Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
BAD Adware: api.recomme.me - Cannot Remove
Message
<blockquote data-quote="jordiniman" data-source="post: 396656" data-attributes="member: 37040"><p>Hi Eagle,</p><p></p><p>I've run the scan and attached the file in the initial request, along with the FRST logs.</p><p></p><p>Here is the results of the ZOEK in txt:</p><p></p><p>----------------</p><p></p><p>Zoek.exe v5.0.0.0 Updated 04-May-2015</p><p>Tool run by Jordan on Thu 06/11/2015 at 10:02:56.93.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Jordan\Downloads\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== Older Logs ======================</p><p></p><p>C:\zoek-results2015-06-10-191717.log 72399 bytes</p><p></p><p>==== System Restore Info ======================</p><p></p><p>6/11/2015 10:03:42 AM Zoek.exe System Restore Point Created Successfully.</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p></p><p>==== Firefox Start and Search pages ======================</p><p></p><p>ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default</p><p>user_pref("browser.startup.homepage", "<a href="https://www.yahoo.com?fr=hp-avast&type=odc179" target="_blank">https://www.yahoo.com?fr=hp-avast&type=odc179</a>");</p><p>user_pref("browser.search.defaulturl", "<a href="https://search.yahoo.com/yhs/search" target="_blank">https://search.yahoo.com/yhs/search</a>");</p><p>user_pref("browser.search.defaultengine", "Yahoo! (Avast)");</p><p>user_pref("browser.search.selectedEngine", "Yahoo! (Avast)");</p><p>user_pref("keyword.URL", "<a href="https://search.yahoo.com/yhs/search" target="_blank">https://search.yahoo.com/yhs/search</a>");</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:wrc@avast.com">wrc@avast.com</a>"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [08/01/2014 09:04 AM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\Jordan\AppData\Roaming\Greyfirst\Celtx\Profiles\ckxseiu5.default</p><p>- Blackened - C:\Program Files (x86)\Celtx\extensions\<a href="mailto:messagestyle-blackened@addons.instantbird.org">messagestyle-blackened@addons.instantbird.org</a></p><p>- Default Shot Palette - C:\Program Files (x86)\Celtx\extensions\<a href="mailto:default-palette@celtx.com">default-palette@celtx.com</a></p><p>- Depth - C:\Program Files (x86)\Celtx\extensions\<a href="mailto:messagestyle-depth@addons.instantbird.org">messagestyle-depth@addons.instantbird.org</a></p><p>- DOM Inspector - C:\Program Files (x86)\Celtx\extensions\<a href="mailto:inspector@mozilla.org">inspector@mozilla.org</a></p><p>- Minimal - C:\Program Files (x86)\Celtx\extensions\<a href="mailto:messagestyle-minimal20@addons.instantbird.org">messagestyle-minimal20@addons.instantbird.org</a></p><p>- MSN-Smileys - C:\Program Files (x86)\Celtx\extensions\<a href="mailto:emoticons-msn-smileys@m513901.de">emoticons-msn-smileys@m513901.de</a></p><p>- Timezone Definitions for Mozilla Calendar - C:\Program Files (x86)\Celtx\extensions\<a href="mailto:calendar-timezones@mozilla.org">calendar-timezones@mozilla.org</a></p><p></p><p>ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default</p><p>- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\<a href="mailto:artur.dubovoy@gmail.com">artur.dubovoy@gmail.com</a></p><p>- LastPass - %ProfilePath%\extensions\<a href="mailto:support@lastpass.com">support@lastpass.com</a></p><p>- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}</p><p>- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}</p><p>- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default</p><p>D37150D707B71FFD9ED78CC862284367 - C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll - FileLab plugin</p><p>E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director</p><p>ECE6831D1CDFC3B76DC36B13B5E402B1 - C:\Users\Jordan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player</p><p>08ACECEB47FAF053C468D8AFE44709AD - C:\Users\Jordan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update</p><p>A7CC98A3D79AB00DFF19FE9597D8CAD1 - C:\Users\Jordan\AppData\Local\Citrix\Plugins\97\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.97</p><p>96249DB82826C3CD5C4CB26001482761 - C:\Users\Jordan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.4.2\npasperaweb_3.4.2.91776.dll - Aspera Web</p><p>49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Jordan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin</p><p>6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Jordan\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer</p><p>178F30EB6105041AE4FA3943DBF40C75 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin</p><p>A27ADB900CF17F20CC5E4D8EC255876D - C:\Users\Jordan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.4.2\npasperaweb64_3.4.2.91776.dll - Aspera Web</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[08/01/2014 09:04 AM]</p><p>hdokiejnpimakedhajhdlcegeplioahd - No path found[]</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions</p><p>apdfllckaahabafndbhieahigkjlhalf - C:\Users\Jordan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[04/30/2013 09:27 AM]</p><p>lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]</p><p></p><p>Honey - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj</p><p>AdBlock - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom</p><p>Avast Online Security - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki</p><p>LastPass - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd</p><p>Clue - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoeafobogfehcnplfbjeoabfedekhjlo</p><p>Chrome Hotword Shared Module - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg</p><p>Google Drive App Launcher - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh</p><p>ruul. Screen ruler - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj</p><p>Auto Refresh Plus - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih</p><p></p><p>==== Chromium Startpages ======================</p><p></p><p>C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p>y_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"<a href="mailto:jordaninperson@gmail.com">jordaninperson@gmail.com</a>","username":"<a href="mailto:jordaninperson@gmail.com">jordaninperson@gmail.com</a>"}},"homepage":"<a href="http://www.google.com/ig" target="_blank">http://www.google.com/ig</a>","homepage_is_newtabpage":false,"pinned_tabs":[],"prefs":{"preference_reset_time":"13060242603903305"},"protection":{"macs":{"browser":{"show_home_button":"1F88A4A487111D961EFC5E144CAA75F6BABB180FF9B78F507ACC2443DB15C914"},"default_search_provider":{"keyword":"E9156B0C1E43FE554FACFAB8FF99EAAAB14255355A2C2FF0A2020676808D09A0","name":"325EBC88576E51F1A6918EF9A09252C43BB0CC9A3989264AE68582B49FC7CA88","search_url":"49C80734A2707A052CCC2971FA16EBE7CCF76B931E07813F9C48D6F75880A5E1"},"default_search_provider_data":{"template_url_data":"E323C3AA10C393837B48E4141B5DCDCB733823F3F71CA0B6E0309DDA43ABC711"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"86A7403E0681B7B7EA8AED55591E082893FAD62D82FD841D52F0F38922CA4AE1","apdfllckaahabafndbhieahigkjlhalf":"C4DC17FFD78CBEE3833140A272CDD4CF8CD0766AD2E12F8D3007BFB5E41FAC80","bepbmhgboaologfdajaanbcjmnhjmhfn":"FAA25F7B9B111D3D397F9F82692663119B5808CC7CF1704C68662CCAE785047C","bhoaojooagiaaiidlnfhkkafjpbbnnno":"385A3FCB4D096C51BD7E488782B44AD48FE964A84501C2E49B59B05BBC88175F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"A084272E2D1A3CB9E9CEAA08A03B6F84CF1F57F7F4329062E98FBF13C3B4A507","bmnlcjabgnpnenekpadlanbbkooimhnj":"2146084D9611BC72431E3B1730D8630338B25E77EDBC55D0E3A6D736AC4F30B3","ckibcdccnfeookdmbahgiakhnjcddpki":"7332232D22259F7D3A1083E1748F9C9138DC61E78F1EA251E2F79BCAD6AF14CD","coobgpohoikkiipiblmjeljniedjpjpf":"75ACD831D406536BED4A48F9405D99240557F7246F4626DC96F30478099E50E9","dnhpdliibojhegemfjheidglijccjfmc":"0D7D2DEDCA69447F068F4EB27D99E61715F574C0E3C718B8DEDEBA46C32AA924","eemcgdkfndhakfknompkggombfjjjeno":"F727DDDDED50A610A88F54C0188840D8D0EB54A057532BA39A3E3ABB571B64C5","elicpjhcidhpjomhibiffojpinpmmpil":"57DFD687BD9F108274B6017AA313844CF4FA52B4E7CE65DA1B22D16E9EB65C7F","ennkphjdgehloodpbhlhldgbnhmacadg":"E4EAEFD9BE310B82316E6DB4E56BA6FF3FCFBD8E6197E7AF02DDE08AC1295C22","gfdkimpbcpahaombhbimeihdjnejgicl":"09A09043526C36830BA5FE3888232E46432D2CAE019427226E88FE54807BD168","gighmmpiobklfepjocnamgkkbiglidom":"F4D46209F1DBCFB024139D55D14399A15172C27A088CCE4CFA5FB9D3574AF9CE","gomekmidlodglbbmalcneegieacbdmki":"AE4792D28F7A2045361EA2F836E93A80EABF59A9D460E7E73821D02DB92088DD","hdokiejnpimakedhajhdlcegeplioahd":"CCE87291BE8A6D97146B25F34C3BEAE851AD19BD15A8FCABF1A4929C6B8B524D","hmdbpbfpcldeegniokancfjolgpjeofc":"F7EF32469B332EF08A7F752780762D1DA7788A64A9E7D81CF78BEDCAFEF7AEE4","hoeafobogfehcnplfbjeoabfedekhjlo":"216FD9A12C79C5A4060CD2EDD3D89E18BC98F028161836B1052F8514846BAA65","kmendfapggjehodndflmmgagdbamhnfd":"068C0C1AE0774550822269544F8A50B1830F496A7DBD1FB47E92FCB157FCB9B9","lccekmodgklaepjeofjdjpbminllajkg":"65AA9F2B1359A477A9A55B4EFD1F6DCFF39AE65C5AB7D9D5AD53C9C645BD7510","lfmhcpmkbdkbgbmkjoiopeeegenkdikp":"E500544217B1EFBA48C22A2FABF42BC2D8B42681B078D226A6FC4D8644D3BE37","lgiedegfmekolcplboelnmfoiefpcpfg":"39BEF285794802BEAD2F9E1D1DDEB0B73CB2DE181BA9E0E7F415A73A1CEA41D0","lmjegmlicamnimmfhcmpkclmigmmcbeh":"F7039812490DD64270224C60D3D8F01312732EE3C2951BA93C709ACCD070D27B","mcbpblocgmgfnpjjppndjkmgjaogfceg":"F36DC90D2CFAA53FF7A7408E6EFFBC2AC3A3B2F1D2E6B251586EDFC634590848","mfehgcgbbipciphmccgaenjidiccnmng":"B1B27DEA6FEB6832B1FFD8CB465CE2E216B16F416CBFBEC8942BD12A2E5A65F6","mgndgikekgjfcpckkfioiadnlibdjbkf":"007E709D606F9284C63531E723B2D61D3144F0F89854E19A4206D6317CFD12E5","mhjfbmdgcfjbbpaeojofohoefgiehjai":"738194D6CCE3FCD39AE11C088E0E2B9BF9BC013DD9147767C7648BFF413C1EEF","mlbnpnlmfngmlcmkhjpbfokdphfehhjj":"2AD97F54A8B43E20D9751D81B6AA82D8F6CF338A342741E156A88F128785332A","nbkekaeindpfpcoldfckljplboolgkfm":"67ED8090EF1AFFBB8D52037FFFC3468007EF266BD3EE0CEE3136B58A99369EAE","nbpagnldghgfoolbancepceaanlmhfmd":"EED51F3B1647EBCB45109DBCDE85000395A11B862BA85F3D70D34C42238FF7D0","neajdppkdcdipfabeoofebfddakdcjhd":"5A9A09A4F90CB204A604D16D35BA8728374831CF27A00383190B1853CF805E29","nkeimhogjdpnpccoofpliimaahmaaome":"742B66E1F8766DA5A16889A3B7BC1E63338F8CBCB7496EE8DEE78976BA9A016F","nmmhkkegccagdldgiimedpiccmgmieda":"3FE7E85FB5F4A6A2648B091C8D3A0F411608E53BFB155F087036D6075F4DD028","oilipfekkmncanaajkapbpancpelijih":"49180C8CA6BBE41605409B740C7B170D33CEE1AF7ACCCB773E81A7971F43CDC9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"AA25939E814CD0608638C65B2B812CA08E0DF80C3C844C0A7FFAFC4552A76EE1","pjkljhegncpnkpknbcohdijeoejaedia":"94609C4F9B2F1BC68385D5F62AAEF802AB4424A4ADCA40E569383AB9ED959D74"}},"google":{"services":{"last_username":"522CD382ED5A321DB45CD8D21FBAE1DA44FDD8ACD48241E41B89F362BEF61BC7","username