Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan with possible hijacked computer. [Closed]

Trojan

  • This topic is locked This topic is locked

#16
Ozzette53

Ozzette53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Sorry I've been so slow. I am 54 years old with a number of health problems and last weekend took on the temporary guardianship of a seven year old boy, for 30 days, thank the Lord, LOL. Needless to say, I am exhausted. I will deal with this probably Friday. I hope that is alright with you.


  • 0

Advertisements


#17
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Of course. Real life comes first.
Hope it is all going well for you. :)
  • 1

#18
Ozzette53

Ozzette53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi. First of all, I really need the IPV 6 because I cannot run my computer by the hard wire to modem. It will only connect via the wireless card in my computer. I really want that fixed. I think it is important, I like my computer hardwired to the internet. I have read that this problem is usually caused by cleanup, so if you can help me fix this I would be very grateful. The computer seems to be running ok, but I do not allow it to sit in sleep or awake when I am not home or at night, so I am not sure about the unknown activity that was occurring. I do not want to be used as a robot, and I am sure that was what was going on due to the activity during the night, etc. It does not seem to be running unnecessarily while I am using it though. That activity has slowed down quite a bit. Now, for my log:

 

Farber Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Dee at 2014-11-29 17:03:53 Run:2
Running from C:\Users\Dee\Desktop
Loaded Profile: Dee (Available profiles: Dee & Jared & Ethan & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Dee\Downloads\isobuster_all_lang.exe
C:\Users\Dee\Downloads\Downloads\isobuster_all_lang.exe
C:\Users\Dee\Downloads\Downloads\dfx9Setup-WMP64.exe
C:\Users\Dee\Music\Agatha Christie - And Then There Were None [PC]\Agatha Christie - And Then There Were None.rar
C:\Windows\Installer\120080.msi
C:\Windows\Installer\791d74.msi
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Dee\AppData\Local\Microsoft\Windows Live Mail\Hotmail (oz 317\Deleted items\773B0633-000002C4.eml
C:\Users\Dee\Desktop\Tools\ccsetup418.exe
C:\Users\Dee\Downloads\ccsetup326.exe
Reg: Reg Delete "HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
Reg: Reg Delete "HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
Reg: Reg Delete "HKU\S-1-5-21-2375802078-1423229213-3210898512-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
Reg: Reg Delete "HKU\S-1-5-21-2375802078-1423229213-3210898512-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
Reg: Reg Delete "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
Reg: Reg Delete "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
Reg: Reg Delete "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
Reg: Reg Delete "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F
end
*****************

C:\Users\Dee\Downloads\isobuster_all_lang.exe => Moved successfully.
C:\Users\Dee\Downloads\Downloads\isobuster_all_lang.exe => Moved successfully.
C:\Users\Dee\Downloads\Downloads\dfx9Setup-WMP64.exe => Moved successfully.
C:\Users\Dee\Music\Agatha Christie - And Then There Were None [PC]\Agatha Christie - And Then There Were None.rar => Moved successfully.
C:\Windows\Installer\120080.msi => Moved successfully.
C:\Windows\Installer\791d74.msi => Moved successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe => Moved successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll => Moved successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe => Moved successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe => Moved successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe => Moved successfully.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe => Moved successfully.
C:\Users\Dee\AppData\Local\Microsoft\Windows Live Mail\Hotmail (oz 317\Deleted items\773B0633-000002C4.eml => Moved successfully.
C:\Users\Dee\Desktop\Tools\ccsetup418.exe => Moved successfully.
C:\Users\Dee\Downloads\ccsetup326.exe => Moved successfully.

========= Reg Delete "HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Delete "HKU\S-1-5-21-2375802078-1423229213-3210898512-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Delete "HKU\S-1-5-21-2375802078-1423229213-3210898512-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog ====

 

It does worry me about all the registry keys it was not able to find. I am worried they could have been hidden or a misdirection in order to hide them. Please reassure me. In addition I would like to run some kind of scan that will show me this crap is really gone, because it seems to me they have been very hard to locate and remove. Thank you again for all your time. I am extremely grateful.

