Solved PPricechop, savemassa and neextcoup malware. Can't remove!

[Boricua]

So i created a new topic because I saw every log is different for everyone. I cant remove the PPricechop, savemassa and neextcoup extension from google chrome.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Boricua]

Ok, on the first Program Adw Cleaner I ran it the first time it found some stuff. I click on Clean and as soon as it gets to "Cleaning browsers" a windows pops up saying "Aut2Exe has stopped working"

Then i ran ZOEK That seemed to run fine.

Logcat:


Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by JULIONDAISY on Thu 08/07/2014 at 14:00:13.19.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JULIONDAISY\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-07-121406.log 56903 bytes

==== System Restore Info ======================

8/7/2014 2:00:55 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Amazon.com Kindle Fire
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Application Profiles
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.4
ASRock eXtreme Tuner v0.1.257
ASRock XFast RAM v2.0.9
AugS Distro Center
BlueStacks App Player
BlueStacks Notification Center
Broadcom NetLink Controller
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.3
Combat Arms
Counter-Strike: Global Offensive
CPUID CPU-Z 1.63.0
CPUID HWMonitor 1.22
Cube World version 0.0.1
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo II
DivX Setup
erLT
Facebook Video Calling 2.0.0.447
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Gtuner
Guild Wars 2
Happy Cloud Client
Horizon v2.7.2.2
HydraVision
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) Update Manager
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intelr Trusted Connect Service Client
IP Camera Adapter
KAMI
LG United Mobile Driver
Logitech Gaming Software
Logitech Gaming Software 8.40
Logitech Webcam Software
LogMeIn Hamachi
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Xbox 360 Accessories 1.2
Mouse Recorder Pro 2.0.7.5
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA Cg Toolkit 3.1 April 2012
ooVoo
Origin
Pando Media Booster
Path of Exile
PdaNet+ for Android 4.12
PeerBlock 1.2 (r693)
Raptr
Razer Synapse 2.0
Realm of the Mad God
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
SAMSUNG USB Driver for Mobile Phones
Sapphire TRIXX
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
SkypeT 6.14
Steam
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 9
Technitium MAC Address Changer v6.0.3
TERA
The Viking Software
The War Z version 1.0
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Uplay
VC80CRTRedist - 8.0.50727.6195
VIRTU MVP 2.0 3.0.108
VirtualCloneDrive
VLC media player 2.0.5
VMware Workstation
VNC Server 5.1.1
VNC Viewer 5.1.1
Vuze
WEBZEN Browser Extension
WinDirStat 1.1.2
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass (12/03/2012 1.2.0000.00000)
Windows Driver Package - Broadcom (k57nd60a) Net (10/15/2012 15.6.0.2)
WinPcap 4.1.2
WinRAR 4.20 (64-bit)
XBMC
ZhyperMU Season 6 Episode 3 6.30
Zoom

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\JULIONDAISY\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [BstHdLogRotatorSvc] - BlueStacks Log Rotator Service - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [Intel(R) ME Service] - Intel(R) ME Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
R2 - [LMIGuardianSvc] - LMIGuardianSvc - "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
R2 - [LucidSvc] - LucidSvc - "C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe"
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe
R2 - [TeamViewer9] - TeamViewer 9 - "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
R2 - [VMAuthdService] - VMware Authorization Service - "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
R2 - [VMnetDHCP] - VMware DHCP Service - C:\Windows\system32\vmnetdhcp.exe
R2 - [VMUSBArbService] - VMware USB Arbitration Service - "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
R2 - [VMware NAT Service] - VMware NAT Service - C:\Windows\system32\vmnat.exe
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
S2 - [BstHdAndroidSvc] - BlueStacks Android Service - "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
S2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S2 - [VMwareHostd] - VMware Workstation Server - "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml"
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel(R) Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe"
S3 - [iumsvc] - Intel(R) Update Manager - "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [rpcapd] - Remote Packet Capture Protocol v.0 (experimental) - "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [vncserver] - VNC Server - "C:\Program Files\RealVNC\VNC Server\vncservice.exe" vncserver
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== Folders Found ======================


==== Files Found ======================


--- C:\Windows\System32\GroupPolicy\GPT.INI ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-07-27 04:59:39
Modified time: 2014-08-03 21:57:49
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


