Threat Detected

Hey there! I’m having 14 different popups happen every time my laptop wakes up that show this website (listed below) and one other one. Is there a fix for this yet? It’s been happening a couple weeks now, but luckily I don’t use this laptop much.

Thank you so much! I really appreciate you guys!

URL: http://simplesitescan.net/4141/CutterGeneration_142669028215736.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

URL: http://simplesitescan.net/4141/AppendRunner_142669424827344.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

URL: http://simplesitescan.net/4141/truepdf_142667180461597.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exef

and

URL: http://simplesitescan.net/4141/CutterGeneration_142669028204835.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

URL: http://simplesitescan.net/4141/PragmaEngine_142669353230044.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

URL: http://simplesitescan.net/4141/CutterGeneration_142669028204835.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

URL: http://anythicago.com/4141/TroubleFix_142669689973443.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

URL: http://alwaysisobar.com/4141/CutterSystem_142669222898480.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and

URL: http://simplesitescan.net/4141/AppendRunner_142669424827344.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

and another one that keeps happening so fast I haven’t been able to click it fast enough to copy that lists another URL.

I see other people are having this issue too. :frowning:

Thanks for your help.

Just in case you need this…

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Chele on Fri 06/26/2015 at 22:46:57.82.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chele\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-06-27-023501.log 14844 bytes

==== System Restore Info ======================

6/26/2015 10:51:29 PM Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Chele\AppData\Roaming\Mozilla\Firefox\Profiles\btok0dom.default
user_pref(“browser.startup.homepage”, “https://www.google.com/?trackid=sp-006”);
user_pref(“browser.search.defaulturl”, “https://www.google.com/search/?trackid=sp-006”);
user_pref(“browser.newtab.url”, “about:newtab”);
user_pref(“browser.search.defaultengine”, “Google (avast)”);
user_pref(“browser.search.defaultenginename”, “Google (avast)”);
user_pref(“browser.search.defaultenginename.US”, “Google (avast)”);
user_pref(“browser.search.selectedEngine”, “Google (avast)”);
user_pref(“keyword.URL”, “https://www.google.com/search/?trackid=sp-006”);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF” [05/02/2015 07:37 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

  • Default - %AppDir%\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[03/18/2015 01:24 PM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/18/2015 01:24 PM]
mjdepfkicdcciagbigfcmdhknnoaaegf - C:\Windows\SysWow64\wcxChrome.crx[02/28/2013 07:24 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found

BIODIGITAL HUMAN - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
Twitter Map - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmflajicfghjbedfjgaiimfcffkiime
Facebook - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm
Logitech Smooth Scrolling - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Autocomplete = on - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh
Fun with Anatomy: 3D Skeletal Edition - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaipbgjneincgihdfdbmjfeobinapea
Avast SafePrice - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Anatomy Skills - Bones - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hceicicieekfooimifknlpmgdokmdajn
Kindle Cloud Reader - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
The Weather Channel for Chrome - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
Chrome Hotword Shared Module - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Drive App Launcher - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
World Map - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nipmhcphldahmaffcapambikpnmdpbka
Transcribe transcribe audio/interviews fast - Chele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm

==== Chromium Startpages ======================

C:\Users\Chele\AppData\Local\Google\Chrome\User Data\Default\Preferences
5B7B0F480CFACF7B0CCBDCA9E9",“bepbmhgboaologfdajaanbcjmnhjmhfn”:“60245A568B1C2585B69E5ED43559EE94772411006CEA198D1BCE05DCAC9FC83D”,“blpcfgokakmgnkcojhhkbfbldkacnbeo”:“A0260F90F18B7C9FA1EF2A0A44F71C2B6194B74A70FE7235E6949B80A9849B3B”,“bnmflajicfghjbedfjgaiimfcffkiime”:“3962FF6D618654AC6A567E186DBA7BA3126ED8FED7D8440BE3F435B4630D2143”,“boeajhmfdjldchidhphikilcgdacljfm”:“4D1911A28A44208139AFC31C7B46ACD7E640612A8B1117CF01AC223519206B58”,“cfhdojbkjhnklbpkdaibdccddilifddb”:“9255C4C061439991D5D4FDBF5EDDF19128F40D8FB9476C139C82A817EE46B1BB”,“cmedhionkhpnakcndndgjdbohmhepckk”:“1B97BB522D7159522DAD9086B0E2E17CE472A8A46B0F6CD78812CF95F8A79826”,“coobgpohoikkiipiblmjeljniedjpjpf”:“9670CE9A9CD814098D04A7BF1F70BBB50DA3261BB2517E07EDCFCB72D8A485FB”,“dajdnhmdgikmjbcggoihnbmnnkbmljlg”:“78D9295AF1A8CA742F58B9D7FD98EC5FE5156745CF19137AED810D7838FD47C3”,“dkpejdfnpdkhifgbancbammdijojoffk”:“A698BFEC7C26BC7F843F7837FA6276199502CA2262743D0BCBEEE2A8AE35C28E”,“dnhpdliibojhegemfjheidglijccjfmc”:“610184BB1CF87FF7D0A9D412EEDDC99C87CB7F398E6E11CEA8F7583248580262”,“ecpgkdflcnofdbbkiggklcfmgbnbabhh”:“4BEAF4BF4CF17CA944177B0E88F57164796A8207A9FE991008BFDE53E3A58BF2”,“edaipbgjneincgihdfdbmjfeobinapea”:“F2C417BC97B455E4926AB4E4B0363167DDE00BF89873F8113D1BBA947CB85698”,“eemcgdkfndhakfknompkggombfjjjeno”:“78E285AA986A8403B7FD2823041FAF4B4533CCAF74D7E05BF161ED5C16B2EA65”,“ennkphjdgehloodpbhlhldgbnhmacadg”:“BEF38F461FDFE8BA3A6A6E9A37F4CC0DB34FE97BBCC00226DFFD6C0C3AA34531”,“eofcbnmajmjmplflapaojjnihcjkigck”:“87F0C293E598B1C522275B81BD38C03522564BB3F51A5CDDE060F92E11EFB1A9”,“gfdkimpbcpahaombhbimeihdjnejgicl”:“C9CCEA479AA11D7729473BE375E1D6D3E75928058E785104312F62D0FAF080AE”,“gomekmidlodglbbmalcneegieacbdmki”:“2FA3C0CF324B59FA53AD04B2FD36D3F0F006078D6AB943F10B6757262808DABC”,“hceicicieekfooimifknlpmgdokmdajn”:“3FA60871C35FFA1846F0623E0A4B0447365D58E7032F85A51F53AC42C3E299BE”,“icdipabjmbhpdkjaihfjoikhjjeneebd”:“6BC59A61C03067CAB5C6497F6184006E62210FF5C9F1D12C3097FF969FD688C5”,“iflpcokdamgefbghpdipcibmhlkdopop”:“C5CFC6943F7C01E9C2D24EAA6A81374562859FA149A0F1752034C4195A96439B”,“kmendfapggjehodndflmmgagdbamhnfd”:“19263AB5B39948FB1EE9520B7B23E0E4170D32914AAE6630F53084A671D9D606”,“lccekmodgklaepjeofjdjpbminllajkg”:“C2486481EC52A134A32AF7BD50B118D6F754BEDA35C06C0F01945AEC30115C00”,“lmjegmlicamnimmfhcmpkclmigmmcbeh”:“131B55E6E7DA277CD713CCC9BAD52DB6089663F3F5BC2B250D0A3DEE80CADE0A”,“mfehgcgbbipciphmccgaenjidiccnmng”:“030AF09D3F02771811DB3AA068B92A44396A7681754722A8294417E5F264F91C”,“mfffpogegjflfpflabcdkioaeobkgjik”:“6C666DA3C2DA8A48936B86401166F511E90D3D5774D45650977F2AC6491423F4”,“mgfnmhniceiffkikkajenpipjogkpeli”:“13E1C962F5822A5B18EF3E3D3B27E6DE0B8E9C1E2064F3F4CC2082BEBD4DF235”,“mgndgikekgjfcpckkfioiadnlibdjbkf”:“58E46CD00114F1C85D1BC8C58E47850ABEB4FECE72C7E33FDFE73E82887E5F2D”,“mhjfbmdgcfjbbpaeojofohoefgiehjai”:“D4DC043C3EA615ABFB9C7C2C2E6DBD62BFA0B84B39651AAB723492B9D7690A09”,“mjdepfkicdcciagbigfcmdhknnoaaegf”:“494A7DA716215ED79665EFE0D607126AFC8ABB07D1CD019B7FA40ADB7678C14D”,“nbpagnldghgfoolbancepceaanlmhfmd”:“1C1BD6348E9CEF97C890D25922170A11D2C97FA8B69C1752633B98DABE1E10E2”,“ncmbijiohlhcebehocccjlfmenjkgnmf”:“655B7C128E08F7E28129611C13B5588A4BA7BBFFEADFA3370E23C10058335650”,“neajdppkdcdipfabeoofebfddakdcjhd”:“84351C4AC31D17AC871A18A649711CF4EC30B70AE313BD2BD977B17FA700E0D6”,“nipmhcphldahmaffcapambikpnmdpbka”:“1AE5573FE4F5D0C63B6B9C9AA369E13CD8C2D3AD0D095252821568BD419FA6B8”,“nkeimhogjdpnpccoofpliimaahmaaome”:“1D26FCF9870CDA3648C469FAAB64EF6916F8915E4B9880D4426670E078961B33”,“nmmhkkegccagdldgiimedpiccmgmieda”:“A4C92B9BD9897764B971F7CD4B95C709CD739AF5559C75D1BD9AB63AF09B8A3F”,“noibmlfclijjipjajmgfgejgcaioholk”:“BCBE56F591C9A8FA86106E5EC53AD1F5850A2B04A70EC403B347639F72A436DB”,“npnelmbegaeghmfgcfidjckefcocieih”:“31D8CEC74A5DB521F527FC133B4EFD745E2E435AD68B7EA5DB3F566EBB7631FD”,“ogokenmicnjdfhmhocanoemnddmpcjjm”:“FEF28DF317D65BF640EB6902DF66CF8269050C9DE0D28C0E6773CB3DEFB723F7”,“pafkbggdmjlpgkdkcbjmhmfcdpncadgh”:“0B13A9F2EC8B106DA408678498960ACB99E0C73A5AA5F592519262C3F12949CE”,“pgehlfiodkonepliockofnonigghjkge”:“CC6BE0ED6802D039A713427E30D5109E31E79DC7962861726C08B36A78AC7EBF”,“pjkljhegncpnkpknbcohdijeoejaedia”:“6045EF0CE83545CF4AB095F3E12AC3E26C6E43FB213CB7CC1E3323537BED37F9”}},“google”:{“services”:{“last_username”:“CDBF13CEB1055561DA8BDE0C629F0544AE89608270671DBD560A2F1045411266”,“username”:“0F50998CC3375EEE93C80E6D472DFDC5366B36A1E4DF2E278E7869A65E348CBE”}},“homepage”:“1AE292F43FE2C22E57BE57A9D0E9596E55748F8658B90317FC95D4DF222B5264”,“homepage_is_newtabpage”:“CDFFF1C0F3F5170A294DE021608FF731AE1444B85CCBA37D20DDE1167B5CAFFE”,“pinned_tabs”:“B4AA8AD3A7A4B41700CEFF242E30AF0F211954D3A18B2C1B8182D3F895A9FB33”,“prefs”:{“preference_reset_time”:“4F4748A6ADB15D78FF316670D143B249F57D438AF5223B8DDD6E6D5C2645C7C1”},“profile”:{“reset_prompt_memento”:“9744091895A502BDB873DCCDFBBBBD869A0B8A831AD261D065042C99DD9E4750”},“safebrowsing”:{“incidents_sent”:“C955FB21CBC3C990225329DA8B4A15023894245D3305C336B49CDE6A497ABB3E”},“search_provider_overrides”:“10A6EBAABD13EE53AD445666638A486A657B4D63AE581DC94EAC9F38CC171146”,“session”:{“restore_on_startup”:“10FC17A67308E44B2ABE1BC628AF288489F15BAA71A2E762A55205305C6ECE95”,“startup_urls”:“149E34C0A298D9B6EE988060270FC74DA41BE23D1777135F50165128FFC13C36”},“software_reporter”:{“prompt_reason”:“1431AC4FF760979E91B2580D04A3436C97264D44F481F7371E5A62FCF45DA1D7”,“prompt_seed”:“45606C88DD92727FE96A1004B63C1B641F29C0ECDF4DFB28D113AB314D95DFEC”,“prompt_version”:“5DAA9F627877B7A9D5DB7E32CD268F1676EA87A6E8A8B94196A2F522A0109B00”},“sync”:{“remaining_rollback_tries”:“6A0447FB29C6D6F3948E5CC8BEF98FA4EB2BB3554C11496E20C292BC129D42F0”}},“super_mac”:“DBA317B0FFB8011BDAE94DF66D71221D07C8C578B6B7E1EA93A83728611BC11E”},“session”:{“restore_on_startup”:4,“startup_urls”:[“https://mail.google.com/mail/u/0/?tab=wm"]},“sync”:{"remaining_rollback_tries”:0}}

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.google.com/

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.google.com/

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chele\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Chele\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\6oclgys7.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Chele\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=7 250402913 bytes)

==== Empty Temp Folders ======================

C:\Users\Chele\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Chele\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:$RECYCLE.BIN successfully emptied

==== EOF on Fri 06/26/2015 at 23:30:52.08 ======================

Hello,

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Hello again. I have done as you asked. Here is the FRST and the addition txt…

Thank you so much for your help. I appreciate you. Would it help if I upgraded to the paid version?

Thanks again.

I don’t think so, but if you want slightly better protection you can upgrade to paid version. You can check comparison between versions at Avast website.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Hi again! Here is the fixlog.

Thanks again. This time when it rebooted it lagged so i haven’t seen those popup threat alerts yet. Maybe they are gone… Let’s hope!!

Yes, it should be gone now.

It’s been a couple days now and it’s working fine with no more threat detection alerts. Thank you so much for your help!