Solved Please help me remove pricechop

[Tamzeed Ahmed]

Hi Guys,

I need help in removing the pricechop adware. I ran malwarebytes and Avira rootkit and malware without any luck. Removing from Chrome extensions just brings it back when Chrome is restarted.

FRST scan is attached.

Please provide me with the next steps to follow.

Thanks.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Tamzeed Ahmed]

Hi,

Thanks for the reply.

I downloaded ADWCleaner and followed the steps till I reached "Click Clean". The app crashed during cleaning browsers. I was given the option of look online for solution or close the program. During the "Scan" part, there was nothing in the Results part. I did not proceed to Scan with Zoek because I think its best I inform you of ADWCleaner appcrash first.

Tamzeed.

 

[TwinHeadedEagle]

Yes, Adwcleaner is having the problems. Can you try to run Zoek again.

 

[Tamzeed Ahmed]

Here are the Zoek Log File results:


Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by tamzeed on 08/08/2014 at 20:29:59.25.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\tamzeed\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

08/08/2014 08:33:25 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

@BIOS
æTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20 (x64 edition)
Adobe Reader XI (11.0.07)
AIDA64 Extreme Edition v2.85
Airfoil
AirPort
Antivirus Pro
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
CCleaner
ChromecastApp
ConvertXtoDVD 4.1.19.365
CPUID CPU-Z 1.64.0
DAEMON Tools Pro Advanced v5.2.0.0348
DMIView Ver.1.5 B12.0314.1
doubleTwist Sync
Dropbox
DVD Shrink 3.2
Everything 1.3.2.649
File Uploader
FileZilla Client 3.7.4.1
GoodSync
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Update Helper
ImgBurn
Intel(R) Processor Graphics
Internet Download Manager
iTunes
Java 7 Update 65
Java Auto Updater
Kits Configuration Installer
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
My Net View
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero BurningROM 12
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero SharedVideoCodecs
Nero Update
ON_OFF Charge B11.1102.1
PFPortChecker 1.0.39
Platform
Prerequisite installer
Recuva
Remote Control USB Driver
Revo Uninstaller Pro 3.0.7
SDK Debuggers
SkypeT 6.18
SpeedFan (remove only)
Splashtop Software Updater
Splashtop Streamer
StrongVPN Client version 1.2
Update for Microsoft en-us Dictionary
VIA Platform Device Manager
Viber
VLC media player 2.0.6
WD Link
Windows Software Development Kit
Windows Software Development Kit EULA
Winrar 5.00 Beta 3

==== Running Processes ======================

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Users\tamzeed\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\tamzeed\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\tamzeed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\doubleTwist\DoubleTwist.Light.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\doubleTwist\Transcoder.Server.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\tamzeed\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AntiVirMailService] - Avira Mail Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe"
R2 - [AntiVirSchedulerService] - Avira Scheduler - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
R2 - [AntiVirService] - Avira Real-Time Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
R2 - [AntiVirWebService] - Avira Web Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [GsServer] - GoodSync Server - "C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe" /service
R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - C:\WINDOWS\system32\igfxCUIService.exe
R2 - [NAUpdate] - Nero Update - "C:\Program Files (x86)\Nero\Update\NASvc.exe"
R2 - [SplashtopRemoteService] - Splashtop® Remote Service - "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
R2 - [SSUService] - Splashtop Software Updater Service - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\WINDOWS\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\WINDOWS\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel(R) Content Protection HECI Service - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\WINDOWS\system32\fxssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\WINDOWS\system32\IEEtwCollector.exe /V
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\WINDOWS\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\WINDOWS\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\WINDOWS\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\WINDOWS\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\WINDOWS\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\WINDOWS\system32\wbengine.exe"
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\WINDOWS\system32\wbem\WmiApSrv.exe

 

[Tamzeed Ahmed]

Also, how do you close Zoek? I close the window and another keeps opening.

 

[TwinHeadedEagle]

Zoek didn't finished its scan. Can you try again?

 

[Tamzeed Ahmed]

Here is the new Zoek log file. Fully completed this time.


Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by tamzeed on 09/08/2014 at 1:01:46.83.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\tamzeed\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

09/08/2014 01:04:09 AM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

@BIOS
æTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20 (x64 edition)
Adobe Reader XI (11.0.07)
AIDA64 Extreme Edition v2.85
Airfoil
AirPort
Antivirus Pro
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
CCleaner
ChromecastApp
ConvertXtoDVD 4.1.19.365
CPUID CPU-Z 1.64.0
DAEMON Tools Pro Advanced v5.2.0.0348
DMIView Ver.1.5 B12.0314.1
doubleTwist Sync
Dropbox
DVD Shrink 3.2
Everything 1.3.2.649
File Uploader
FileZilla Client 3.7.4.1
GoodSync
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Update Helper
ImgBurn
Intel(R) Processor Graphics
Internet Download Manager
iTunes
Java 7 Update 65
Java Auto Updater
Kits Configuration Installer
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
My Net View
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero BurningROM 12
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero SharedVideoCodecs
Nero Update
ON_OFF Charge B11.1102.1
PFPortChecker 1.0.39
Platform
Prerequisite installer
Recuva
Remote Control USB Driver
Revo Uninstaller Pro 3.0.7
SDK Debuggers
SkypeT 6.18
SpeedFan (remove only)
Splashtop Software Updater
Splashtop Streamer
StrongVPN Client version 1.2
Update for Microsoft en-us Dictionary
VIA Platform Device Manager
Viber
VLC media player 2.0.6
WD Link
Windows Software Development Kit
Windows Software Development Kit EULA
Winrar 5.00 Beta 3

