Jump to content

groovorio--please help

leodnut

By leodnut
in Resolved Malware Removal Logs

 Share

Recommended Posts

TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites
leodnut

leodnut

Posted
  • Author
Posted

Here's the result:

 

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Leona on Mon 12/01/2014 at  0:29:11.03.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leona\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe.pif [scan all users] [script inserted]

===== Runcheck  0:31:41.56 =====

--- Create Environment Variables  0:31:43.51
--- Create System Restore Point  0:31:52.49
--- Checking Input  0:31:59.85
--- AU AppData Check  0:32:06.56
--- Remove From Windows Installer  0:32:11.11
 

Thanks for your help.

Link to post
Share on other sites
leodnut

leodnut

Posted
  • Author
Posted

Here's the result:

 

Zoek.exe v5.0.0.0 Updated 29-11-2014

Tool run by Leona on Mon 12/01/2014 at  0:29:11.03.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Leona\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe.pif [scan all users] [script inserted]

===== Runcheck  0:31:41.56 =====

--- Create Environment Variables  0:31:43.51

--- Create System Restore Point  0:31:52.49

--- Checking Input  0:31:59.85

--- AU AppData Check  0:32:06.56

--- Remove From Windows Installer  0:32:11.11

 

Thanks for your help.

 

I think I may have posted the wrong information. Here is the zoek report:

Zoek.exe v5.0.0.0 Updated 29-11-2014

Tool run by Leona on Mon 12/01/2014 at  0:29:11.03.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Leona\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe.pif [scan all users] [script inserted]

==== System Restore Info ======================

12/1/2014 12:31:58 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~3\ALM deleted successfully

C:\Users\Leona\AppData\Roaming\FirefoxToolbar deleted successfully

C:\Users\Leona\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1407123308-3660940682-995406574-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_USERS\S-1-5-21-1407123308-3660940682-995406574-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_USERS\S-1-5-21-1407123308-3660940682-995406574-1000\Software\Microsoft\Internet Explorer\SearchScopes\{64C2A17D-9817-4215-8D9B-C1319D06504B} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Leona\AppData\Roaming\Mozilla\Firefox\Profiles\0pun12.default

---- Lines Techgile removed from prefs.js ----

user_pref("extensions.Techgile.asul", "1417408715127");

user_pref("extensions.Techgile.aul", "1417408645074");

user_pref("extensions.Techgile.irl", true);

user_pref("extensions.Techgile.is", "IM27lsUS");

user_pref("extensions.Techgile.ug", "028C187D-905F-4D9E-A155-4221DE97C8AB");

---- Lines snipsmart removed from prefs.js ----

user_pref("extensions.snipsmart.asul", "1417414047869");

user_pref("extensions.snipsmart.aul", "1417414054073");

user_pref("extensions.snipsmart.irl", true);

user_pref("extensions.snipsmart.is", "ob301ppUS");

user_pref("extensions.snipsmart.ug", "64AFFA39-CCA3-41FC-B7A0-61A0AEA2F3AF");

---- Lines groovorio removed from prefs.js ----

user_pref("browser.newtab.url", "http://groovorio.com/?f=2&a=grv_otbrw2_14_35&cd=2XzuyEtN2Y1L1QzutB0A0BtB0B0DtC0EzytAyD0EyC0B0CzytN0D0Tzu0StCtDyCyEtN1

---- Lines search.net removed from prefs.js ----

user_pref("browser.search.order.1", "default-search.net");

---- FireFox user.js and prefs.js backups ----

user_20141201_1248_.backup

prefs_20141201_1248_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted

C:\Users\Leona\AppData\Local\StormWatch deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Users\Leona\Downloads\firesaver.exe deleted

C:\Windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job deleted

C:\Windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

"C:\Windows\Installer\5c72a.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [10/27/2014 03:55 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Leona\AppData\Roaming\Mozilla\Firefox\Profiles\0pun12.default

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Leona\AppData\Roaming\Mozilla\Firefox\Profiles\0pun12.default

8303B3CEC05500F763B4FA75210598BB    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll -    Shockwave Flash

E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\Leona\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bopakagnckmlgajfccecajhnimjiiedh - No path found[]

iomphmdalfmaifjccmagmllnicjoghhk - No path found[]

