-2739727126-3251711187-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nkcpopggjcjkiicpenikeogioednjeac deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Glukcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Glukcher\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Glukcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410OQ0XI will be deleted at reboot C:\Users\Glukcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Glukcher\AppData\Local\Amigo\User Data\Default\Cache emptied successfully C:\Users\Glukcher\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2521 folders=479 1388735202 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Glukcher\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\TEMP emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Glukcher\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\NVIDIA Corporation\NetService\NvNetService.log" deleted "C:\PROGRA~3\NVIDIA Corporation\nvStreamSvc\nssCurrent.log" deleted "C:\PROGRA~3\NVIDIA Corporation\nvStreamSvc\nvstreamsvcCurrent.log" not deleted "C:\PROGRA~3\NVIDIA Corporation\nvStreamSvc\SSASCurrent.log" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Glukcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\PROGRA~2\NVIDIA Corporation" not found "C:\PROGRA~2\AVG Web TuneUp" not found "C:\PROGRA~3\NVIDIA Corporation" not deleted "C:\Users\Glukcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\410OQ0XI" not found "C:\Users\Glukcher\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QGYDM9P9\coub.com" not found "C:\Users\Glukcher\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QGYDM9P9\www.playtheend.com" not found ==== EOF on 23.12.2014 at 22:27:11,42 ======================
  6. Hi, yesterday i began experiencing popup similar to this except for it has different text content for me. This popup appears on all browsers and on many sites, sometimes it even completely breaks some functions of the site. Hope you can do something with this, thanks for your attention! Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.