==== Running Processes ======================

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Users\tamzeed\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\tamzeed\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\tamzeed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\doubleTwist\DoubleTwist.Light.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\doubleTwist\Transcoder.Server.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\tamzeed\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AntiVirMailService] - Avira Mail Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe"
R2 - [AntiVirSchedulerService] - Avira Scheduler - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
R2 - [AntiVirService] - Avira Real-Time Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
R2 - [AntiVirWebService] - Avira Web Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [GsServer] - GoodSync Server - "C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe" /service
R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - C:\WINDOWS\system32\igfxCUIService.exe
R2 - [NAUpdate] - Nero Update - "C:\Program Files (x86)\Nero\Update\NASvc.exe"
R2 - [SplashtopRemoteService] - Splashtop® Remote Service - "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
R2 - [SSUService] - Splashtop Software Updater Service - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
R2 - [WSearch] - Windows Search - C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\WINDOWS\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\WINDOWS\system32\sppsvc.exe
S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
S3 - [ALG] - Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel(R) Content Protection HECI Service - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\WINDOWS\system32\fxssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\WINDOWS\system32\IEEtwCollector.exe /V
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\WINDOWS\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\WINDOWS\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\WINDOWS\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\WINDOWS\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\WINDOWS\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\WINDOWS\system32\wbengine.exe"
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\WINDOWS\system32\wbem\WmiApSrv.exe

==== Folders Found ======================


==== Files Found ======================


--- C:\Windows\System32\GroupPolicy\GPT.INI ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-08-05 15:57:11
Modified time: 2014-08-05 15:57:11
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


--- C:\Windows\SysWOW64\GroupPolicy\gpt.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-08-05 15:57:11
Modified time: 2014-08-05 15:57:11
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


==== Folders Found In C:\Windows\System32\GroupPolicy ======================

2014-08-05 15:57:11 d-----w- C:\Windows\System32\GroupPolicy\Machine
2014-08-05 15:57:11 d-----w- C:\Windows\System32\GroupPolicy\User

==== Files Found In C:\Windows\System32\GroupPolicy ======================

2014-08-05 15:57:11 127 ----a-w- F9A49A3E2415016FA85DDFF0B8B38419 C:\Windows\System32\GroupPolicy\GPT.INI

==== Files Found In C:\Windows\SysWOW64\GroupPolicy ======================

2014-08-05 15:57:11 11 ----a-w- EC3584F3DB838942EC3669DB02DC908E C:\Windows\SysWOW64\GroupPolicy\gpt.ini

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8083 MB
CPU Info: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
CPU Speed: 3296.4 MHz
Sound Card: Speakers (VIA High Definition A |
SPDIF Interface (TX1) (VIA High |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Linksys RangePlus Wireless USB Network Adapter #4 | Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
CD / DVD Drives: 1x (E: | ) E: ATAPI iHAS324 W
Ports: COM1 LPT1
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 58.6GB | D: 239.4GB | F: 465.8GB | G: 931.5GB | H: 931.5GB
Hard Disks - Free: C: 16.3GB | D: 97.2GB | F: 310.6GB | G: 331.7GB | H: 496.2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/22/12 | ALASKA - 1072009
Time Zone: Malay Peninsula Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. H77M-D3H
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 37.0.2062.58
Internet Explorer Version: 11.0.9600.17207
Google Chrome version: 37.0.2062.58
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_65 (32-bit)

