Jump to content

Brindle023

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by Brindle023

  1. # AdwCleaner v6.030 - Logfile created 22/10/2016 at 21:01:04 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-10-22.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : M Brindle - BRINDLE # Running from : C:\Users\Matt Brindle\Downloads\AdwCleaner.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2155 Bytes] - [17/10/2016 20:13:31] C:\AdwCleaner\AdwCleaner[S0].txt - [2131 Bytes] - [17/10/2016 20:11:49] C:\AdwCleaner\AdwCleaner[S1].txt - [1141 Bytes] - [22/10/2016 21:01:04] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1214 Bytes] ##########
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 10 Pro x64 Ran by M Brindle (Administrator) on Sat 10/22/2016 at 20:56:34.60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4CAB5C89FB192A9DB317271F15592FBA (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 10/22/2016 at 20:57:56.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. Ran a malwarebytes scan they are gone for now but is there anything else i should do to make sure it doesnt come back?
  4. # AdwCleaner v6.021 - Logfile created 17/10/2016 at 20:13:31 # Updated on 06/10/2016 by ToolsLib # Database : 2016-10-16.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : M Brindle - BRINDLE # Running from : C:\Users\Matt Brindle\Downloads\AdwCleaner.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23 [#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23 [#] Key deleted on reboot: [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23 [-] Key deleted: HKU\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Reimage [-] Key deleted: HKU\S-1-5-21-2132574294-2563389170-2372604501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Reimage [#] Key deleted on reboot: HKCU\Software\Reimage [#] Key deleted on reboot: [x64] HKCU\Software\Reimage [-] Key deleted: [x64] HKLM\SOFTWARE\Reimage [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com ***** [ Web browsers ] ***** [-] [C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: hegneaniplmfjcmohoclabblbahcbjoe ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1910 Bytes] - [17/10/2016 20:13:31] C:\AdwCleaner\AdwCleaner[S0].txt - [2131 Bytes] - [17/10/2016 20:11:49] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2056 Bytes] ##########
  5. Everything seems good thank you for your help
  6. As of this morning everything looked good. I want to give it maybe another 12 hour window see if anything comes back up if not I would say the problem is solved! Thank you so much for your help and support!
  7. this morning malwarebytes had pum.bad.proxy as well as about 20 PUP.optional.PrxySvrRST files.....
  8. Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by M Brindle on Thu 06/11/2015 at 19:44:04.45. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Matt Brindle\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-06-11-141334.log 22568 bytes ==== System Restore Info ====================== 6/11/2015 7:44:31 PM Zoek.exe System Restore Point Created Successfully. ==== Deleting Files \ Folders ====================== "C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted ==== Reset Google Chrome ====================== C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Preferences.copy was reset successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences was reset successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Web Data.copy was reset successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\Metro\User Data\Default\Web Data was reset successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\Metro\User Data\Default\Web Data-journal was reset successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=518 folders=67 26378518 bytes) ==== EOF on Thu 06/11/2015 at 19:44:44.74 ======================