Google Voice Search Hotword (Beta) - Leona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{64C2A17D-9817-4215-8D9B-C1319D06504B}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64C2A17D-9817-4215-8D9B-C1319D06504B}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{9F62B5E9-74DC-4244-9726-C94F2A111B9D} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1407123308-3660940682-995406574-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9F62B5E9-74DC-4244-9726-C94F2A111B9D} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Leona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Leona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5H9CHS8 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Leona\AppData\Local\Mozilla\Firefox\Profiles\0pun12.default\cache2 will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\Leona\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27 folders=16 96473394 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Leona\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Leona\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Leona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5H9CHS8" not found

==== EOF on Mon 12/01/2014 at  0:55:40.46 ======================

 

Link to post
Share on other sites
leodnut

leodnut

Posted
  • Author
Posted

Zoek did its job. Any progress now?

Groovorio is gone, but it looks like I have a few other problems.

 

I've got something called Shopop that I can't delete.

Also Disable AMT Profile Synchronization... is something I don't recognize and can't delete.

Also, displaylink core software.

 

Any Ideas on these?

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites
leodnut

leodnut

Posted
  • Author
Posted

Here are the results:

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Leona on Mon 12/01/2014 at 13:21:03.11.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leona\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-01-075540.log    8967 bytes

==== System Restore Info ======================

12/1/2014 1:23:07 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Acrobat.com  
Adobe Acrobat 9 Pro - English, Fran‡ais, Deutsch  
Adobe AIR  
Adobe Anchor Service CS4  
Adobe Anchor Service x64 CS4  
Adobe Asset Services CS4  
Adobe Bridge CS4  
Adobe CMaps CS4  
Adobe CMaps x64 CS4  
Adobe Color - Photoshop Specific CS4  
Adobe Color EU Recommended Settings CS4  
Adobe Color JA Extra Settings CS4  
Adobe Color NA Extra Settings CS4  
Adobe Color Video Profiles CS CS4  
Adobe Creative Suite 4 Design Premium  
Adobe CSI CS4  
Adobe CSI CS4 x64  
Adobe Default Language CS4  
Adobe Device Central CS4  
Adobe Dreamweaver CS4  
Adobe Drive CS4  
Adobe Drive CS4 x64  
Adobe Dynamiclink Support  
Adobe ExtendScript Toolkit CS4  
Adobe Extension Manager CS4  
Adobe Fireworks CS4  
Adobe Flash CS4  
Adobe Flash CS4 Extension - Flash Lite STI en  
Adobe Flash CS4 STI-en  
Adobe Flash Player 10 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Fonts All  
Adobe Fonts All x64  
Adobe Illustrator CS4  
Adobe InDesign CS4  
Adobe InDesign CS4 Application Feature Set Files (Roman)  
Adobe InDesign CS4 Common Base Files  
Adobe InDesign CS4 Icon Handler  
Adobe InDesign CS4 Icon Handler x64  
Adobe Linguistics CS4  
Adobe Linguistics CS4 x64  
Adobe Media Encoder CS4  
Adobe Media Encoder CS4 Importer  
Adobe Media Player  
Adobe Output Module  
Adobe PDF Library Files CS4  
Adobe PDF Library Files x64 CS4  
Adobe Photoshop CS4  
Adobe Photoshop CS4 (64 Bit)  
Adobe Photoshop CS4 Support  
Adobe Reader X (10.1.7) MUI  
Adobe Search for Help  
Adobe Service Manager Extension  
Adobe Setup  
Adobe SGM CS4  
Adobe SING CS4  
Adobe Type Support CS4  
Adobe Type Support x64 CS4  
Adobe Update Manager CS4  
Adobe Version Cue CS4 Server  
Adobe WinSoft Linguistics Plugin  
Adobe WinSoft Linguistics Plugin x64  
Adobe XMP Panels CS4  
AdobeColorCommonSetCMYK  
AdobeColorCommonSetRGB  
Bitdefender Antivirus Free Edition  
Camtasia Studio 8  
Citrix Online Launcher  
Connect  
Create Recovery Media  
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8  
DisplayLink Core Software  
Dolby Home Theater v4  
Dropbox  
Google Chrome  
Google Update Helper  
GoToMeeting 7.0.4.2033  
Inst5676  
Integrated Camera  
Intel® Management Engine Components  
Intel® PRO/Wireless Driver  
Intel® Processor Graphics  
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1412.3)  
Intel® Update Manager  
Intel® WiDi  
Intelr PROSet/Wireless Software  
Intelr PROSet/Wireless WiFi Software  
Intelr Trusted Connect Service Client  
kuler  
Lenovo Auto Scroll Utility  
Lenovo Communications Utility  
Lenovo Fingerprint Manager Pro  
Lenovo Patch Utility  
Lenovo Patch Utility 64 bit  
Lenovo Peer Connect SDK  
Lenovo Power Management Driver  
Lenovo QuickControl  
Lenovo QuickDisplay  
Lenovo Reach  
Lenovo Registration  
Lenovo SHAREit  
Lenovo Solution Center  
Lenovo System Update  
Lenovo USB Graphics  
Lenovo USB3.0 to DVI VGA Monitor Adapter  
Lenovo User Guide  
Lenovo Warranty Information  
Malwarebytes Anti-Malware version 2.0.3.1025  
McAfee Security Scan Plus  
Message Center Plus  
Metric Collection SDK  
Metric Collection SDK 35  
Microsoft .NET Framework 4.5.1  
Microsoft Corporation  
Microsoft LifeCam  
Microsoft Mouse and Keyboard Center  
Microsoft Office  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Professional 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft OneDrive  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610  
Mozilla Firefox 33.1.1 (x86 en-US)  
Mozilla Maintenance Service  
Nitro Pro 9  
On Screen Display  
PDF Settings CS4  
Photoshop Camera Raw  
Photoshop Camera Raw_x64  
Pixel Bender Toolkit  
Power Manager  
Realtek Card Reader  
Realtek High Definition Audio Driver  
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7  
Rhinoceros 5  
Rhinoceros 5 (64-bit)  
Rhinoceros 5 Help Media  
Rhinoceros 5 Language Pack Installer (en-US)  
Screencast-O-Matic  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2899526) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2899527) 32-Bit Edition   
Shopop  
Suite Shared Configuration CS4  
ThinkPad Hotkey Features Integration Setup  
Thinkpad USB 3.0 Ethernet Adapter Driver  
ThinkVantage Active Protection System  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899525) 32-Bit Edition  
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
USB Enhanced Performance Keyboard  
Windows Driver Package - Intel (e1dexpress) Net  (03/13/2014 12.11.77.1)  
Windows Driver Package - Intel Corporation (iaStorA) HDC  (11/15/2013 12.8.10.1005)  
Windows Driver Package - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04)  
Windows Driver Package - Synaptics (SmbDrv) System  (04/07/2014 18.0.7.40)  
Windows Driver Package - Synaptics (SynTP) Mouse  (04/07/2014 18.0.7.40)  

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27 folders=16 96473394 bytes)

==== EOF on Mon 12/01/2014 at 13:23:38.23 ======================
 

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

51a612a8b27e2-Zoek.png Fix with ZOEK
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;Shopop;uDisplayLink Core Software ;uDisable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8;uautoclean;emptyalltemp;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites
leodnut

leodnut

Posted
  • Author
Posted

I think it's good now. Thank you so much!!!

 

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Leona on Mon 12/01/2014 at 21:57:44.80.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leona\Downloads\zoek(2).exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-01-075540.log    8967 bytes
C:\zoek-results2014-12-01-202338.log    9781 bytes

==== System Restore Info ======================

12/1/2014 9:58:27 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Oracle deleted successfully
C:\Users\Leona\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [10/27/2014 03:55 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Leona\AppData\Roaming\Mozilla\Firefox\Profiles\0pun12.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Leona\AppData\Roaming\Mozilla\Firefox\Profiles\0pun12.default
8303B3CEC05500F763B4FA75210598BB    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll -    Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\Leona\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
iomphmdalfmaifjccmagmllnicjoghhk - No path found[]

Google Voice Search Hotword (Beta) - Leona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{84A3EF68-78BA-4D9B-80B3-0B9F70FC3CA9} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\86FE3A48AB87B9D4083BB0F907CFC39A deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Leona\AppData\Local\Mozilla\Firefox\Profiles\0pun12.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Leona\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27 folders=16 96473394 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Leona\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Leona\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 12/01/2014 at 22:16:35.21 ======================
 

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.