Jump to content

Infected windows 7 machine


Arimyth
 Share

Recommended Posts

My windows 7 desktop seems to be infected with some kind of adware. It has evaded multiple malwarebytes scans as well as bitdefender pro scans. There are several culprits, including puttr18, searchbind.net, pipeschannels, adsh*t, etc. These will open in a new tab at any time, even if I click somewhere random on the screen where there isn't any kind of visible trigger. They will either redirect to some scammy site or just close on their own. I have found NO way to prevent this. There appear to be no fishy programs on my computer, no fishy processes running, nothing. Initially virus scanning yielded a couple results, but the problem persists and they no longer find anything. Another thing that happens is that certain words will be highlighted and clicking on them will open some more scam sites. This works and has been tested with both browsers on my computer (chrome and opera) whether in incognito, private browsing, new sessions and users, doesn't matter. This means it's on my computer and not an extension or anything like that.

Link to post
Share on other sites

Thanks for those logs, do not see any obvious Malware or Infection.... continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.


Do not use the delete option until i`ve had a look at the log..

Let me see those logs in your reply...

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

Attached is Fixlog.txt, below typed out is the RogueKiller log. 

RogueKiller V12.11.19.0 (x64) [Oct  9 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brandon [Administrator]
Started from : C:\Users\Brandon\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 10/12/2017 13:04:39 (Duration : 00:15:22)

¤¤¤ Processes : 11 ¤¤¤
[Suspicious.Path] Franz.exe(1296) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(5776) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(6132) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(6944) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(6952) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(6960) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(6968) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(6976) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(7004) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(7056) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found
[Suspicious.Path] Franz.exe(7100) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found

¤¤¤ Registry : 7 ¤¤¤
[PUP.AdInstaller] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Run | Franz : "C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe" [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Run | Franz : "C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe" [7] -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{CB7CAA57-403D-40EF-A6DA-47828019907F} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (https://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsProgressBar) -> Found

¤¤¤ Files : 8 ¤¤¤
[PUP.AdInstaller][Folder] C:\ProgramData\AnyDesk -> Found
[PUP.AdInstaller][File] C:\Users\Public\Desktop\AnyDesk.lnk [LNK@] C:\PROGRA~2\AnyDesk\AnyDesk.exe -> Found
[PUP.AdInstaller][Folder] C:\Users\Brandon\AppData\Roaming\AnyDesk -> Found
[PUP.AdInstaller][Folder] C:\ProgramData\AnyDesk -> Found
[PUP.AdInstaller][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk -> Found
[PUP.AdInstaller][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [LNK@] C:\PROGRA~2\AnyDesk\AnyDesk.exe  --control -> Found
[PUP.AdInstaller][Folder] C:\Program Files (x86)\AnyDesk -> Found
[PUP.AdInstaller][File] C:\Users\Public\Desktop\AnyDesk.lnk [LNK@] C:\PROGRA~2\AnyDesk\AnyDesk.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 8 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Shortcuts for Google? [baohinapilmkigilbbbcccncoljkdpnd] -> Found
[PUP.Gen0][Chrome:Addon] Default : New tab page by start.me [cfmnkhhioonhiehehedmnjibmampjiab] -> Found
[PUP.Gen0][Chrome:Addon] Default : Chameleon [dmpojjilddefgnhiicjcmhbkjgbbclob] -> Found
[PUP.Gen0][Chrome:Addon] Profile 1 : Chameleon [dmpojjilddefgnhiicjcmhbkjgbbclob] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://mail.google.com/mail/u/0/#inbox|https://www.evernote.com/Home.action|https://calendar.sunrise.am/|https://mail.google.com/tasks/canvas?pli=1] -> Found
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [http://soundcloud.com/ecnetwork|http://gmail.com/] -> Found
[PUM.HomePage][Chrome:Config] Profile 2 [SecurePrefs] : session.startup_urls [http://soundcloud.com/sylexserver] -> Found
[PUM.HomePage][Chrome:Config] Profile 3 [SecurePrefs] : session.startup_urls [http://soundcloud.com/arimythalt] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: PNY CS1311 120GB SSD ATA Device +++++
--- User ---
[MBR] 1cb7da68115b8c1bdaa439b97bb11260
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - Macintosh HD | Offset (sectors): 409640 | Size: 113653 MB
2 - Recovery HD | Offset (sectors): 233172072 | Size: 619 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM003-1SB102 ATA Device +++++
--- User ---
[MBR] 7bb3d976a7e654cf9e91dcaaa64db91b
[BSP] 4c29f22e8a77b43c5c612fe7526510f6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: PNY CS1311 240GB SSD ATA Device +++++
--- User ---
[MBR] 3c08e76ebe56156c24e216a6ae070af0
[BSP] d51cf52efaeef13bfec458489acce777 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - Windows | Offset (sectors): 411648 | Size: 228735 MB
User = LL1 ... OK
User = LL2 ... OK

Fixlog.txt

Link to post
Share on other sites

RogueKiller found entries all check ok, what is the current status of your system, are there any remaining issues or concerns..?