  9. Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by M Brindle on Thu 06/11/2015 at 9:56:15.44. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Matt Brindle\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 6/11/2015 9:56:52 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\BoostSoftware deleted successfully C:\PROGRA~3\SoftCouep deleted successfully C:\PROGRA~3\Systweak deleted successfully C:\PROGRA~3\TOSHIBA deleted successfully C:\Users\Matt Brindle\AppData\Roaming\Samsung deleted successfully C:\Users\Matt Brindle\AppData\Roaming\systweak deleted successfully C:\Users\Matt Brindle\AppData\Local\DriverToolkit deleted successfully C:\Users\Matt Brindle\AppData\Local\eSupport.com deleted successfully C:\Users\Matt Brindle\AppData\Local\NCSOFT deleted successfully C:\Users\Matt Brindle\AppData\Local\PackageStaging deleted successfully C:\Users\Matt Brindle\AppData\Local\Unity deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A2C1A68-C024-43F0-8720-3C11A55E1692} deleted successfully HKEY_USERS\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB800155-B418-479C-B10-7CD7862FA032} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\Users\Matt Brindle\AppData\Roaming\Updater deleted C:\Users\Matt Brindle\AppData\LocalLow\{DDB2DC53-EC6E-9B49-A20D-1E77959888F5} deleted C:\Users\Matt Brindle\AppData\Local\Packages\windows_ie_ac_001\AC\{DDB2DC53-EC6E-9B49-A20D-1E77959888F5} deleted C:\PROGRA~3\670e882868175d79 deleted C:\Users\Matt Brindle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRICEM~1 deleted C:\Users\Matt Brindle\.android deleted C:\Users\Matt Brindle\AppData\Roaming\DAC3.tmp deleted C:\Users\Matt Brindle\AppData\Roaming\F948.tmp deleted C:\PROGRA~3\PriceMeterLiveUpdate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Matt Brindle\AppData\Local\poetsch.bat deleted C:\Users\Matt Brindle\AppData\Local\DownloadManager deleted C:\Users\Matt Brindle\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\end deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\User deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com" [06/02/2015 01:59 PM] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[] Data Compression Proxy - Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajfiodhbiellfpcjjedhmmmpeeaebmep South Park - Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm Bookmark Manager - Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Chrome Hotword Shared Module - Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Preferences selectedDestinationName\":\"Save as PDF\"}","savePath":"B:\\Documents"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]besttacticallightguide.com,*":{"setting":1},"[*.]us.battle.net,*":{"setting":1},"[*.]www.applevacations.com,*":{"setting":1},"[*.]www.book.applevacations.com,*":{"setting":1},"[*.]www.gameex.com,*":{"setting":1},"[*.]www.gamespot.com,*":{"setting":1},"[*.]www.indoorpistolrange.com,*":{"setting":1},"[*.]www.riftgame.com,*":{"setting":1},"https://[*.]mydisneyphotopass.disney.go.com:443,*":{"setting":1},"https://[*.]plus.google.com:443,*":{"setting":1},"https://[*.]www.bellababyphotography.com:443,*":{"setting":1},"https://[*.]www.undercovertourist.com:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{"http://apps.padi.com:80,http://apps.padi.com:80":{"last_used":1433436146.499006,"setting":1},"http://nym1.ib.adnxs.com:80,http://www.dalaran-wow.com:80":{"setting":2},"http://www.icy-veins.com:80,http://www.icy-veins.com:80":{"setting":2},"http://www.wowhead.com:80,http://www.wowhead.com:80":{"setting":2}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]battlelog.battlefield.com,*":{"setting":1}},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]battlelog.battlefield.com,*":{"plugins":1},"[*.]besttacticallightguide.com,*":{"fullscreen":1},"[*.]us.battle.net,*":{"fullscreen":1},"[*.]www.applevacations.com,*":{"fullscreen":1},"[*.]www.book.applevacations.com,*":{"fullscreen":1},"[*.]www.gameex.com,*":{"fullscreen":1},"[*.]www.gamespot.com,*":{"fullscreen":1},"[*.]www.indoorpistolrange.com,*":{"fullscreen":1},"[*.]www.riftgame.com,*":{"fullscreen":1},"https://[*.]mydisneyphotopass.disney.go.com:443,*":{"fullscreen":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]www.bellababyphotography.com:443,*":{"fullscreen":1},"https://[*.]www.undercovertourist.com:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1}},"pref_version":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh4.googleusercontent.com/-q3k4J_R9qWA/AAAAAAAAAAI/AAAAAAAAKdM/E-LsPLF_wkU/s256-c/photo.jpg","gaia_info_update_time":"13078480832907993","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[0,null,null,null,null,7,0,null,9],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\Matt Brindle\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\Matt