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\tamzeed\AppData\Local\Temp ====
2014-08-08 16:38:27 D8BE96BC224FB9A6034A01156A527271 43008 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgfqkbd.dll
2014-08-06 15:48:25 D1B8356365D58B249B8E9E883E115B6A 454656 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\Quarantine.exe
2014-08-05 16:23:05 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\{B535FA58-E105-448C-A009-912AEAB659DB}\ISRT.dll
2014-08-05 16:23:05 8938D3D18B09E92EEB9C403593365EB0 553067 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\{B535FA58-E105-448C-A009-912AEAB659DB}\_isres_0x0409.dll
2014-08-05 15:58:11 B82994CB256839F3F404CAFB29060EC6 86528 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\FastDownload.exe
2014-08-05 15:30:52 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\{B535FA58-E105-448C-A009-912AEAB659DB}\ISBEW64.exe
2014-08-05 15:21:50 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\{6D1A1D43-7723-4914-80DA-5D9295331EB8}\ISBEW64.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-08-05 16:20:18 547884D76063D897D1B408A6C087E44E 5 ----a-w- C:\WINDOWS\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-08-05 15:45:45 949E0E42DAAD0418513B44C31A697CA5 1797896 ----a-w- C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-05 15:45:45 5BD2BD14753D3B0ADDE842CDF25A4C60 2144984 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-05 15:45:44 59E587B3096F906330318A0BDE0E7A51 2317824 ----a-w- C:\WINDOWS\SysWOW64\authui.dll
2014-08-05 15:45:42 EA15CC7B75A2DE287E3B0C266A35490C 235008 ----a-w- C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-05 15:45:42 E65B5352AD0743F1F59BDA9466719EFE 265216 ----a-w- C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-05 15:45:42 E4783EB6A6B2D04F3B541B378E843617 229888 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-05 15:45:42 E28501E3A241DDC5DC65382E55661B1D 285696 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-05 15:45:42 1E14463F10B324B02EB2DA7415345D15 1473080 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-05 15:45:42 0CCDFED2DFCD4FBA73EE989249379458 52736 ----a-w- C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-05 15:45:41 BEA7A26C2C22381B6DD88758352B9D9B 62976 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-05 15:45:41 BA6E52B0D82682EDE4B49D9CCC7D529B 207360 ----a-w- C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-05 15:45:41 A750BB0258ECF6265A903905A0B14EB3 198656 ----a-w- C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-05 15:45:41 855D508F0053CEDC3BBAF2CB245A674A 1035264 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-05 15:45:41 57E0A896C38C41C8B5B7F3127F8FD0D9 56320 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-05 15:45:41 4E07710A2C9EA43E7509BF7D0452430E 106496 ----a-w- C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-05 15:45:41 191B7F25BE13D9F9E56B2B4EA595AC62 11776 ----a-w- C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-05 15:45:38 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\WINDOWS\SysWOW64\wusa.exe
2014-08-05 15:45:36 BA4FA107EF9A728C58A81B2EFCD6FE2B 26784 ----a-w- C:\WINDOWS\SysWOW64\mrt100.dll
2014-08-05 15:45:36 6923D6FAB7CBA8D82BD792182B4F3DE4 80032 ----a-w- C:\WINDOWS\SysWOW64\mrt_map.dll
2014-08-05 15:45:35 FBE8AE41ED2A9FE4C2DE069C522CA9C0 12711424 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-05 15:45:34 854E970293BA92F9BB69FFD1CE051D9C 189016 ----a-w- C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-05 15:45:34 575A5C07901F734309AA5E833E55834A 590336 ----a-w- C:\WINDOWS\SysWOW64\gpprefcl.dll
2014-08-05 15:45:33 684CF6A72A8DF7D66D262AC4A6E07845 270848 ----a-w- C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-01 11:24:29 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\WINDOWS\SysWOW64\javaws.exe
2014-08-01 11:24:20 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\WINDOWS\SysWOW64\java.exe
2014-08-01 11:24:20 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\WINDOWS\SysWOW64\javaw.exe
2014-08-01 11:24:20 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-08-06 04:05:02 CB136B267569A62EF63D798BC90ABD5A 144 ----a-w- C:\WINDOWS\Sysnative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-08-05 16:36:31 04142EC4BDD7F502922914F65A5EE1D1 4756992 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll
2014-08-05 16:36:30 BCCFB97B1B68DD18F2BDACFE37409386 716800 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll
2014-08-05 16:36:30 11FD8DDAB6014EECCE88F1F581604C30 1120256 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe
2014-08-05 16:27:21 3BC10FA856911EAE5FE7CD700FE137B5 451 ----a-w- C:\WINDOWS\Sysnative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-08-05 15:45:56 3D748E5558FD9A9F03182CB2330698DC 1018880 ----a-w- C:\WINDOWS\Sysnative\termsrv.dll
2014-08-05 15:45:45 D21440EA5236E34DCD7F8C1607790910 2641920 ----a-w- C:\WINDOWS\Sysnative\authui.dll
2014-08-05 15:45:45 C1E44A99F7CF8C3A08CD5ADDF451636C 2125344 ----a-w- C:\WINDOWS\Sysnative\d3d9.dll
2014-08-05 15:45:44 0CD0356C5BBCFDC1B7BCEEDE74AB348B 2140888 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2014-08-05 15:45:43 EA432A85ABF371E14FB364D5F4405897 403968 ----a-w- C:\WINDOWS\Sysnative\vpnike.dll
2014-08-05 15:45:43 B6E947CE54A5AAD55484E0D3BC2D5948 1025536 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2014-08-05 15:45:43 98D0985521BF8F7086EA9C860898A1EE 721408 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll
2014-08-05 15:45:43 05DE04005CE0D84D0E6AD21CAEB369C6 353280 ----a-w- C:\WINDOWS\Sysnative\dhcpcore.dll
2014-08-05 15:45:42 FBB1841434072FFA76E4AD287448E34A 262656 ----a-w- C:\WINDOWS\Sysnative\framedyn.dll
2014-08-05 15:45:42 E07C80468D0C599BFF01D9D4EC7AEDC3 339456 ----a-w- C:\WINDOWS\Sysnative\bdesvc.dll
2014-08-05 15:45:42 D71845D255EA3FDC96A2DED98EE4C7D9 2844160 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll
2014-08-05 15:45:42 CED9FA1ECCF3E6B7028940FE22C69B40 1726224 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2014-08-05 15:45:42 6CDCCD5323EEB8EBD66E02CB8C9C703F 118272 ----a-w- C:\WINDOWS\Sysnative\winbici.dll
2014-08-05 15:45:42 6B374D279DC423FE69DB8DD1401E84FC 301056 ----a-w- C:\WINDOWS\Sysnative\framedynos.dll
2014-08-05 15:45:42 61FE99A86352AD6E27FA480CDC8B225A 285696 ----a-w- C:\WINDOWS\Sysnative\SkyDriveShell.dll
2014-08-05 15:45:42 20FB137ADDE1255F15F265A7BD9579BE 827392 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL
2014-08-05 15:45:42 1824052F17B12B5D7B21445B869EE9F2 71168 ----a-w- C:\WINDOWS\Sysnative\ncobjapi.dll
2014-08-05 15:45:42 10AC9494ECE22A2362E4E4D98C528D01 271872 ----a-w- C:\WINDOWS\Sysnative\dhcpcore6.dll
2014-08-05 15:45:41 F591C7D68328C2B253B8FF57FDA7AB07 794112 ----a-w- C:\WINDOWS\Sysnative\fvewiz.dll
2014-08-05 15:45:41 DEA76F90F9777E3427D70E380222B23B 1063424 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL
2014-08-05 15:45:41 D3883FBCA97D10C8A39632D6CDDC6E85 65024 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc6.dll
2014-08-05 15:45:41 D261A12A43D33122CB90E70D3BC1CC68 226816 ----a-w- C:\WINDOWS\Sysnative\WebClnt.dll
2014-08-05 15:45:41 CFD6DBED27511D7A5FBE33AFA7E6B669 76800 ----a-w- C:\WINDOWS\Sysnative\BulkOperationHost.exe
2014-08-05 15:45:41 B7CC32E00C5C5152D221DF182827F58E 50745 ----a-w- C:\WINDOWS\Sysnative\srms.dat
2014-08-05 15:45:41 A473DDDAEB21C18541F0FE70A90171E4 311296 ----a-w- C:\WINDOWS\Sysnative\fvecpl.dll
2014-08-05 15:45:41 7E1EBDB3424337ABB553F249A7811D94 87552 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc.dll
2014-08-05 15:45:41 71BAEAFD05B3040173F5BBEA2CFE9607 997888 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll
2014-08-05 15:45:41 2616E8E9C8B66A67CFB6197E9517A2F2 123392 ----a-w- C:\WINDOWS\Sysnative\Robocopy.exe
2014-08-05 15:45:41 176CA2BB84BC1FC564CCB582FDCBFD7B 130560 ----a-w- C:\WINDOWS\Sysnative\BdeHdCfg.exe
2014-08-05 15:45:41 066AFA7D3FDF65D6CE1A9FAF04E7D631 99328 ----a-w- C:\WINDOWS\Sysnative\BdeHdCfgLib.dll
2014-08-05 15:45:38 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\WINDOWS\Sysnative\wusa.exe
2014-08-05 15:45:36 D178F55D53B9A10FFBDC134C95517846 28320 ----a-w- C:\WINDOWS\Sysnative\mrt100.dll
2014-08-05 15:45:36 A750229C96A406EE123F43916053F142 86688 ----a-w- C:\WINDOWS\Sysnative\mrt_map.dll
2014-08-05 15:45:36 50A49F3F16EF82E30BFB11E6B6A8F4A6 16871936 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2014-08-05 15:45:34 B4AAD75F055F13BFD3B0B16A6E6CF33D 668160 ----a-w- C:\WINDOWS\Sysnative\gpprefcl.dll
2014-08-05 15:45:34 B312E157D20E727F30EAB3A250441B6F 284672 ----a-w- C:\WINDOWS\Sysnative\WUDFHost.exe
2014-08-05 15:45:34 9CDC2059A23E3C9B57696178508777E7 99840 ----a-w- C:\WINDOWS\Sysnative\WUDFSvc.dll
2014-08-05 15:45:34 42D257559F97B30A94A027EB4555C62F 323584 ----a-w- C:\WINDOWS\Sysnative\DaOtpCredentialProvider.dll
2014-08-05 15:45:34 313117AE2B0986ED7D3AA6AE10603239 216368 ----a-w- C:\WINDOWS\Sysnative\rsaenh.dll
2014-08-05 15:45:34 1A54E3DF2CBB8DBE8A17C87BB07E3A7E 209408 ----a-w- C:\WINDOWS\Sysnative\WUDFPlatform.dll
2014-08-05 15:45:34 0BFDE0D93144DBD81178B427D3961FEC 655872 ----a-w- C:\WINDOWS\Sysnative\cscui.dll
2014-08-05 15:45:34 08DCA300264238F9AE941302321F3D54 423768 ----a-w- C:\WINDOWS\Sysnative\hal.dll
====== C:\WINDOWS\Sysnative\drivers =====
2014-08-07 16:39:48 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-07 16:31:37 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-08-07 16:31:37 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-08-05 15:45:42 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-08-05 15:45:42 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys
2014-08-05 15:45:41 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\WINDOWS\Sysnative\drivers\vwifimp.sys
2014-08-05 15:45:41 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\WINDOWS\Sysnative\drivers\vwififlt.sys
2014-08-05 15:45:38 D18EC2C83C2F773C9476A4FB0AA4C314 295424 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys
2014-08-05 15:45:36 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys
2014-08-05 15:45:35 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-08-05 15:45:34 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbport.sys
2014-08-05 15:45:34 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFPf.sys
2014-08-05 15:45:34 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys
2014-08-05 15:45:34 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2014-08-05 15:45:34 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFRd.sys
2014-08-05 15:45:34 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbehci.sys
2014-08-05 15:45:34 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbuhci.sys
2014-08-05 15:45:33 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbd.sys
2014-07-23 11:02:18 B9F719B572D8D440DD8B5401C35B3B6F 180136 ----a-w- C:\WINDOWS\Sysnative\drivers\idmwfp.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-08-08 11:52:06 -------- d-----w- C:\Program Files\iTunes
2014-08-08 11:52:06 -------- d-----w- C:\Program Files\iPod
======= C:\PROGRA~2 =====
2014-08-08 11:52:06 -------- d-----w- C:\PROGRA~2\iTunes
2014-08-05 15:21:32 -------- d-----w- C:\PROGRA~2\HTC
2014-08-01 11:24:30 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-07-20 06:32:08 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-07-20 06:32:08 -------- d-----r- C:\PROGRA~2\Skype
======= C: =====
====== C:\Users\tamzeed\AppData\Roaming ======
2014-08-05 15:58:10 -------- d-----w- C:\Users\tamzeed\AppData\Locallow\{32D846B9-FB1E-DDF1-7B82-A29BF4CAFE5A}
2014-08-05 15:57:31 -------- d-----w- C:\Users\tamzeed\AppData\Locallow\{372ABD4D-A490-2935-5A48-6A07D94F67F7}
2014-08-05 15:57:21 -------- d-----w- C:\Users\tamzeed\AppData\Locallow\{509CA477-2446-32B1-0ECF-84D23F91E338}
2014-08-05 15:57:11 -------- d-----w- C:\Users\tamzeed\AppData\Local\Comodo
2014-08-05 15:57:11 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-08-05 15:57:11 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-08-05 15:57:11 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-08-05 15:57:11 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-08-05 15:44:06 -------- d-----w- C:\Users\tamzeed\AppData\Roaming\HTC
2014-08-05 15:41:50 -------- d-----w- C:\Users\tamzeed\AppData\Local\Downloaded Installations
2014-07-20 06:32:23 -------- d-----w- C:\Users\tamzeed\AppData\Local\Skype
====== C:\Users\tamzeed ======
2014-08-08 11:52:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 11:52:06 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-05 16:27:27 -------- d-sh--w- C:\Users\tamzeed\IntelGraphicsProfiles
2014-08-05 15:57:55 -------- d-----w- C:\ProgramData\FreshApp installer
2014-08-05 15:57:11 6A8A1724945F50E63B006F8490F12D5F 394 --sha-r- C:\ProgramData\ntuser.pol
2014-08-05 15:57:11 -------- d-----w- C:\Users\Guest\AppData
2014-08-05 15:57:11 -------- d-----w- C:\Users\Administrator\AppData
2014-08-05 15:57:11 -------- d-----w- C:\ProgramData\be191fb80bbdb6fa
2014-08-05 15:43:34 -------- d-----w- C:\ProgramData\HTC
2014-08-05 15:38:12 -------- d-----w- C:\Users\tamzeed\.android
2014-08-01 11:24:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 06:32:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2014-08-08 11:49:25 30A4B7EB1E0B01D3D358079BE43348CC 77136 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\BA74NP69\SetupAdmin[1].exe
2014-08-08 11:49:25 30A4B7EB1E0B01D3D358079BE43348CC 77136 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 11.3.1.2\SetupAdmin.exe
2014-08-07 10:04:18 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\SkyDrive\Update\OneDriveSetup.exe
2014-08-07 10:04:18 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\OneDriveSetup.exe
2014-08-07 10:04:12 2DE22C0868B0FC1E10F06767665A9619 87200 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveConfig.exe
2014-08-06 15:48:25 D1B8356365D58B249B8E9E883E115B6A 454656 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\Quarantine.exe
2014-08-05 16:36:30 11FD8DDAB6014EECCE88F1F581604C30 1120256 ----a-w- C:\Windows\System32\SkyDrive.exe
2014-08-05 15:58:51 E717F6CE3A7429BFA6D7F3CF66737A4B 15968 --s-a-r- C:\ProgramData\InstallMate\{EF74E425-3FE1-49D1-AB3A-77C33497C6D3}\Setup.exe
2014-08-05 15:58:11 B82994CB256839F3F404CAFB29060EC6 86528 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\FastDownload.exe
2014-08-05 15:58:11 B82994CB256839F3F404CAFB29060EC6 86528 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\ZTFXMQV3\duckegg[1].exe
2014-08-05 15:58:01 C893BB4E18407334BA48CA82CDD5E2C0 2200064 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\L4FTR6SA\LQEK4_YAq[1].exe
2014-08-05 15:57:59 71C2EA2B936BA80F4BAD80937B369ADF 1085440 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\KRAALP8W\sinstall[1].exe
2014-08-05 15:57:34 065B2B778A89C0F4683604914A1BAEC8 1169920 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\BA74NP69\8IdHJ37iR4[1].exe
2014-08-05 15:57:23 CF9CB57397E3366CCA7AED68A46626F8 2159104 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\BA74NP69\n3M8L[1].exe
2014-08-05 15:57:13 5AECB82A39135B0D3922452E626AA99E 2123264 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\ZTFXMQV3\wft_Z[1].exe
2014-08-05 15:57:05 62C488D3E332C529877FB5FB45FD5A1B 1205760 ----a-w- C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\IE\BA74NP69\gce[1].exe
2014-08-05 15:45:44 9289A1927350EA1F7FD4D4DC64D3F32F 1408504 ----a-w- C:\Windows\Camera\Camera.exe
2014-08-05 15:45:42 1064CF2438DC44A13EFD13551915586D 321024 ----a-w- C:\Windows\System32\IME\SHARED\ImeBroker.exe
2014-08-05 15:45:41 FEF22922E4FA075C6C1FFF4385D74A95 99136 ----a-w- C:\Windows\FileManager\FileManager.exe
2014-08-05 15:45:41 CFD6DBED27511D7A5FBE33AFA7E6B669 76800 ----a-w- C:\Windows\System32\BulkOperationHost.exe
2014-08-05 15:45:41 A83FCE24AE4103F9DA32E8707C4B4C43 124928 ----a-w- C:\Windows\SysWOW64\wbem\WMIADAP.exe
2014-08-05 15:45:41 A09657B30C532DCF848F2B33404EF190 166400 ----a-w- C:\Windows\System32\wbem\WMIADAP.exe
2014-08-05 15:45:41 4E07710A2C9EA43E7509BF7D0452430E 106496 ----a-w- C:\Windows\SysWOW64\Robocopy.exe
2014-08-05 15:45:41 34215162FF8440E3342071D5A7FDCB3C 1192280 ----a-w- C:\Windows\Boot\PCAT\memtest.exe
2014-08-05 15:45:41 2616E8E9C8B66A67CFB6197E9517A2F2 123392 ----a-w- C:\Windows\System32\Robocopy.exe
2014-08-05 15:45:41 176CA2BB84BC1FC564CCB582FDCBFD7B 130560 ----a-w- C:\Windows\System32\BdeHdCfg.exe
2014-08-05 15:45:41 0C8AF6461266A72BE61552BB42BC13D8 361496 ----a-w- C:\Windows\FileManager\PhotosApp.exe
2014-08-05 15:45:38 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\Windows\System32\wusa.exe
2014-08-05 15:45:38 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\Windows\SysWOW64\wusa.exe
2014-08-05 15:45:34 B312E157D20E727F30EAB3A250441B6F 284672 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-08-05 15:33:31 F2B91A7F3FC80340B62B35DA38314DC9 23847936 ----a-w- C:\adb\llvm-rs-cc.exe
2014-08-05 15:33:31 DA00F9E97F84B24D845DF15A781F6F43 127488 ----a-w- C:\adb\dexdump.exe
2014-08-05 15:33:31 5B9FAE67F241F9509DFF7B903C1144EB 275968 ----a-w- C:\adb\aidl.exe
2014-08-05 15:33:31 5787E5DF1A68E7AFEA82D58E5F0D6549 815104 ----a-w- C:\adb\adb.exe
2014-08-05 15:33:31 53E766A1A124F5D7300C211E092986EF 157184 ----a-w- C:\adb\fastboot.exe
2014-08-05 15:33:31 0424E6F792738E294A691DEE051DCAA3 855040 ----a-w- C:\adb\aapt.exe
2014-08-05 15:30:52 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\{B535FA58-E105-448C-A009-912AEAB659DB}\ISBEW64.exe
2014-08-05 15:21:50 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\tamzeed\AppData\Local\Temp\{6D1A1D43-7723-4914-80DA-5D9295331EB8}\ISBEW64.exe
=== C: other files ==
2014-08-08 07:22:06 AEEDF9AAB595714D1FBA53989EA0D12E 73406 ----a-w- C:\Users\tamzeed\Downloads\Your e-Statement ASHNA AFROZE-4862xxxxxxxx1205.zip
2014-08-07 16:39:48 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-07 16:31:37 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-07 16:31:37 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-06 04:05:02 CB136B267569A62EF63D798BC90ABD5A 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-08-05 16:27:21 3BC10FA856911EAE5FE7CD700FE137B5 451 ----a-w- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-08-05 15:50:13 F47CEC45FB85791D4AB237563AD0FA8F 33736 ----a-w- C:\Users\tamzeed\Downloads\HTC_drivers_Win7_x64\androidusb.sys
2014-08-05 15:50:13 B8B1B284362E1D8135112573395D5DA5 36928 ----a-w- C:\Users\tamzeed\Downloads\HTC_drivers_Win7_x64\htcnprot.sys
2014-08-05 15:49:02 A30D1D1527326141ECB13D3D18B3AFC0 1130309 ----a-w- C:\Users\tamzeed\Downloads\HTC_drivers.zip
2014-08-05 15:45:42 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-08-05 15:45:42 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\Windows\System32\drivers\agilevpn.sys
2014-08-05 15:45:41 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\Windows\System32\drivers\vwifimp.sys
2014-08-05 15:45:41 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\Windows\System32\drivers\vwififlt.sys
2014-08-05 15:45:38 D18EC2C83C2F773C9476A4FB0AA4C314 295424 ----a-w- C:\Windows\System32\drivers\ks.sys
2014-08-05 15:45:36 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-08-05 15:45:35 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-08-05 15:45:34 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\Windows\System32\drivers\usbport.sys
2014-08-05 15:45:34 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-08-05 15:45:34 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\Windows\System32\drivers\usbhub.sys
2014-08-05 15:45:34 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2014-08-05 15:45:34 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-08-05 15:45:34 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\Windows\System32\drivers\usbehci.sys
2014-08-05 15:45:34 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-08-05 15:45:33 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\Windows\System32\drivers\usbd.sys
2014-08-05 15:33:31 F232A6AEBA56A296A9976AF455BC42B9 2618 ----a-w- C:\adb\dx.bat
2014-08-05 14:19:04 019EA60D5782037A9357BDC5E7008F2E 609 ----a-w- C:\Windows\Temp\2014080500004652.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-337482602-2789512015-188417483-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"
"SkyDrive"="C:\Users\tamzeed\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Google Update"="C:\Users\tamzeed\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"uTorrent"="C:\Users\tamzeed\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Viber"="C:\Users\tamzeed\AppData\Local\Viber\Viber.exe StartMinimized"
"GoogleChromeAutoLaunch_13BCE68E3A2859AD2AA508E6DC1FBC13"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"doubleTwist"="C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe"
"AirPort Base Station Agent"="C:\Program Files (x86)\AirPort\APAgent.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"
"SkyDrive"="C:\Users\tamzeed\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Google Update"="C:\Users\tamzeed\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"uTorrent"="C:\Users\tamzeed\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Viber"="C:\Users\tamzeed\AppData\Local\Viber\Viber.exe StartMinimized"
"GoogleChromeAutoLaunch_13BCE68E3A2859AD2AA508E6DC1FBC13"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"

