Which Zoek do I download Zoek.exe or Zoek.zip or Zoek.rar?
Zoek.rar
This is what happened (NOTE I DID NOT REBOOT YET).
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Eldar on Sat 09/27/2014 at 11:28:48.38.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eldar\Downloads\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 11:29:30.97 =====
— Create Environment Variables 11:29:33.05
— Create System Restore Point 11:29:44.72
— Checking Input 11:30:08.36
— Recently Created 11:30:44.11
OK HERE IS THE COMPLETE NOTEPAD: atatched
Re-run zoek and run this script:
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Eldar.job;f
faminaibgiklngmfpfbhmokfmnglamcm;chr
autoclean;
emptyclsid;
I think problem is solved
Computer rebooted here are the results:
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Eldar on Sat 09/27/2014 at 12:16:16.19.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eldar\Downloads\zoek (2).exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-09-27-153704.log 40748 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2492485236-1088816934-3993335966-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2492485236-1088816934-3993335966-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\prefs.js deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Search Extensions deleted
C:\extensions deleted
C:\user.js deleted
C:\found.000 deleted
C:\Users\Eldar\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Eldar\AppData\Local\Installer deleted
C:\Users\Eldar\AppData\Local\CrashRpt deleted
C:\Users\Eldar\AppData\Local\Google\Chrome\User Data\Default\External Extensions{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\Users\Eldar\AppData\LocalLow\Yahoo! deleted
C:\Users\Eldar\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
“C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Eldar.job” deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
“wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF” [09/20/2014 04:45 PM]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[08/25/2011 08:41 AM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09/20/2014 04:45 PM]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[06/10/2014 05:54 PM]
Google Slides - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Website Logon - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa
PanicButton - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm
Google Sheets - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
avast Online Security - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealPlayer Downloader - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Eldar\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm deleted successfully
C:\Users\Eldar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_faminaibgiklngmfpfbhmokfmnglamcm_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.google.com/”
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.google.com/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02”
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url=“http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YTDownloader deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eldar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eldar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Eldar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=90 folders=56 2685708 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Eldar\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Eldar\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:$RECYCLE.BIN successfully emptied
==== EOF on Sat 09/27/2014 at 12:41:06.78 ======================
How is the situation now?
Mr. Argus,
So far so good, I do not see Avast messages popping up about the Adware being placed into the Chest. Let’s wait a little longer, I will leave it running for a couple of hours. Thank you and I will be making a donation to you. Just a quick question:
- Should I uninstall FRST
- Should I uninstall ZOEK, now that I am done.
- Is the Advanced Care 7 ok to have? I uninstalled it.
- Do you have any recommendation for online browsing safetey, I know I have AVAST online, but do you recommend it?
Zoek delete. Right click > delete
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b]).
.
3. Is the Advanced Care 7 ok to have? I uninstalled it.
Crap program ;D
Malwarebytes is a good program.
I recommended to use MCShield if you will.
You may download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
3. Is the Advanced Care 7 ok to have? I uninstalled it.It comes from a software company (IObit) with some shady business ethics
You can read here
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217