--- C:\Windows\SysWOW64\GroupPolicy\gpt.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-07-27 04:59:39
Modified time: 2014-08-03 21:57:49
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


==== Folders Found In C:\Windows\System32\GroupPolicy ======================

2014-07-27 04:59:39 d-----w- C:\Windows\System32\GroupPolicy\Machine
2014-07-27 04:59:39 d-----w- C:\Windows\System32\GroupPolicy\User

==== Files Found In C:\Windows\System32\GroupPolicy ======================

2014-08-03 21:57:49 127 ----a-w- B1247F4B88D54073CF6890171D98BA17 C:\Windows\System32\GroupPolicy\GPT.INI

==== Files Found In C:\Windows\SysWOW64\GroupPolicy ======================

2014-08-03 21:57:49 11 ----a-w- EC3584F3DB838942EC3669DB02DC908E C:\Windows\SysWOW64\GroupPolicy\gpt.ini

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8078 MB
CPU Info: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
CPU Speed: 3396.1 MHz
Sound Card: Speakers (Turtle Beach Shadow) |
Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: AMD Radeon HD 7900 Series | AMD Radeon HD 7900 Series | AMD Radeon HD 7900 Series | AMD Radeon HD 7900 Series | AMD Radeon HD 7900 Series | AMD Radeon HD 7900 Series | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | VNC Mirror Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Anchorfree HSS VPN Adapter #2 | PdaNet Broadband Adapter | Anchorfree HSS VPN Adapter | Broadcom NetLink (TM) Gigabit Ethernet | Hamachi Network Interface | VMware Virtual Ethernet Adapter for VMnet1 | VMware Virtual Ethernet Adapter for VMnet8
CD / DVD Drives: 2x (E: | G: | ) E: ASUS DRW-24B1ST c | G: OXQHYHO G9INC9U7
Ports: COM1 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 119.2GB | D: 931.4GB
Hard Disks - Free: C: 26.7GB | D: 568.4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/17/13 | _ASUS_ - 1072009
Time Zone: Pacific Standard Time
Motherboard *: ASRock Z77 Extreme4
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 26.0 (x86 en-US)
Google Chrome version: 36.0.1985.125
Adobe Reader version: 11.0.07.79
Flash Player version: 14.0.0.145