==== Startup Folders ======================

2013-05-21 03:05:36 1103 ----a-w- C:\Users\tamzeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-07-01 14:10:38 872 ----a-w- C:\Users\tamzeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-337482602-2789512015-188417483-1001Core.job --a-------- C:\Users\tamzeed\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-337482602-2789512015-188417483-1001UA.job --a-------- C:\Users\tamzeed\AppData\Local\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\Core Temp Autostart tamzeed" ["C:\Program Files (x86)\CoreTemp64\Core Temp.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-337482602-2789512015-188417483-1001Core" [C:\Users\tamzeed\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-337482602-2789512015-188417483-1001UA" [C:\Users\tamzeed\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\{F7C5FD33-11C7-40EF-8951-F1E5E2F44401}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[08/07/2014 03:48 PM]

Closed tabs - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
MySearch - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Entanglement Web App - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd
Google Voice Search Hotword (Beta) - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
WOT - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Cast - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Google Search - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
WGT Golf Challenge - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg
AT_MEcko - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk
AdBlock - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Keep - notes and lists - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki
YouTube - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm
IDM Integration Module - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn
Downloads - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb
Evernote Web - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Poppit - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Google Search - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk
FastestFox for Chrome - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm
Google Wallet - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs PDFPowerPoint Viewer by Google - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn
pricechop - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Google Calendar Checker - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek
Closed tabs - tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki

==== Chromium Startpages ======================

C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{06D10FAF-FA6B-40B3-9EC4-C0075C1A3BE4} Search.us Url="http://search.us.com/serp?guid={6EB...DE237C}&action=default_search&k={searchTerms}"
{506390B6-7262-448F-8D4A-3F585DE66C08} Yahoo! Url="http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 09/08/2014 at 1:08:39.13 ======================

 

[Tamzeed Ahmed]

would like to remove Mysearch as well...

 

[TwinHeadedEagle]

Very good

Fix with ZOEK

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  C:\Windows\System32\GroupPolicy\Machine;fs
  C:\Windows\System32\GroupPolicy\User;fs
  C:\Windows\System32\GroupPolicy\GPT.INI;f
  C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
  eonffnnfmbfnmjpaiigdclmfelolemah;chr
  gckijeanmkodpjhpnciaeiomoophilml;chr
  oodfcjjelfikagdjpclfdiifblanfkki;chr
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Tamzeed Ahmed]

New Zoek log file results:


Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by tamzeed on 09/08/2014 at 1:22:54.90.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\tamzeed\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-08-170839.log 45362 bytes