One more scan:

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.
Link to post
Share on other sites

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Next,

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

*.exe Mirror http://smeenk.247fixes.com/Tools/zoek.exe

Temporary disable your AntiVirus and AntiSpyware protection - instructions here or here
 
  • Right-click on user posted image icon and select user posted image Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
Quote

createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
iedefaults;
FFdefaults;
CHRdefaults;


  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply. Don't forget to re-enable security software!

 

Post those logs, also let me know if any issues or concerns remain..

Thank you,

Kevin.......

Link to post
Share on other sites

Attached is zemana.txt, and pasted below is zoek-results.txt:


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Brandon on Sat 10/14/2017 at 22:29:04.03.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Brandon\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

10/14/2017 10:29:50 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\McAfee deleted successfully
C:\PROGRA~3\AquaSnap deleted successfully
C:\Users\Brandon\AppData\Roaming\QuickScan deleted successfully
C:\Users\Brandon\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default\prefs.js:

Added to C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\McAfee not found
C:\PROGRA~2\VstPlugins deleted
C:\Users\Brandon\AppData\Roaming\Unity deleted
C:\Users\Brandon\AppData\Roaming\Visual Studio Setup deleted
C:\Users\Brandon\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Brandon\AppData\Local\Unity deleted
C:\Users\Brandon\AppData\LocalLow\Unity deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cookies" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cookies-journal" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\modules.log" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cache\data_0" deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cache\data_1" deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cache\data_2" deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cache\data_3" deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cache\index" deleted
"C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_0" deleted
"C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_1" deleted
"C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_2" deleted
"C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_3" deleted
"C:\Users\Brandon\AppData\Roaming\discord\GPUCache\index" deleted
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage-journal" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage-journal" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node" deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node" deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node" deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node" deleted
"C:\Users\Brandon\AppData\Roaming\discord" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\Cache" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\GPUCache" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_contact_import" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_rpc" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_utils" not deleted
"C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_voice" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default
2C6C5C551AF6ED376960A12CEB5DE3D3    - C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll -    Java(TM) Platform SE 8 U121
3391BC7B2BDAF9B07564BB4AEF0BC098    - C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 8.0.1210.13
9E01CD6E36D2C1F60030687C90A40753    - C:\Users\Brandon\AppData\Roaming\Zoom\bin\npzoomplugin.dll -    Zoom launcher - 3.0.1


==== Chromium Look ======================


BIODIGITAL HUMAN - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
Shortcuts for Google™ - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
Desmos Graphing Calculator - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko
ColorZilla - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp
Math Mahjong - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbcfbhpnngegochhbdlanodnmijfplal
uBlock₀ - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm
Google Tasks - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\denjcdefjebbmlihdoojnebochnkgcin
Tampermonkey - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Chameleon - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob
Flashcards - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae
Razor Robotics - Learn about Robots - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkgahnohapkoinbbljfnihggdleofpg
Black Menu for Google™ - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke
Favicon Badges - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnaohmeicdkcipkhddeaibfhmbobbfm
IQTELL - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdccnpaoemhnnmekglmjlpeeochillh
GoToMeeting Pro Screensharing - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp
Planetarium - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp
Best Education Apps - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglmfdgjlbhgpmadafhlekoafbodhfna
StudentBook - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiimjijildjkajollpjecaocbbjfobed
Vector Paint - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo
Reddit Enhancement Suite - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Poppit - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
3D Solar System Web - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd
Boomerang for Gmail - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll
Guitar Chords - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh
ChemReference Periodic Table - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpnebljmdbglkmlnijcaplhfhkhdnib
True Key™ by Intel Security - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn
videospeed - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk
Save to Pocket - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Scientific Calculator - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog
Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
uBlock₀ - Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm
Chameleon - Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob
Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully
C:\Users\Brandon\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully
C:\Users\Brandon\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Brandon\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4937 folders=528 509051043 bytes)

==== Empty Temp Folders ======================

C:\Users\Brandon\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Brandon\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Brandon\AppData\Roaming\discord\Cookies"  not found
"C:\Users\Brandon\AppData\Roaming\discord\Cookies-journal"  not found
"C:\Users\Brandon\AppData\Roaming\discord\modules.log"  not found
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage"  not found
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage-journal"  not found
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage"  not found
"C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage-journal"  not found
"C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
"C:\Users\Brandon\AppData\Roaming\discord"  not found

==== EOF on Sat 10/14/2017 at 22:42:00.13 ======================
 

zemana.txt

Link to post
Share on other sites

Set your system to run in Clean Boot mode, that is all none system services disabled. Obviously any that effect internet or security can be left active. Full instructions at following link:

https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

Let me know if there is any improvement...

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.