 

Dee


  • 0

#19
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts


Hi.

We will do a scan with an alternative scanner to double check for you and we will attack those registry keys again.
Once complete we can work on your IPV6 problem.

Step 1

Bitdefender Online Scan

  • Please go to http://quickscan.bitdefender.com/
  • Click the green Start Scanner button
  • Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
  • Accept the plugin installation
  • Restart your browser in Administation mode if requested
  • Click the green Scan Now button again
  • Accept the eula agreement if asked
  • The scan should start. It will be relatively quick.
  • Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
  • Notepad will open with a log
  • Save to your desktop
  • Attach the log as an attachment(it may be quite large)

Step 2

ZOEK

Download zoek.exe from here: Bleepingcomputer

  • Close/disable all anti virus and anti malware programs so they do not interfere download or run of Zoek.exe
    Here or here you can read a manual how to disable your security applications.
  • Doubleclick zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    autoclean;
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

Items I need to see in your next post:

  • Bitdefender log
  • Zoek Log

 


  • 1

#20
Ozzette53

Ozzette53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

OK. I'm back. Thanks again for your patience with me. I just hope the bad stuff is not having a chance to regroup while I'm away.
 
Bitdefender Log:
 
Attached.

 

Zoek Log:

 

Zoek.exe v5.0.0.0 Updated 03-December-2014
Tool run by Dee on Thu 12/04/2014 at 10:32:11.67.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dee\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/4/2014 10:34:35 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Home Sweet Home Christmas Edition deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Pizza Morgana deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\McAfee deleted successfully
C:\Program Files\Common Files\PicRec deleted successfully
C:\PROGRA~3\JustAdventure deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Yahoo! deleted successfully
C:\Users\Dee\AppData\Roaming\DisplayTune deleted successfully
C:\Users\Dee\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Jared\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\Jared\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Dee\AppData\Local\Adobe deleted successfully
C:\Users\Dee\AppData\Local\MigWiz deleted successfully
C:\Users\Dee\AppData\Local\PDFC deleted successfully
C:\Users\Dee\AppData\Local\SupportSoft deleted successfully
C:\Users\Dee\AppData\Local\Western Digital deleted successfully
C:\Users\Ethan\AppData\Local\PDFC deleted successfully
C:\Users\Ethan\AppData\Local\Unity deleted successfully
C:\Users\Ethan\AppData\Local\VirtualStore deleted successfully
C:\Users\Guest\AppData\Local\PDFC deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Jared\AppData\Local\PDFC deleted successfully
C:\Users\Jared\AppData\Local\VirtualStore deleted successfully
C:\Users\Jared\AppData\Local\{26C7F863-BB27-4628-83D9-1ABBD54F72C0} deleted successfully
C:\Users\Jared\AppData\Local\{3B6EE658-A7E0-4B5E-8E06-4BA3DFA7A4F5} deleted successfully
C:\Users\Jared\AppData\Local\{735A0533-6B5F-4BDB-BBCC-F8F9BC942D19} deleted successfully
C:\Users\Jared\AppData\Local\{F4A0ECC7-8216-4841-B0C7-89D89CDE43F9} deleted successfully
C:\Users\Jared\AppData\Local\{F58D8A30-55EE-4BB7-B976-FA3B2EE39BD6} deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2375802078-1423229213-3210898512-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7F148E7-04E4-4150-B190-E79D247EC79E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Dee\AppData\Roaming\ProtectDISC deleted
C:\PROGRA~2\Mystery Case Files - Dire Grove Collector's Edition deleted
C:\PROGRA~2\Mystery Case Files 8- Escape from Ravenhearst CE deleted
C:\PROGRA~2\Yahoo! deleted
C:\extensions.sqlite deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVG SafeGuard toolbar deleted
C:\Users\Dee\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\drivers\netmon_wfp.sys deleted
"C:\Windows\Installer\b58edf.msi" deleted
"C:\Users\Dee\AppData\Local\{D4BCDAE4-1327-48BD-9E8C-BD9080E87BF9}" deleted
"C:\PROGRA~2\The Weather Channel" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [06/05/2012 08:24 AM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default
8303B3CEC05500F763B4FA75210598BB    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll -    Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\Dee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
0E8B2D0D9E3415A91EF259CE1112C579    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll -    Shockwave for Director / Shockwave for Director
F6D12679B9112358AC705A1308156F59    - C:\Users\Dee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
10737B44923217BC0E67D26A9FC1F0AA    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks™ Chrome Background Extension Plug-In (32-bit)
2645990C521342DCD08963D2DF6CD0D2    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer™ HTML5VideoShim Plug-In (32-bit)
754691C2A17493BC5D9C49E550F4881F    - C:\Users\Dee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll -    Hulu Desktop