Brindle\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13041041394861423"},"shelf_alignment_local":"Bottom","signin":{"signedin_time":"13078308031015894"},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Search Engines","Sessions","Apps","App settings","Extension settings","History Delete Directives","Synced Notifications","Dictionary","Favicon Images","Favicon Tracking","Priority Preferences","Managed Users","Managed User Shared Settings","Articles","App List","Tabs","Encryption keys"],"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAADPPQ5sN96EKxBhlnpXLpHwAAAAACAAAAAAAQZgAAAAEAACAAAACUbU9h8yszudbTP2EwV/Rw2bTWAPxREsVE8eWtB/cqKgAAAAAOgAAAAAIAACAAAAADn0J4SAHyFCyr5UjWlaKIYwAnYF+No8jJZ5d9zlmmPEAAAABLCS6cI/jnmWGHr+844HMLTxFZjol1xKurKBU0YD3GayJCtFIZ/qgP4tNIvhN6tuP6cmiuC9z7jStPl6Euhj3uQAAAAGSyHlB9qPktg8cGL2Tzkdp5LQAVvgE7y2umrxJcBbQ2emuDcvZp2HroO2Dl/mF0Hef62xsryrdKgpiVNtGiSY0=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13078308031064310","has_auth_error":false,"has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAADPPQ5sN96EKxBhlnpXLpHwAAAAACAAAAAAAQZgAAAAEAACAAAAAUxo6Wdab64r2wGPSeOi/d/Du5S08eA7XRbXfsT0biUQAAAAAOgAAAAAIAACAAAAAY0+6LUcaxbtuNH1eOZ+ZkNSiqUmqEFcd1mSubyAyFClAAAACtlgHZyj1UAfWlL8lE75aLLO0QhNkaocrU23aSvW8LiCBWC+qNvCmCVSKU1d/cQW9ntBGSUSiJmKPsM9H8llAsg36x+WqDEFIa3+1tEXGV6EAAAADyEcUgaX7rm9mRVJg07lqaG5+zib0/LmDO/1b3dJOoEDCnAAa8amukHTsEwdPmVYvC4RvU50ZeWKF2rPNK77Hg","last_synced_time":"13078504756861582","managed_user_shared_settings":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncCWvEp/XfhGtV2VhB+nLT6Q==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"user_skipped":true},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"es":1,"zh-TW":0},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"es":0,"zh-TW":1},"translate_last_denied_time":1433743157988.823,"translate_site_blacklist":[],"translate_whitelists":{}} ogle.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"brindle023@gmail.com","username":"brindle023@gmail.com"}},"homepage":"https://www.google.com/","homepage_is_newtabpage":true,"pinned_tabs":[],"prefs":{"preference_reset_time":"13077468691128514"},"protection":{"macs":{"browser":{"show_home_button":"32934A60002B682365D51889530A3CB5C9F940375D255EBD3DAB783E12A30709"},"default_search_provider":{"keyword":"81F58FF2A514009E59FE5FBEDE271D7B6B4204CC37685732889AAC483145EC2C","name":"8B10BF747BBD8B5C385ABD9B4EF49E5AF80C91C81EFE8F1DF7F5C075B1350A6A","search_url":"8B28C26775D66DFCC9238CAFE7D4C8C09F7D1880A28397547BF82415AB3F7AEE"},"default_search_provider_data":{"template_url_data":"05DA9A36A230D0C7486F5E994EE27306664F7804D2D92219F0B8FD924D81F937"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"1763861D6FE15077CE9EBE064426D8990A6374167C77CC781562BE9F0D905BFB","ajfiodhbiellfpcjjedhmmmpeeaebmep":"E2031BFF3D9F8EB9CE29C811BFC79CD8A6532CAE2A8C4D757C3C16F9421E132C","aoiakcboakkfknbginpmpfkcdmcmpnfm":"75C12090F4C716C24C2E63A4D611AFB2D6392D915DC9E5C345D44CBABD866EDF","bepbmhgboaologfdajaanbcjmnhjmhfn":"B2ECD108BC5EDCAAFB19AEB36746C05C8F52370781F1DFF69C789BB356DF2ADB","blpcfgokakmgnkcojhhkbfbldkacnbeo":"590FA0DFC1EC0D38AA398E2CABAFABEDA94D6B3A2A3D0A7729EC118ADC567F1B","booedmolknjekdopkepjjeckmjkdpfgl":"10FE4316683D229D8335197FAE8B822535A79DA78780E5F5D44679286AB2202C","coobgpohoikkiipiblmjeljniedjpjpf":"1189CB0BE4281E75C239D09D0305155DD473864B088AE2C5406CBDAF4BD544F1","dbhjdbfgekjfcfkkfjjmlmojhbllhbho":"C778647DD4EBA8D75D580737DD81AE731CBC3035C5D5BFA0DA485932DBF763C7","dnhpdliibojhegemfjheidglijccjfmc":"C8B5C1FB28D90AC2AE0DDBF782F88B83D961F2280FCFD2AC50C183EC84F80C73","eemcgdkfndhakfknompkggombfjjjeno":"D334400940302ADAE22492C15B965390EEA808E273A740F5BF3A73065D78CB83","ennkphjdgehloodpbhlhldgbnhmacadg":"F23F2D47E54F12A02B7633F40B5919B2C03EDA59B68AC9555D7514D13C0F915C","flpcjncodpafbgdpnkljologafpionhb":"C1517720B5B3E50526AC4A7E10F368893E7BA07143DB98E8DABCA1507E0A2DD3","gfdkimpbcpahaombhbimeihdjnejgicl":"0CB30CE7F2150A61B387602002C1788B6C727F3DFDFA2347D12A2C3B9992A65F","gmlllbghnfkpflemihljekbapjopfjik":"5817BE38E2D02074F1217BCCE7B51420EF6C90C1E65E06DD34DCE89B2CABD0DD","kmendfapggjehodndflmmgagdbamhnfd":"5C31FB667A264FAEC673FE8D63B7BCF8E515D67BE06CFDEB27546B573930F2A4","lccekmodgklaepjeofjdjpbminllajkg":"F204A42A47105D24BF0494041FE079DE695A21C9E0DF7F86D33BDD16377BD6A2","mfehgcgbbipciphmccgaenjidiccnmng":"AF51D6E757FF695DF29D63B1A01D5CD960C962F5E4372B87BC1697EBDD769FD1","mfffpogegjflfpflabcdkioaeobkgjik":"736E8C8BEC3FAF3EE