":"4D7E5D68562525BE412474F55C7592862CD2F625DE9076832138410B419FB81E"}},"homepage":"E0579D450459BFB38340F693ED131C099686985ED23C97119B16D90E95EDBB07","homepage_is_newtabpage":"FAB1104916CEA9BEC45FD59CC9B954A4EC56F23168BBA5C7E3EEFDFEA14667DA","pinned_tabs":"32550843F10C5AD92B8085AB648FE8E05E0896D0496DA8EF2DC0F2C65957138D","prefs":{"preference_reset_time":"1FF7A43954C59E5947D9A78542E77A4BCC5F795825506E77C98D6005AA4AC7B4"},"profile":{"reset_prompt_memento":"2050CD99D165E969C45282792B979BA0463DD909D6E0616393050A7FA53012ED"},"safebrowsing":{"incidents_sent":"FB928B60E5756E7A73866CF11C58EDBF72A5E809022EB759E101D01E5F1E558A"},"search_provider_overrides":"0E755E93F62B456C6D92833612764C8B7A8FA16A979D481CFEAEACCC43DCF8C9","session":{"restore_on_startup":"A7A06B9C79BE3D7F155B53BE65627D3A015A39DBCF32180947AA673FA7354BA8","startup_urls":"0DFB1E715E004903B2CF8384B9BE62D7D89189210285243E32ED4E1BCB02EB78"},"software_reporter":{"prompt_reason":"9DAE99D8CE428ABB6BBBE4E164A99C4E858711AAD26610BEFE910A35BB167B84","prompt_seed":"369810B2F06B26EFE1ADDA8DB45427D6C91B9912CC2CBB70A75809302BD3D1AC","prompt_version":"9C0401D9BC057BB7984A5CFAA5ACBC56976B0449B762522D5707F7A01570648D"},"sync":{"remaining_rollback_tries":"3B6FD9B56CBE03987A7BBFE2796F9D13231725EF45386F20E4B15D5D70548BBD"}},"super_mac":"FB1FDA1A4B79AB6A472CCAD2CB4EB049BA1E72A255A7D906241B7D9A091001D4"},"session":{"restore_on_startup":4,"startup_urls":["<a href="https://www.facebook.com/" target="_blank">https://www.facebook.com/</a>"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}}</p><p></p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02</a>"</p><p>{62122C7F-AD61-416B-AE08-DB4FB42C65E1} Google Url="<a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS381" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS381</a>"</p><p>{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="<a href="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" target="_blank">http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</a>"</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\postgres\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\i2eft6lb.default\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=2059 folders=270 405363428 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\Jordan\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\LogMeInRemoteUser\AppData\Local\Temp emptied successfully</p><p>C:\Users\postgres\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\Jordan\AppData\Local\Temp successfully emptied</p><p></p><p>==== EOF on Thu 06/11/2015 at 10:22:21.15 ======================</p></blockquote><p></p>
[QUOTE="jordiniman, post: 396656, member: 37040"] Hi Eagle, I've run the scan and attached the file in the initial request, along with the FRST logs. Here is the results of the ZOEK in txt: ---------------- Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Jordan on Thu 06/11/2015 at 10:02:56.93. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jordan\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-06-10-191717.log 72399 bytes ==== System Restore Info ====================== 6/11/2015 10:03:42 AM Zoek.exe System Restore Point Created Successfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default user_pref("browser.startup.homepage", "[URL]https://www.yahoo.com?fr=hp-avast&type=odc179[/URL]"); user_pref("browser.search.defaulturl", "[URL]https://search.yahoo.com/yhs/search[/URL]"); user_pref("browser.search.defaultengine", "Yahoo! (Avast)"); user_pref("browser.search.selectedEngine", "Yahoo! (Avast)"); user_pref("keyword.URL", "[URL]https://search.yahoo.com/yhs/search[/URL]"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]wrc@avast.com[/email]"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [08/01/2014 09:04 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Jordan\AppData\Roaming\Greyfirst\Celtx\Profiles\ckxseiu5.default - Blackened - C:\Program Files (x86)\Celtx\extensions\[email]messagestyle-blackened@addons.instantbird.org[/email] - Default Shot Palette - C:\Program Files (x86)\Celtx\extensions\[email]default-palette@celtx.com[/email] - Depth - C:\Program Files (x86)\Celtx\extensions\[email]messagestyle-depth@addons.instantbird.org[/email] - DOM Inspector - C:\Program Files (x86)\Celtx\extensions\[email]inspector@mozilla.org[/email] - Minimal - C:\Program Files (x86)\Celtx\extensions\[email]messagestyle-minimal20@addons.instantbird.org[/email] - MSN-Smileys - C:\Program Files (x86)\Celtx\extensions\[email]emoticons-msn-smileys@m513901.de[/email] - Timezone Definitions for Mozilla Calendar - C:\Program Files (x86)\Celtx\extensions\[email]calendar-timezones@mozilla.org[/email] ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default - Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\[email]artur.dubovoy@gmail.com[/email] - LastPass - %ProfilePath%\extensions\[email]support@lastpass.com[/email] - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default D37150D707B71FFD9ED78CC862284367 - C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll - FileLab plugin E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director ECE6831D1CDFC3B76DC36B13B5E402B1 - C:\Users\Jordan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 08ACECEB47FAF053C468D8AFE44709AD - C:\Users\Jordan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update A7CC98A3D79AB00DFF19FE9597D8CAD1 - C:\Users\Jordan\AppData\Local\Citrix\Plugins\97\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.97 96249DB82826C3CD5C4CB26001482761 - C:\Users\Jordan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.4.2\npasperaweb_3.4.2.91776.dll - Aspera Web 49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Jordan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Jordan\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 178F30EB6105041AE4FA3943DBF40C75 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin A27ADB900CF17F20CC5E4D8EC255876D - C:\Users\Jordan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.4.2\npasperaweb64_3.4.2.91776.dll - Aspera Web ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[08/01/2014 09:04 AM] hdokiejnpimakedhajhdlcegeplioahd - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Jordan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[04/30/2013 09:27 AM] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Honey - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj AdBlock - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Avast Online Security - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki LastPass - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd Clue - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoeafobogfehcnplfbjeoabfedekhjlo Chrome Hotword Shared Module - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Google Drive App Launcher - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh ruul. Screen ruler - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj Auto Refresh Plus - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih ==== Chromium Startpages ====================== C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Preferences