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\JULION~1\AppData\Local\Temp ====
2014-08-06 15:48:25 D1B8356365D58B249B8E9E883E115B6A 454656 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Quarantine.exe
2014-08-04 22:39:49 FE63E48EA691079B7D16BC4EE08F9DA1 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\ru-RU\RzSynapse.resources.dll
2014-08-04 22:39:49 F9C4827BABAE8E72896C71ECC06F2A2C 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\fr-FR\RzSynapse.resources.dll
2014-08-04 22:39:49 CABAE5922221179AB32C8921C0F10CD6 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\ko-KR\RzSynapse.resources.dll
2014-08-04 22:39:49 C9F4C5EC2811783F4FE709ECE859C3A0 5632 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\zh-CN\RzUpdateManager.resources.dll
2014-08-04 22:39:49 C94F4585618297452FC5384C50F3228C 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\de-DE\RzSynapse.resources.dll
2014-08-04 22:39:49 C2C3A6DAEBF915C15228DE83D359F54B 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\ja-JP\RzSynapse.resources.dll
2014-08-04 22:39:49 AF80CB745DFDE0CE453E4FA49CC802C5 6144 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\zh-CHT\RzUpdateManager.resources.dll
2014-08-04 22:39:49 9F391D862909EE486EC161E6F7F6495C 509952 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\RzUpdateManagerUI.dll
2014-08-04 22:39:49 8BA3BC7BBD9DA74CF206203B7B2C970D 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\zh-CHT\RzSynapse.resources.dll
2014-08-04 22:39:49 8B45CC9AEEBD1E9726F28C8546573874 6144 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\de-DE\RzUpdateManager.resources.dll
2014-08-04 22:39:49 81767E1E90FEA2D5BAC73FE4CD8733F7 6144 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\pt-BR\RzUpdateManager.resources.dll
2014-08-04 22:39:49 7665DDB1B5ADC171BC22C5FDFFD77FD4 6656 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\ru-RU\RzUpdateManager.resources.dll
2014-08-04 22:39:49 6DED8FCBF5F1D9E422B327CA51625E24 462336 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\Ionic.Zip.dll
2014-08-04 22:39:49 6A368ABB260429C9F6B3D6CCA5969510 6144 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\ko-KR\RzUpdateManager.resources.dll
2014-08-04 22:39:49 609CA58645548EB3FBADD5258D6DA4B0 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\pt-BR\RzSynapse.resources.dll
2014-08-04 22:39:49 559EC16FFDE2787DF11C4B3F1C3BAE83 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\zh-CN\RzSynapse.resources.dll
2014-08-04 22:39:49 54035945559EAB768FBA58E8982E35FB 6144 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\ja-JP\RzUpdateManager.resources.dll
2014-08-04 22:39:49 4CF67217CE1FE210095BCE5991B116E0 6144 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\es-ES\RzUpdateManager.resources.dll
2014-08-04 22:39:49 430F8E6430DB594DDD848A85462148D6 315392 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\RzStorage.dll
2014-08-04 22:39:49 3F5159095C9F3BFC67E54C0857282067 80896 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\RzUpdate.dll
2014-08-04 22:39:49 2C71EF966C1DDF6024C5935443CFB77B 4608 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\es-ES\RzSynapse.resources.dll
2014-08-04 22:39:49 080E8ED076C713BCFC8076A050DC3AB7 6144 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\fr-FR\RzUpdateManager.resources.dll
2014-08-04 22:39:48 E944E685F4BCBF26716434A71FC268ED 521968 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\RzUpdateManager.exe
2014-08-04 22:39:48 1619E5994E2C0A8BF6C03700E782F69B 112640 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\RzCommon.dll
2014-08-04 09:21:39 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.242\mbam-setup-2.0.1.1004.exe
2014-08-04 09:21:14 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.770\mbam-setup-2.0.1.1004.exe
2014-08-04 09:21:06 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.846\mbam-setup-2.0.1.1004.exe
2014-08-04 09:20:56 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.477\mbam-setup-2.0.1.1004.exe
2014-08-04 09:18:40 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\i4jdel0.exe
====== Java Cache =====
2014-07-17 22:03:24 338FF0BBCD96F62A21017FE78F474B4B 265357 ----a-w- C:\Users\JULIONDAISY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-3203cf66
2014-07-17 22:03:23 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\JULIONDAISY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-351bf96a
2014-07-17 22:03:23 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\JULIONDAISY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-3a1d53fb
2014-07-17 22:03:23 E80E48F16109BB6ACEBB319520ED60D5 106 ----a-w- C:\Users\JULIONDAISY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
====== C:\Windows\SysWOW64 =====
2014-08-03 21:57:43 8EDAC06D1F39772B8B9902C2BFE833A4 2158080 ----a-w- C:\Windows\SysWOW64\setup.exe
2014-08-02 14:29:01 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2014-08-02 14:29:01 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2014-08-02 14:29:01 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\SysWOW64\wups.dll
2014-08-02 14:29:00 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-08-02 14:29:00 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-02 14:29:03 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2014-08-02 14:29:03 E76F105AD039B9E4DA9ECE839298C4A2 44512 ----a-w- C:\Windows\Sysnative\wups2.dll
2014-08-02 14:29:03 6335F8B4B89F002A3801473C1A799237 2620928 ----a-w- C:\Windows\Sysnative\wucltux.dll
2014-08-02 14:29:03 61FF576450CCC80564B850BC3FB6713A 2477536 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2014-08-02 14:29:01 7EC6617005F76714C7E16605E7A8AB06 38880 ----a-w- C:\Windows\Sysnative\wups.dll
2014-08-02 14:29:01 1180B5ADFB507258DA10F51B46681A33 97792 ----a-w- C:\Windows\Sysnative\wudriver.dll
2014-08-02 14:29:01 0DB2758CF1BAFE22E0970FDA0785B74C 700384 ----a-w- C:\Windows\Sysnative\wuapi.dll
2014-08-02 14:29:00 45D4BDEA136E72E75CF008D3C38D949A 198600 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2014-08-02 14:29:00 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe
====== C:\Windows\Sysnative\drivers =====
2014-08-06 22:20:41 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_xb1usb_01011.Wdf
2014-08-04 23:26:42 0063ACEBB5BBE8C563A6ADB09155E644 44744 ----a-w- C:\Windows\Sysnative\drivers\hssdrv6.sys
2014-08-04 09:25:18 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-04 09:25:07 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-08-04 09:25:07 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-08-04 09:25:07 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-07-09 01:54:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-06 21:36:06 -------- d-----w- C:\PROGRA~2\Gtuner
======= C: =====
====== C:\Users\JULIONDAISY\AppData\Roaming ======
2014-08-06 22:09:44 -------- d-----w- C:\Users\JULIONDAISY\AppData\Local\ElevatedDiagnostics
2014-08-06 21:36:11 -------- d-----w- C:\Users\JULIONDAISY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gtuner
2014-08-06 21:36:11 -------- d-----w- C:\Users\JULIONDAISY\AppData\Roaming\Gtuner
2014-08-03 21:57:49 -------- d-----w- C:\Users\JULIONDAISY\AppData\Locallow\{76F4C50D-292E-2850-BD81-EA9774C4FB15}
2014-07-27 04:59:50 -------- d-----w- C:\Users\JULIONDAISY\AppData\Locallow\{C6BF5370-E090-1672-2849-B2C9C106219E}
2014-07-27 04:59:40 -------- d-----w- C:\Users\JULIONDAISY\AppData\Locallow\{3611C19A-7246-2F9A-0916-D450F6B38E5A}
2014-07-27 04:59:40 -------- d-----w- C:\Users\JULIONDAISY\AppData\Local\Packages
2014-07-27 04:59:39 -------- d-----w- C:\Users\JULIONDAISY\AppData\Local\Comodo
2014-07-27 04:59:39 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-07-27 04:59:39 -------- d-----w- C:\Users\fbwuser\AppData\Local\Comodo
2014-07-27 04:59:39 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-07-27 04:59:38 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-07-27 04:59:38 -------- d-----w- C:\Users\fbwuser\AppData\Local\Google
2014-07-27 04:59:38 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
====== C:\Users\JULIONDAISY ======
2014-08-07 20:58:16 54606E9A6FE402749179C767A6A1FDA8 1475072 ----a-w- C:\Users\JULIONDAISY\Desktop\AdwCleaner.exe
2014-08-07 12:23:53 CC57BF56EB9C3BF266B60EB1E7CC7EF5 2094080 ----a-w- C:\Users\JULIONDAISY\Desktop\FRST64.exe
2014-07-27 04:59:40 -------- d-----w- C:\ProgramData\4bf8b37fbbd63c
2014-07-27 04:59:39 6A8A1724945F50E63B006F8490F12D5F 394 --sha-r- C:\ProgramData\ntuser.pol
2014-07-27 04:59:38 -------- d-----w- C:\Users\Guest\AppData
2014-07-27 04:59:38 -------- d-----w- C:\Users\Administrator\AppData