2AF5CD9A70C3428BB1D39C27C8B01B74ECBD7B181B47178","mgndgikekgjfcpckkfioiadnlibdjbkf":"153967851877B579CFCDE42747ADDCB6FF1A422E80DD4FA4922F6A8EC9DE93EA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"05796935D441ABD9A53B56907CF552C1DE88C37D39AF95B425AB3D7CC36BD367","nbpagnldghgfoolbancepceaanlmhfmd":"6F3E7F5EE082D39A484336D2988DFCFA77C5D1E70A7E514E82F2382401477806","neajdppkdcdipfabeoofebfddakdcjhd":"A1067C92B13AE033E5098AB68533BB7181B9382E92F4A83AB573F8DA089A889B","nkeimhogjdpnpccoofpliimaahmaaome":"2E496DE0A243EFD0E473A2657C1F7F4F4414A136B6A7BC288A7B3F5FBCB56157","nmmhkkegccagdldgiimedpiccmgmieda":"2DD0B63546554A3F801DCD6B0F44872C112355724F9FAE13BAA2BDF446E08F62","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"865B7AB119816E8D28F915A633B14D852A6CB62186CB5A43766943582ABF87BD","pflphaooapbgpeakohlggbpidpppgdff":"2D011755E99C138014BD6138D94A8F26DE863882F5E083619AF074357727B019","pjkljhegncpnkpknbcohdijeoejaedia":"B25EE68320A425B5E4B5ACAC58DA23A05A17533A8EA823472CC4077DF516DFB6"}},"google":{"services":{"last_username":"B5BA284B69A4BF3BE75FAEA3083EFF9AB1D8A5E7D2574BE40F39861FB954E091","username":"E66D621AF1D10EAB10562D5AE5AC634D36294A2D7FE4EB1F4B330A9B84980239"}},"homepage":"9BC8CD99883C258C9DB765E3BBC2CB9B84B643E57B4FD092F87F80F72203EE6C","homepage_is_newtabpage":"6259815EE28A338516FE020CC0F4E3F34D4887A0E745884F85A28F0A35721597","pinned_tabs":"0250D69350BE94281A871BF5D9ACAC2D477052433081691E609BEB54F3FE52A4","prefs":{"preference_reset_time":"5136256028A6035C1D53C88BA6B991FE6A3412B6611EA5A59762EDBEC0E3277E"},"profile":{"reset_prompt_memento":"BC7D2792DA43806150B161D4F6A85DFF6A3F7EA375EFB5C41DB14925A53B25FF"},"safebrowsing":{"incidents_sent":"FC516F2EA53C01D3A07578CCB53A178F9AD2E045C4C8D92DECB0C16E917AB76F"},"search_provider_overrides":"52D18304A25BB0031129BB511A7E22A2DA096257B373D2BD0DED36E7776600E4","session":{"restore_on_startup":"9A263E00DF0D5A485CBC28F0FBE614DA406BBC096F6DFC50284DA67FF3377271","startup_urls":"E7CA78FB3FFF5EFD13AE2A43F76A20A283EF790C8A72931FA06E0F76A6EAD2DE"},"software_reporter":{"prompt_reason":"7B65B2106BC01B47CE6A2F2056B2662B95AB4B7C2BE50A70DFB28EC1B8D1ECF0","prompt_seed":"9558EB3869FF011747CF773AF5DB8835D0930FA135FBBCBBC9C7935E5C821BB0","prompt_version":"786B4CB76824D6E2116DF7E18081A8BA7B9B367BE21508E53D5D91734C3DC37F"},"sync":{"remaining_rollback_tries":"15343B1C0439A11420AA77528E9555E3193459BBDFE1BD096DC6554E7FFB6DC3"}},"super_mac":"D4DFF1F0DF2FC58FD629A77F3A9F3531D3EA5C12427C49D2224AA71DD0E7B639"},"session":{"restore_on_startup":4,"startup_urls":["http://www.youtube.com/"]},"sync":{"remaining_rollback_tries":0}} C:\Users\Matt Brindle\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences "homepage": "http://www.google.com", "homepage": "http://www.google.com", "urls_to_restore_on_startup": [ "http://www.google.com"] "urls_to_restore_on_startup": [ "http://www.google.com"] ==== Chromium Fix ====================== C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mousesavers.com_0.localstorage deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mousesavers.com_0.localstorage-journal deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage-journal deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dealsplus.com_0.localstorage deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dealsplus.com_0.localstorage-journal deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.goodsearch.com_0.localstorage deleted successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.goodsearch.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_USERS\S-1-5-21-2132574294-2563389170-2372604501-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Matt Brindle\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Matt Brindle\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Matt Brindle\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Matt Brindle\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Matt Brindle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Matt Brindle\AppData\Local\Google\Chrome\Metro\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=517 folders=67 26338908 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Matt Brindle\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ======================
  10. Pum.bad.proxy keeps popping up i cant get rid of it can you please help?! Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.