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[06/05/2012 08:24 AM]
jgceplfonlgodadnpognljgdjlcnpjnh - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\extension.crx[]

Google Voice Search Hotword (Beta) - Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
RealPlayer HTML5Video Downloader Extension - Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

==== Chromium Startpages ======================

C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Preferences
,"nlefocohkhlgmjdhgkjgdodobmffjbod":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nloaaepkhcnmoakooihnefhhggbmemed":{"blacklist":true},"nmgpbidjnaebdlbdbpjggenmbaolmfoi":{"blacklist":true},"nmmnodocfckpoddcgihiihcdinaonckb":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"npadaghbcdejfngcjpbnoikajdnongca":{"blacklist":true},"npfpmgjnfcklmaipcffpjhapedmpjggj":{"blacklist":true},"npolaghondefgiomhkbiiompikfjneep":{"blacklist":true},"oafccdmmjdpialdmgenjfhijoondgncj":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"oanjogmonneelfpnfmdlalfddkeckdej":{"blacklist":true},"obfnipbbnnhkbafmdbbfpgfgbjmmkgpm":{"blacklist":true},"obgljnmbldahelaakfdbjkplokjoneip":{"blacklist":true},"obhplmafmpmelgapjjbfhcdkicnhakhf":{"blacklist":true},"oblicopoaionpjoapgjmmoncjadpdioh":{"blacklist":true},"ochmdkhojipfibbplgpeeggeimnagcfd":{"blacklist":true},"ocmhjnhildbnglmlfimkjnnfgddelacb":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odeckaficnaplobiiaomegfbokokehhb":{"blacklist":true},"odefpckfdnfkeandbeccopcpncnbkonn":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oebmjchahlpmalnjpeagiibojcbfmema":{"blacklist":true},"oelhhkgiajkjfbccafjgggcpkbkjgpij":{"blacklist":true},"oghphhcagopecifjblgdcfihjnlcbcfc":{"blacklist":true},"ogjbodghhojomghbdfnlkppdagkfjede":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"oilfokmpgejhjhecdjjpikloibggpenf":{"blacklist":true},"oimplfccampifgkgndlamabnkcibkngc":{"blacklist":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"blacklist":true},"ojmdhklabgbnnkkilmkcfcemdhognifc":{"blacklist":true},"omceiakkomngangmllpgbjcoeloglald":{"blacklist":true},"omnicnmbagoinlpamknknbcgopadcoci":{"blacklist":true},"oncmkbmjpjlihkpbohlpmjghiiogmoie":{"blacklist":true},"onfbaaifbbahonepmednhkjbhdgogkbl":{"blacklist":true},"onjaecbdddgibdijafoemfiachlbcgkj":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"oocfbmollajebjjpkahmlnclfhkjijea":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"oomelpjfeldbopnleifpjibbpekflhlg":{"blacklist":true},"opnnngnphijodjhemhdafpnnpdjggofe":{"blacklist":true},"painakdmkedalbggbejpphgjikkmafhc":{"blacklist":true},"pajgiddgjidlcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmppmccanplobanhfkjndjkmmabgk":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pbipaboekjdfhkfifpkofbfnpbnlolji":{"blacklist":true},"pcaedgdgamlfffkfblocmakhgieggoak":{"blacklist":true},"pcojpoljjgnicbhaffkiphphplijgbcc":{"blacklist":true},"pdhjoamffhjhlkiiminjhmihalkfjaee":{"blacklist":true},"peahabnpipmmfiajjjhgfggbeigbmbgp":{"blacklist":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"blacklist":true},"pfaooklcbjnkgconjjepimkohgcjmdji":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfckhplmfbblecglndaigpojefidapai":{"blacklist":true},"pfgmgcnbngcnhjddppmnloflcidemopc":{"blacklist":true},"pfhlnanelpgjbhndafjamnpfhkjadoip":{"blacklist":true},"pfoiaildicnbcjojocjlpcibenphhbln":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pgelifedkjaohmjehecojkfldinjlamn":{"blacklist":true},"pgjpnfpidejcmjibaaohcmehfohacckf":{"blacklist":true},"pgkcfihepeihdlfphbndagmompiakeci":{"blacklist":true},"pgldfhecfiofkhnbgcncepnkjkeoahlk":{"blacklist":true},"pgmfkblbflahhponhjmkcnpjinenhlnc":{"blacklist":true},"pgmpnhbchhaningbkefchpdalnimjijd":{"blacklist":true},"phkpgooenaonkpnabopdbjjfmphclela":{"blacklist":true},"pihcfdffalbcnmbghijdfcaanagapelf":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist":true},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true},"pjloefkigphblpjminnlpbhjchjafcfc":{"blacklist":true},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkgagehkkoajkpgnmjegibihpalfdk":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"pkcbihpffghlanbclfmkegjmbijcpobj":{"blacklist":true},"pkdlpbfmpolnhligegklimbccminkioc":{"blacklist":true},"pkhidkonipdjidjglnkfcfhnkfnlefbk":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pmbjemmaclljifpmnlagkcgpbcipdldb":{"blacklist":true},"pnaaalnkbgjaphhmahecamecmaldknkc":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pndadpldhngimdmhnajebjldbmcbpjol":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"pobponmhkpmphbnfhpjdagklbkmjhked":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}}},"first_run_tabs":["http://www.google.com/","http://welcome_page"],"homepage":"http://www.google.com/","homepage_is_newtabpage":false,"invalidator":{"client_id":"ShEDsuZsdXaNuBC8qnUTYQ=="},"plugins":{"migrated_to_pepper_flash":true,"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"is_managed":false,"managed_user_id":"","name":"First user"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["http://www.google.com/"]},"sync_promo":{"show_on_first_run_allowed":false}}