==== System Restore Info ======================

09/08/2014 01:24:51 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-337482602-2789512015-188417483-1001\Software\Microsoft\Internet Explorer\SearchScopes\{06D10FAF-FA6B-40B3-9EC4-C0075C1A3BE4} deleted successfully
HKEY_USERS\S-1-5-21-337482602-2789512015-188417483-1001\Software\Microsoft\Internet Explorer\SearchScopes\{506390B6-7262-448F-8D4A-3F585DE66C08} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\splashtopremoteservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\splashtopremoteservice deleted successfully

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\tamzeed\AppData\LocalLow\{32D846B9-FB1E-DDF1-7B82-A29BF4CAFE5A} deleted
C:\Users\tamzeed\AppData\LocalLow\{372ABD4D-A490-2935-5A48-6A07D94F67F7} deleted
C:\Users\tamzeed\AppData\LocalLow\{509CA477-2446-32B1-0ECF-84D23F91E338} deleted
C:\Users\tamzeed\AppData\Local\Packages\windows_ie_ac_001\AC\{32D846B9-FB1E-DDF1-7B82-A29BF4CAFE5A} deleted
C:\Users\tamzeed\AppData\Local\Packages\windows_ie_ac_001\AC\{372ABD4D-A490-2935-5A48-6A07D94F67F7} deleted
C:\Users\tamzeed\AppData\Local\Packages\windows_ie_ac_001\AC\{509CA477-2446-32B1-0ECF-84D23F91E338} deleted
C:\PROGRA~3\FreshApp installer deleted
C:\Users\tamzeed\.android deleted
C:\PROGRA~2\GUT98AE.tmp deleted
C:\PROGRA~2\GUM98AD.tmp deleted
C:\PROGRA~2\Splashtop deleted
C:\Users\tamzeed\AppData\Roaming\Network Meter_Settings.ini deleted
C:\Users\tamzeed\AppData\Roaming\Network Meter_Usage.ini deleted
C:\Users\tamzeed\AppData\Roaming\Network Monitor II_Settings.ini deleted
C:\Users\tamzeed\AppData\Roaming\Network Monitor II_Traffic.ini deleted
C:\PROGRA~3\Splashtop deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\tamzeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager deleted
C:\Users\tamzeed\Searches deleted
C:\WINDOWS\Syswow64\lMMLDeleteUserData42107612FX.tmp deleted
"C:\windows\SysNative\GroupPolicy\GPT.INI" deleted
"C:\Windows\SysWOW64\GroupPolicy\gpt.ini" deleted
"C:\PROGRA~3\be191fb80bbdb6fa\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140805235732" deleted
"C:\PROGRA~3\be191fb80bbdb6fa\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140805235739" deleted
"C:\PROGRA~3\be191fb80bbdb6fa\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.20140805235810" deleted
"C:\PROGRA~3\be191fb80bbdb6fa\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140805235711" deleted
"C:\PROGRA~3\be191fb80bbdb6fa\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140805235722" deleted
"C:\PROGRA~2\Internet Download Manager\IDMan.exe" deleted
"C:\PROGRA~2\Internet Download Manager\IDMNetMon64.dll" deleted
"C:\PROGRA~2\Internet Download Manager\IDMShellExt64.dll" deleted
"C:\PROGRA~3\be191fb80bbdb6fa" deleted
"C:\PROGRA~2\Internet Download Manager" not deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[]

Closed tabs - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
MySearch - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Closed tabs - tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Entanglement Web App - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd
Google Voice Search Hotword (Beta) - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
WOT - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Cast - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Google Search - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
WGT Golf Challenge - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg
AT_MEcko - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk
AdBlock - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Keep - notes and lists - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki
YouTube - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm
IDM Integration Module - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn
Downloads - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb
Evernote Web - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Poppit - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Google Search - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk
FastestFox for Chrome - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm
Google Wallet - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs PDFPowerPoint Viewer by Google - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn
pricechop - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki
Google Calendar Checker - tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek
Closed tabs - tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
MySearch - tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml
pricechop - tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki

==== Chromium Startpages ======================

C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],


==== Chrome Fix ======================

C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.xpgamesaves.com_0.localstorage deleted successfully
C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.xpgamesaves.com_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah deleted successfully
C:\Users\tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah deleted successfully
C:\Users\tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gckijeanmkodpjhpnciaeiomoophilml deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\tamzeed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\tamzeed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oodfcjjelfikagdjpclfdiifblanfkki deleted successfully
C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully
C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-337482602-2789512015-188417483-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_USERS\S-1-5-21-337482602-2789512015-188417483-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\8c632f3e-d3d3-4ce1-8306-41a373dabfbf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tamzeed\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\tamzeed\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=543 folders=128 201975411 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tamzeed\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\tamzeed\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Internet Download Manager" not found

==== EOF on 09/08/2014 at 2:17:04.27 ======================

 

[TwinHeadedEagle]

Very good, tell me how is your PC now?

 

[Tamzeed Ahmed]

Wow. just realized all those extensions are gone!! Thanks so much for your help! Really appreciate it!

 

[TwinHeadedEagle]

Nice, then we're done here


Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:
​

MUST READ - security tips: Computer Security - a short guide to staying safer online. Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

FiheHippo.com Update Checker - to keep your programs up-to-date.

Adblock - to surf the web without annoying ads!



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[TwinHeadedEagle]

Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!