====== C: exe-files ==
2014-08-07 20:58:16 54606E9A6FE402749179C767A6A1FDA8 1475072 ----a-w- C:\Users\JULIONDAISY\Desktop\AdwCleaner.exe
2014-08-07 12:23:53 CC57BF56EB9C3BF266B60EB1E7CC7EF5 2094080 ----a-w- C:\Users\JULIONDAISY\Desktop\FRST64.exe
2014-08-06 21:36:06 A02C1A2E7E2A1700DB072C4CFB8BA6A4 155648 ----a-w- C:\Program Files (x86)\Gtuner\uninstall.exe
2014-08-06 21:35:01 CC09A1030E8319161277F4BD198A6838 20717436 ----a-w- C:\Users\JULIONDAISY\Desktop\Titan One\GtunerPro306.exe
2014-08-06 15:48:25 D1B8356365D58B249B8E9E883E115B6A 454656 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Quarantine.exe
2014-08-04 23:25:54 D9D61A33CCC189059A349AD9D22AEB5D 6592136 ----a-w- C:\Windows\Temp\hss_update.exe
2014-08-04 22:40:43 D5CED59D029EEE89327F075D636B6F6E 27462624 ----a-w- C:\ProgramData\Razer\Synapse\ProductUpdates\Downloads\Razer_Orbweaver_Config_v1.11.00.exe
2014-08-04 22:40:37 5B4236976DF2B6F0F96E6793CB29D983 7893288 ----a-w- C:\ProgramData\Razer\Synapse\ProductUpdates\Downloads\Razer_Common_Driver_v1.26.4.exe
2014-08-04 22:40:29 B5DC47060B0961AA2EE6A9700F0BAF42 10816280 ----a-w- C:\ProgramData\Razer\Synapse\ProductUpdates\Downloads\CommonConfigInstaller_v2.28.17.exe
2014-08-04 22:39:48 E944E685F4BCBF26716434A71FC268ED 521968 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Razer\RzUpdater\RzUpdateManager.exe
2014-08-04 09:21:39 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.242\mbam-setup-2.0.1.1004.exe
2014-08-04 09:21:14 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.770\mbam-setup-2.0.1.1004.exe
2014-08-04 09:21:06 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.846\mbam-setup-2.0.1.1004.exe
2014-08-04 09:20:56 525F49DC9DBE43DC4F119DEEB89D01AE 225400 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\Rar$DRa0.477\mbam-setup-2.0.1.1004.exe
2014-08-04 09:18:40 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\i4jdel0.exe
2014-08-03 21:57:43 8EDAC06D1F39772B8B9902C2BFE833A4 2158080 ----a-w- C:\Windows\SysWOW64\setup.exe
2014-08-02 14:29:03 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\Windows\System32\wuauclt.exe
2014-08-02 14:29:00 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-08-02 14:29:00 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-02 00:06:17 F121545D6199D71DFD96CD3C10776EAA 43823368 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\raptr-4.0.1-r85744-release.exe
=== C: other files ==
2014-08-06 23:19:17 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\data\boricua10\config\certificates\x509\tls_peers\xmpp-server2.raptr.com
2014-08-06 22:42:02 3B011FAE76D4737D94062A7DD3CE5D49 4826040 ----a-w- C:\Users\JULIONDAISY\AppData\Local\Temp\gpppm.zip
2014-08-06 22:11:12 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\data\boricua10\config\certificates\x509\tls_peers\xmpp-server8.raptr.com
2014-08-06 00:25:21 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\data\boricua10\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
2014-08-06 00:25:19 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\data\boricua10\config\certificates\x509\tls_peers\xmpp-server7.raptr.com
2014-08-04 23:26:42 0063ACEBB5BBE8C563A6ADB09155E644 44744 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2014-08-04 22:42:53 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\data\boricua10\config\certificates\x509\tls_peers\xmpp-server3.raptr.com
2014-08-04 09:31:10 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\data\boricua10\config\certificates\x509\tls_peers\xmpp-server5.raptr.com
2014-08-04 09:25:18 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-04 09:25:07 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-04 09:25:07 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-04 09:25:07 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-04 09:11:26 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\JULIONDAISY\AppData\Roaming\Raptr\data\boricua10\config\certificates\x509\tls_peers\xmpp-server6.raptr.com