==== Chromium Fix ======================

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.facebook.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.facebook.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6154B57E-4736-42F9-9436-519D983DBA1B}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
{6154B57E-4736-42F9-9436-519D983DBA1B} Google  Url="http://www.google.co...tputEncoding?}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC02100 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1200} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC02100 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2BG566T will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Dee\AppData\Local\Mozilla\Firefox\Profiles\aggtq3yt.default\cache2 emptied successfully
C:\Users\Ethan\AppData\Local\Mozilla\Firefox\Profiles\xuxcsqjj.default\cache2 emptied successfully
C:\Users\Jared\AppData\Local\Mozilla\Firefox\Profiles\ggg9zdrn.default\cache2 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\2uzlbdg0.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2097 folders=171 2169232489 bytes)

==== Empty Temp Folders ======================

C:\Users\Dee\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\temp emptied successfully
C:\Users\Ethan\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Jared\AppData\Local\temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Dee\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Dee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2BG566T" not found

==== EOF on Thu 12/04/2014 at 11:34:52.40 ======================
 

 

Thank you for your time!

Attached Files


  • 0

#21
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Ok that's looking good.

Now we need to check your network card for the ip v6.

 

  • Open Network Connections by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type adapter, and then, under Network and Sharing Center, click View network connections.
  • Right-click your network connection, and then click Properties.  If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Select the check box next to Internet Protocol Version 6 (TCP/IPv6).
  • Click Ok

  • 1

#22
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. Just posting to let you know I am at a wedding tomorrow saturday 6th so won't be around at all on this date.


  • 1

#23
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, are you still with me?


  • 1

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Trojan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP