Jump to content

ktm

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Not sure if it was able to attach, here is the content copied and pasted: Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by alandal on 29/06/2015 at 20:52:09.03.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\alandal\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 29/06/2015 9:02:49 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Channel Sub Box for deleted successfullyC:\PROGRA~2\MSXML 4.0 deleted successfullyC:\PROGRA~2\predm deleted successfullyC:\PROGRA~2\TampaInit deleted successfullyC:\PROGRA~2\Winamp deleted successfullyC:\Program Files\Google deleted successfullyC:\PROGRA~3\Evernote deleted successfullyC:\Users\alandal\AppData\Roaming\TP deleted successfullyC:\Users\alandal\AppData\Roaming\Windows Live Writer deleted successfullyC:\Users\alandal\AppData\Local\CrashDumps deleted successfullyC:\Users\alandal\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\alandal\AppData\Local\EmieSiteList deleted successfullyC:\Users\alandal\AppData\Local\EmieUserList deleted successfullyC:\Users\alandal\AppData\Local\LogMeIn Rescue Applet deleted successfullyC:\Users\alandal\AppData\Local\SmartWeb deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Channel Sub Box for not foundC:\PROGRA~2\predm not foundC:\PROGRA~2\TampaInit not foundC:\PROGRA~2\Winamp not foundC:\PROGRA~3\13616009379122427623 deletedC:\PROGRA~2\Yahoo! deletedC:\PROGRA~2\globalUpdate deletedC:\user.js deletedC:\Users\alandal\AppData\Roaming\8DA03091-1434359162-E111-A246-B888E343D31D deletedC:\Users\alandal\AppData\Roaming\Yahoo! deletedC:\Users\alandal\AppData\Local\globalUpdate deletedC:\Users\alandal\AppData\LocalLow\Company deletedC:\Windows\wininit.ini deletedC:\Users\alandal\Documents\Optimizer Pro deleted"C:\Users\alandal\AppData\Local\37ff855df68c543e2790e4d8854fe207" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com" [15/06/2015 08:22 PM][HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [26/09/2014 05:49 PM] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsdbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[]efaidnbmnnnibpcajpcglclefindmkaj - No path found[] Chrome Hotword Shared Module - alandal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\alandal\AppData\Local\Google\Chrome\User Data\Default\Preferencesences":{},"initial_keybindings_set":true,"install_time":"13078982819333165","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\ProgramFiles (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13078982838785065","lastpingday":"13079948405778749","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"0742790165DBD4EFFAD3229665AC78CB541BA5EC91D7E0A040C0D50DB6B3C785"},"default_search_provider":{"keyword":"FF7741C287492A785C3237B3300A0E1E4752208EBF31D3D6277625E496DE4659","name":"DC733BB42384F34A6A5CC2C4E05CE452ADCB3C2A9D90BBED67E8CB9289FFEBB4","search_url":"B3A516C0859159DDF342962FC5938493F6521C0DB67D3F96573B894B911B143C"},"default_search_provider_data":{"template_url_data":"E31EB09336EBBCA22909BEF438B4E27F765C0608A883CE84753CA20C0026A3B5"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"9358D2067D3E135B5F7CE8D1CBCD5C09597832B7FB5DDDF77074BB442E2D1526","ahfgeienlihckogmohjhadlkjgocpleb":"644406528C8CAB3DA622AFBC62A21B76E6D75A66297EBADD5639DF23E698D177","aohghmighlieiainnegkcijnfilokake":"6D1E8F7333F13D8E2E038047E98F73DF1EDD959A400EB94EE47BC7383BE8C1A3","apdfllckaahabafndbhieahigkjlhalf":"DCCD8B30E3D7051CF614121056803B6F77F4E19B47DB12E129E5E722F0826F02","bepbmhgboaologfdajaanbcjmnhjmhfn":"09426ED48884301EC4CA46B262BE0843AEE0214FB4F26C1AE618D9A1856204E2","blpcfgokakmgnkcojhhkbfbldkacnbeo":"3F6DC8182E1A809C1069AA2DD54BBF79190BDBBA71F267B0BA3BBD9467AF7AE5","coobgpohoikkiipiblmjeljniedjpjpf":"788A36C6A5E2384FD98816A8CFD100AEB679810CA684712C6BA5409909479E72","dbhjdbfgekjfcfkkfjjmlmojhbllhbho":"B4E822C6851F6F2B0DEA8AE164F06753264D9F96FF4D4997CE2309A0E05E51B1","eemcgdkfndhakfknompkggombfjjjeno":"7AC8D151EE8A6DC6961E303C4820AB5EB16E3BCBA914EDB4D3D3478B17B2647B","efaidnbmnnnibpcajpcglclefindmkaj":"F0FA745FC6B419F58E9BB64921EA49EAF067BD0CD4BB58D294D695F0397C0391","ennkphjdgehloodpbhlhldgbnhmacadg":"CA92