Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ARABYONLINE MALWARE - GOOGLE CHROME
Message
<blockquote data-quote="Fariha" data-source="post: 386114" data-attributes="member: 36377"><p>Zoek.exe v5.0.0.0 Updated 04-May-2015</p><p>Tool run by User on Sun 05/17/2015 at 23:59:17.11.</p><p>Microsoft Windows 7 Home Premium 6.1.7600 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== Older Logs ======================</p><p></p><p>C:\zoek-results2015-05-17-194325.log 10905 bytes</p><p></p><p>==== System Restore Info ======================</p><p></p><p>5/18/2015 12:02:16 AM Zoek.exe System Restore Point Created Successfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\Users\User\AppData\Local\VirtualStore deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>"C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:smartwebprinting@hp.com">smartwebprinting@hp.com</a>"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01/30/2015 07:22 AM]</p><p>[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:smartwebprinting@hp.com">smartwebprinting@hp.com</a>"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01/30/2015 07:22 AM]</p><p></p><p>==== Chromium Look ======================</p><p></p><p>Google Chrome Version: 42.0.2311.152</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/15/2014 05:22 AM]</p><p></p><p>Sudoku - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj</p><p>Angry Birds - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj</p><p>So Many Me - Demo - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn</p><p>Pop Block Pro - The Ultimate Popup Blocker - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib</p><p>Bouncy Mouse - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb</p><p>Photoshop 4U - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf</p><p>Word Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj</p><p>Block site - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh</p><p>Causality Games - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl</p><p>PicMonkey - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm</p><p>AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom</p><p>Bookmark Manager - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik</p><p>Pixlr Editor - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk</p><p>Lexifind Scrabble Helper FREE Version - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnjcdapiblbampkmbiahekeaefdepfj</p><p>Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg</p><p>Skype Click to Call - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl</p><p>Poppit - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi</p><p>Spelunky HTML5 - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof</p><p>Foto Rulez - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk</p><p>Alert Control - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjjanaennfbgpccfpbghnmblpdblbef</p><p>Recently Closed Tabs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc</p><p>Psykopaint - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>No FireFox Profiles found</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully</p><p>C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>No Java Cache Found</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=6 folders=5 74004 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\User\AppData\Local\Temp will be emptied at reboot</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\User\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted</p><p></p><p>==== EOF on Mon 05/18/2015 at 0:48:50.17 ======================</p></blockquote><p></p>
[QUOTE="Fariha, post: 386114, member: 36377"] Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by User on Sun 05/17/2015 at 23:59:17.11. Microsoft Windows 7 Home Premium 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-05-17-194325.log 10905 bytes ==== System Restore Info ====================== 5/18/2015 12:02:16 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\User\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]smartwebprinting@hp.com[/email]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01/30/2015 07:22 AM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "[email]smartwebprinting@hp.com[/email]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01/30/2015 07:22 AM] ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.152 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/15/2014 05:22 AM] Sudoku - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj Angry Birds - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj So Many Me - Demo - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn Pop Block Pro - The Ultimate Popup Blocker - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib Bouncy Mouse - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb Photoshop 4U - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf Word Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj Block site - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh Causality Games - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl PicMonkey - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Bookmark Manager - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Pixlr Editor - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk Lexifind Scrabble Helper FREE Version - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnjcdapiblbampkmbiahekeaefdepfj Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Skype Click to Call - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Poppit - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi Spelunky HTML5 - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof Foto Rulez - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk Alert Control - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjjanaennfbgpccfpbghnmblpdblbef Recently Closed Tabs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc Psykopaint - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.google.com/[/URL]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.google.com/[/URL]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[URL]http://www.google.com/search?q={searchTerms}[/URL]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/URL]" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6 folders=5 74004 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on Mon 05/18/2015 at 0:48:50.17 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top