y_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"[email]jordaninperson@gmail.com[/email]","username":"[email]jordaninperson@gmail.com[/email]"}},"homepage":"[URL]http://www.google.com/ig[/URL]","homepage_is_newtabpage":false,"pinned_tabs":[],"prefs":{"preference_reset_time":"13060242603903305"},"protection":{"macs":{"browser":{"show_home_button":"1F88A4A487111D961EFC5E144CAA75F6BABB180FF9B78F507ACC2443DB15C914"},"default_search_provider":{"keyword":"E9156B0C1E43FE554FACFAB8FF99EAAAB14255355A2C2FF0A2020676808D09A0","name":"325EBC88576E51F1A6918EF9A09252C43BB0CC9A3989264AE68582B49FC7CA88","search_url":"49C80734A2707A052CCC2971FA16EBE7CCF76B931E07813F9C48D6F75880A5E1"},"default_search_provider_data":{"template_url_data":"E323C3AA10C393837B48E4141B5DCDCB733823F3F71CA0B6E0309DDA43ABC711"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"86A7403E0681B7B7EA8AED55591E082893FAD62D82FD841D52F0F38922CA4AE1","apdfllckaahabafndbhieahigkjlhalf":"C4DC17FFD78CBEE3833140A272CDD4CF8CD0766AD2E12F8D3007BFB5E41FAC80","bepbmhgboaologfdajaanbcjmnhjmhfn":"FAA25F7B9B111D3D397F9F82692663119B5808CC7CF1704C68662CCAE785047C","bhoaojooagiaaiidlnfhkkafjpbbnnno":"385A3FCB4D096C51BD7E488782B44AD48FE964A84501C2E49B59B05BBC88175F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"A084272E2D1A3CB9E9CEAA08A03B6F84CF1F57F7F4329062E98FBF13C3B4A507","bmnlcjabgnpnenekpadlanbbkooimhnj":"2146084D9611BC72431E3B1730D8630338B25E77EDBC55D0E3A6D736AC4F30B3","ckibcdccnfeookdmbahgiakhnjcddpki":"7332232D22259F7D3A1083E1748F9C9138DC61E78F1EA251E2F79BCAD6AF14CD","coobgpohoikkiipiblmjeljniedjpjpf":"75ACD831D406536BED4A48F9405D99240557F7246F4626DC96F30478099E50E9","dnhpdliibojhegemfjheidglijccjfmc":"0D7D2DEDCA69447F068F4EB27D99E61715F574C0E3C718B8DEDEBA46C32AA924","eemcgdkfndhakfknompkggombfjjjeno":"F727DDDDED50A610A88F54C0188840D8D0EB54A057532BA39A3E3ABB571B64C5","elicpjhcidhpjomhibiffojpinpmmpil":"57DFD687BD9F108274B6017AA313844CF4FA52B4E7CE65DA1B22D16E9EB65C7F","ennkphjdgehloodpbhlhldgbnhmacadg":"E4EAEFD9BE310B82316E6DB4E56BA6FF3FCFBD8E6197E7AF02DDE08AC1295C22","gfdkimpbcpahaombhbimeihdjnejgicl":"09A09043526C36830BA5FE3888232E46432D2CAE019427226E88FE54807BD168","gighmmpiobklfepjocnamgkkbiglidom":"F4D46209F1DBCFB024139D55D14399A15172C27A088CCE4CFA5FB9D3574AF9CE","gomekmidlodglbbmalcneegieacbdmki":"AE4792D28F7A2045361EA2F836E93A80EABF59A9D460E7E73821D02DB92088DD","hdokiejnpimakedhajhdlcegeplioahd":"CCE87291BE8A6D97146B25F34C3BEAE851AD19BD15A8FCABF1A4929C6B8B524D","hmdbpbfpcldeegniokancfjolgpjeofc":"F7EF32469B332EF08A7F752780762D1DA7788A64A9E7D81CF78BEDCAFEF7AEE4","hoeafobogfehcnplfbjeoabfedekhjlo":"216FD9A12C79C5A4060CD2EDD3D89E18BC98F028161836B1052F8514846BAA65","kmendfapggjehodndflmmgagdbamhnfd":"068C0C1AE0774550822269544F8A50B1830F496A7DBD1FB47E92FCB157FCB9B9","lccekmodgklaepjeofjdjpbminllajkg":"65AA9F2B1359A477A9A55B4EFD1F6DCFF39AE65C5AB7D9D5AD53C9C645BD7510","lfmhcpmkbdkbgbmkjoiopeeegenkdikp":"E500544217B1EFBA48C22A2FABF42BC2D8B42681B078D226A6FC4D8644D3BE37","lgiedegfmekolcplboelnmfoiefpcpfg":"39BEF285794802BEAD2F9E1D1DDEB0B73CB2DE181BA9E0E7F415A73A1CEA41D0","lmjegmlicamnimmfhcmpkclmigmmcbeh":"F7039812490DD64270224C60D3D8F01312732EE3C2951BA93C709ACCD070D27B","mcbpblocgmgfnpjjppndjkmgjaogfceg":"F36DC90D2CFAA53FF7A7408E6EFFBC2AC3A3B2F1D2E6B251586EDFC634590848","mfehgcgbbipciphmccgaenjidiccnmng":"B1B27DEA6FEB6832B1FFD8CB465CE2E216B16F416CBFBEC8942BD12A2E5A65F6","mgndgikekgjfcpckkfioiadnlibdjbkf":"007E709D606F9284C63531E723B2D61D3144F0F89854E19A4206D6317CFD12E5","mhjfbmdgcfjbbpaeojofohoefgiehjai":"738194D6CCE3FCD39AE11C088E0E2B9BF9BC013DD9147767C7648BFF413C1EEF","mlbnpnlmfngmlcmkhjpbfokdphfehhjj":"2AD97F54A8B43E20D9751D81B6AA82D8F6CF338A342741E156A88F128785332A","nbkekaeindpfpcoldfckljplboolgkfm":"67ED8090EF1AFFBB8D52037FFFC3468007EF266BD3EE0CEE3136B58A99369EAE","nbpagnldghgfoolbancepceaanlmhfmd":"EED51F3B1647EBCB45109DBCDE85000395A11B862BA85F3D70D34C42238FF7D0","neajdppkdcdipfabeoofebfddakdcjhd":"5A9A09A4F90CB204A604D16D35BA8728374831CF27A00383190B1853CF805E29","nkeimhogjdpnpccoofpliimaahmaaome":"742B66E1F8766DA5A16889A3B7BC1E63338F8CBCB7496EE8DEE78976BA9A016F","nmmhkkegccagdldgiimedpiccmgmieda":"3FE7E85FB5F4A6A2648B091C8D3A0F411608E53BFB155F087036D6075F4DD028","oilipfekkmncanaajkapbpancpelijih":"49180C8CA6BBE41605409B740C7B170D33CEE1AF7ACCCB773E81A7971F43CDC9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"AA25939E814CD0608638C65B2B812CA08E0DF80C3C844C0A7FFAFC4552A76EE1","pjkljhegncpnkpknbcohdijeoejaedia":"94609C4F9B2F1BC68385D5F62AAEF802AB4424A4ADCA40E569383AB9ED959D74"}},"google":{"services":{"last_username":"522CD382ED5A321DB45CD8D21FBAE1DA44FDD8ACD48241E41B89F362BEF61BC7","username":"4D7E5D68562525BE412474F55C7592862CD2F625DE9076832138410B419FB81E"}},"homepage":"E0579D450459BFB38340F693ED131C099686985ED23C97119B16D90E95EDBB07","homepage_is_newtabpage":"FAB1104916CEA9BEC45FD59CC9B954A4EC56F23168BBA5C7E3EEFDFEA14667DA","pinned_tabs":"32550843F10C5AD92B8085AB648FE8E05E0896D0496DA8EF2DC0F2C65957138D","prefs":{"preference_reset_time":"1FF7A43954C59E5947D9A78542E77A4BCC5F795825506E77C98D6005AA4AC7B4"},"profile":{"reset_prompt_memento":"2050CD99D165E969C45282792B979BA0463DD909D6E0616393050A7FA53012ED"},"safebrowsing":{"incidents_sent":"FB928B60E5756E7A73866CF11C58EDBF72A5E809022EB759E101D01E5F1E558A"},"search_provider_overrides":"0E755E93F62B456C6D92833612764C8B7A8FA16A979D481CFEAEACCC43DCF8C9","session":{"restore_on_startup":"A7A06B9C79BE3D7F155B53BE65627D3A015A39DBCF32180947AA673FA7354BA8","startup_urls":"0DFB1E715E004903B2CF8384B9BE62D7D89189210285243E32ED4E1BCB02EB78"},"software_reporter":{"prompt_reason":"9DAE99D8CE428ABB6BBBE4E164A99C4E858711AAD26610BEFE910A35BB167B84","prompt_seed":"369810B2F06B26EFE1ADDA8DB45427D6C91B9912CC2CBB70A75809302BD3D1AC","prompt_version":"9C0401D9BC057BB7984A5CFAA5ACBC56976B0449B762522D5707F7A01570648D"},"sync":{"remaining_rollback_tries":"3B6FD9B56CBE03987A7BBFE2796F9D13231725EF45386F20E4B15D5D70548BBD"}},"super_mac":"FB1FDA1A4B79AB6A472CCAD2CB4EB049BA1E72A255A7D906241B7D9A091001D4"},"session":{"restore_on_startup":4,"startup_urls":["[URL]https://www.facebook.com/[/URL]"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.google.com[/URL]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://www.google.com[/URL]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[URL]http://www.google.com/search?q={searchTerms}[/URL]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02[/URL]" {62122C7F-AD61-416B-AE08-DB4FB42C65E1} Google Url="[URL]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS381[/URL]" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="[URL]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/URL]" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\postgres\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\i2eft6lb.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2059 folders=270 405363428 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jordan\AppData\Local\Temp will be emptied at reboot C:\Users\LogMeInRemoteUser\AppData\Local\Temp emptied successfully C:\Users\postgres\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Jordan\AppData\Local\Temp successfully emptied ==== EOF on Thu 06/11/2015 at 10:22:21.15 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top