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2752470383-2149786467-500791399-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\JULIONDAISY\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Facebook Update"="C:\Users\JULIONDAISY\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide"
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"vmware-tray.exe"="C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\JULIONDAISY\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Facebook Update"="C:\Users\JULIONDAISY\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\appinit_dll.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"VIRTU MVP 2.0"="C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\MVPControlPanel20.Exe /hide"
"Andy"="C:\Program Files\Andy\HandyAndy.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\appinit_dll.dll"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/09/2014 09:22 AM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000Core.job --a------ C:\Users\JULIONDAISY\AppData\Local\Facebook\Update\FacebookUpdate.exe [04/03/2013 07:02 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000UA.job --a------ C:\Users\JULIONDAISY\AppData\Local\Facebook\Update\FacebookUpdate.exe [04/03/2013 07:02 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000Core.job --a------ C:\Users\JULIONDAISY\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000UA.job --a------ C:\Users\JULIONDAISY\AppData\Local\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000Core" [C:\Users\JULIONDAISY\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000UA" [C:\Users\JULIONDAISY\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000Core" [C:\Users\JULIONDAISY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2752470383-2149786467-500791399-1000UA" [C:\Users\JULIONDAISY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{10F55675-0B4A-4B4E-91CB-4179A5E0C28E}" [C:\Users\JULIONDAISY\Desktop\Trainers\XKICKME(PERX)\xkickme(perx).exe]
"C:\Windows\SysNative\tasks\{5B7A655C-5785-4DAF-812C-AA4F5DD07A71}" [C:\Users\JULIONDAISY\Desktop\LC_Client_1.0.2.1.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\JULION~1\AppData\Roaming\Mozilla\Firefox\Profiles\f63xl6v1.default
- Undetermined - %ProfilePath%\extensions\staged

ExtDir: C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- PutLocker Downloader - %ExtDir%\ptl@ptl.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Hotspot Shield Extension - %AppDir%\browser\extensions\afproxy@anchorfree.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\Firefox\Profiles\f63xl6v1.default
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\JULIONDAISY\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
FFF2362F6B4A46D4BC1D147E79A7547B - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll - Nexon Game Controller
6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller
B21CCDBADBF8F80F652280ED50D718CF - C:\Users\JULIONDAISY\AppData\Roaming\Zoom\bin\npzoomplugin.dll - Zoom Launcher


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hemjgdpngmhbimofcicjfhibkdbigdmb - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx[02/08/2013 08:46 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
njljkdinboobkmkihgcohanchjnjpgjk - C:\Users\JULIONDAISY\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx[07/11/2013 12:08 AM]

NeeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
Google Docs - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Xfinity - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb
Hangouts call - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk
SaveMassa - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
Skype Click to Call - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
NeeXtCoup - JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh

==== Chromium Startpages ======================

C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN16355608920910129&UM=2", "http://xfinity.comcast.net/?cid=insDate10142013", "http://start.mysearchdial.com/?f=1&...GyB0Ezy0ByDtDtAtDtAyB0D0B2Q&cr=1013114190&ir=" ],


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{7F60CEDA-D2EE-49FB-962E-2F6885537444}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{180780f0-b348-4b44-8210-94a8f3ee15b2} XFINITY Search Url="http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071013&q={searchTerms}&src=IE-SearchBox"
{7F60CEDA-D2EE-49FB-962E-2F6885537444} KeyBar 1.13 Customized Web Search Url="http://search.conduit.com/ResultsEx...4&ctid=CT3291326&CUI=UN92327646825196206&UM=2"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 08/07/2014 at 14:02:33.06 ======================

 

[TwinHeadedEagle]

Fix with ZOEK

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  C:\Windows\System32\GroupPolicy\Machine;fs
  C:\Windows\System32\GroupPolicy\User;fs
  C:\Windows\System32\GroupPolicy\GPT.INI;f
  C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
  njljkdinboobkmkihgcohanchjnjpgjk;chr
  acfojkdecanbcagnbjgbhhenhpijfdph;chr
  kkdddcehlgaielgfgdnjenofffifdcoi;chr
  lddjnahdglekiejmkgbjmkkojagbhneh;chr
  autoclean;
  emptyalltemp;
  chrdefaults;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

 

[Boricua]

Sorry man, ADWCleaner still force closes. i followed your instructions to the T. but below is the new Zoek Log.



Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by JULIONDAISY on Fri 08/08/2014 at 5:26:00.51.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JULIONDAISY\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-07-121406.log 56903 bytes
C:\zoek-results2014-08-07-210233.log 52942 bytes
C:\zoek-results2014-08-07-210957.log 52809 bytes

==== System Restore Info ======================

8/8/2014 5:27:06 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2752470383-2149786467-500791399-1000\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2} deleted successfully
HKEY_USERS\S-1-5-21-2752470383-2149786467-500791399-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F60CEDA-D2EE-49FB-962E-2F6885537444} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\JULIONDAISY\AppData\LocalLow\{76F4C50D-292E-2850-BD81-EA9774C4FB15} deleted
C:\Users\JULIONDAISY\AppData\Local\Packages\windows_ie_ac_001\AC\{76F4C50D-292E-2850-BD81-EA9774C4FB15} deleted
C:\Users\JULIONDAISY\.android deleted
C:\yomomma.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\JULIONDAISY\AppData\Local\CRE deleted
C:\Users\JULIONDAISY\Searches deleted
C:\Users\JULIONDAISY\AppData\LocalLow\boost_interprocess deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\JULION~1\AppData\Roaming\Mozilla\Firefox\Profiles\f63xl6v1.default\extensions\staged deleted
C:\Users\Public\Desktop\Hotspot Shield.lnk deleted
D:\Downloads\silvergold.rar.exe deleted
"C:\windows\SysNative\GroupPolicy\GPT.INI" deleted
"C:\Windows\SysWOW64\GroupPolicy\gpt.ini" deleted
"C:\Users\JULIONDAISY\AppData\Local\19763873" deleted
"C:\Users\JULIONDAISY\AppData\Local\kZQNd" deleted
"C:\ProgramData\193847656" deleted

==== Firefox Extensions ======================

ExtDir: C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- PutLocker Downloader - %ExtDir%\ptl@ptl.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Hotspot Shield Extension - %AppDir%\browser\extensions\afproxy@anchorfree.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\Firefox\Profiles\f63xl6v1.default
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\JULIONDAISY\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
FFF2362F6B4A46D4BC1D147E79A7547B - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll - Nexon Game Controller
6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller
B21CCDBADBF8F80F652280ED50D718CF - C:\Users\JULIONDAISY\AppData\Roaming\Zoom\bin\npzoomplugin.dll - Zoom Launcher


==== Deleted Firefox Extensions ======================

C:\Users\JULIONDAISY\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ptl@ptl.com.xpi deleted
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hemjgdpngmhbimofcicjfhibkdbigdmb - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx[02/08/2013 08:46 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
njljkdinboobkmkihgcohanchjnjpgjk - C:\Users\JULIONDAISY\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx[]

NeeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
NeeXtCoup - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
Google Docs - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Xfinity - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb
Hangouts call - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk
SaveMassa - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh
Skype Click to Call - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
NeeXtCoup - JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph
SaveMassa - JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi
PPrIceChop - JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh

==== Chromium Startpages ======================

C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN16355608920910129&UM=2", "http://xfinity.comcast.net/?cid=insDate10142013", "http://start.mysearchdial.com/?f=1&...GyB0Ezy0ByDtDtAtDtAyB0D0B2Q&cr=1013114190&ir=" ],


==== Chrome Fix ======================

C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wahealthplanfinder.org_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wahealthplanfinder.org_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_secure.savethechildren.org_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_secure.savethechildren.org_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_findnsave.dallasnews.com_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_findnsave.dallasnews.com_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gift.savethechildren.org_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gift.savethechildren.org_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.findnsave.com_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.findnsave.com_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.browsefordeals.net_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.browsefordeals.net_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bluestacks-app-player.en.softonic.com_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bluestacks-app-player.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtualbox.en.softonic.com_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtualbox.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consumersearch.com_0.localstorage deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consumersearch.com_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acfojkdecanbcagnbjgbhhenhpijfdph deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkdddcehlgaielgfgdnjenofffifdcoi deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lddjnahdglekiejmkgbjmkkojagbhneh deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{7F60CEDA-D2EE-49FB-962E-2F6885537444}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F60CEDA-D2EE-49FB-962E-2F6885537444}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071013&q={searchTerms}&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C14EE0AF-942D-C311-81EA-6A8221F3DCC6} deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JULIONDAISY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JULIONDAISY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\JULIONDAISY\AppData\Local\Mozilla\Firefox\Profiles\f63xl6v1.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\JULIONDAISY\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=299 folders=125 32385129 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fbwuser\AppData\Local\Temp emptied successfully
C:\Users\JULIONDAISY\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JULION~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Fri 08/08/2014 at 5:36:24.26 ======================

 

[TwinHeadedEagle]

Good, tell me how is your PC now?

 

[Boricua]

The extensions are gone as far as i can tell. Thank You Very much Sir.

 

[TwinHeadedEagle]

Okay, then we're done here



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:
​

MUST READ - security tips: Computer Security - a short guide to staying safer online. Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

FiheHippo.com Update Checker - to keep your programs up-to-date.

Adblock - to surf the web without annoying ads!



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[TwinHeadedEagle]

Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!