FCA267A9D632F19B59E52F18495634C6651DE288E3DF2F7D287E379ED8CF","felcaaldnbdncclmgdcncolpebgiejap":"11787E4167E6C0C5A7D100C6F93CEB98DFFD7490CAA577CA0BE1A2B45CF69B7E","gfdkimpbcpahaombhbimeihdjnejgicl":"0447B8299E1E1E71FBF99212D17720D6CA1162304964B3584223BB3B9025B5BF","kmendfapggjehodndflmmgagdbamhnfd":"81E94E4FB690E19A3E5E247B92BAE724CB4882E98D2990E18AB805B7110393B0","lccekmodgklaepjeofjdjpbminllajkg":"A2967F86682371FCD57E15B9FF1BB04FF6B4FDCFB665495E74E1E0F3B0A75AF7","mfehgcgbbipciphmccgaenjidiccnmng":"D9F348014447EB49B752964EF06821209D6C31CB3802024032D8FFBCF568E76D","mfffpogegjflfpflabcdkioaeobkgjik":"628D9BEDD45FBC5969AB9A0F7857B9AC1CE8E5B244752E3FAF5E01E683EDFBE4","mgndgikekgjfcpckkfioiadnlibdjbkf":"9E8388C44D9456CF2DF1F23D8133D969AA491EEE3BBB9F1B097EAC9607370509","mhjfbmdgcfjbbpaeojofohoefgiehjai":"09ACBDDF5110BBB8A6090084091D80CF4EA46FF8A3967E40504F923B58FB5BB9","nbpagnldghgfoolbancepceaanlmhfmd":"D4F9849C6B2AC7E89C7479543D54EA03AAA07F060F1CAE4CB561D98C06362F70","neajdppkdcdipfabeoofebfddakdcjhd":"4E7317755BFB2E41E8255EFC7396FFFFCEA397887AAE49ADD7DE8B8B117BCA01","nkeimhogjdpnpccoofpliimaahmaaome":"02F424DCF19BB493F083C2B67358ABB83C1B90ECA1383E2207C5D0B1089D99F5","nmmhkkegccagdldgiimedpiccmgmieda":"0B12448196600FDD8B7989D7E2B44665793FBC846FFDBCC0CD0EB1CC283F19E0","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"455500C3B127698EBE9B38B3E080F3D8F8E39DD5D581C89E182FB7B64CE2F145","pjkljhegncpnkpknbcohdijeoejaedia":"50771098E9F3A9E9347C09A462F37DF4DC124B13CD438821ED7E8B5BEB019C1D"}},"google":{"services":{"last_username":"864F4618C04534C7DB1A32DBA59651407B9379BCE9232183E0419AD8CF30A91F","username":"3506B7A6BAA7A42749931E031B51F5E1A5697EF010FD1687552715F1518C8F60"}},"homepage":"2EAAF3F4B34AF994A8CEFEFB8FB796D9AEF76B3B9BD40082D2644B3347DF66E0","homepage_is_newtabpage":"9E44173133522722A0B2EB7F4F378F0A57AFC6914B9F9AD934B6F6F877EDA130","pinned_tabs":"6D60DA2E5AA8F26A60975F427C6162A8E33EEF69F6FA3A3467A82DB9631C016D","prefs":{"preference_reset_time":"C29FA3401B9A4E0DEB221B1F154B2874353A0C267EAAD77699E63A0318C1CE15"},"profile":{"reset_prompt_memento":"A5FE7498B25220250ED67A3E26C8BE6247085F34F3A058207E8C17B9C653B3EF"},"safebrowsing":{"incidents_sent":"81C8B64606F56395301B7FA6A308556DFB1D2F3B9B77AB77C17EF2CEC9DDCF30"},"search_provider_overrides":"4C6C726F9C74AEDBE008B7DEFDDD5BC032EBC3384E243E2DF0277836BEA5AC7C","session":{"restore_on_startup":"04C5484042267E0B52AEDDAA45800DDA0E06DA331F99CE9DA1F402D26E79C225","startup_urls":"851DE4989444B1ED68C58D2F09528DCE935D285C6555F22B28B4DA21475A42D8"},"software_reporter":{"prompt_reason":"2140D50BC6F50B56A1F50329F5D686932E05034BDFF52BEAA7A3FF377BEDF95E","prompt_seed":"577EE3956816213734448A37501D625FE99BD33EAC4B59EC1AE42855A133022F","prompt_version":"83F2950C0243770619EF7B76D4DCCC35523E0C986CDA6F99C67E7F21B73DCE3F"},"sync":{"remaining_rollback_tries":"F98124092A8A8A147BE0B53E423EC0B382EFAB7B134758AB5735C9BC7BB7BC0F"}},"super_mac":"17170702BF7231453F095FBB01818F2281FD007DBC80CC47D7E7795745B3C0BA"}} ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.cbc.ca/" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.cbc.ca/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"{F8FB9CF8-EEA1-445D-AABA-DB0ED89E81B6} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\alandal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\alandal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\alandal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=10 folders=10 71034 bytes) ==== Empty Temp Folders ====================== C:\Users\alandal\AppData\Local\Temp will be emptied at rebootC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\alandal\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 29/06/2015 at 21:32:44.38 ======================
  2. Yup, it found 22 threats (none of them had cloudscout in the title). I deleted all of them and restarted the computer. When I went back on to chrome the cloudscout ads were still there
  3. Scanned with Malwarebytes and CCleaner but popups and underlined words linking to CloudScout ads are still there Scanned with Farbar and have attached the results Thank you in advance Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.