Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need help removing Trovi a browser hijacker, Norton failed to find a


  • This topic is locked This topic is locked

#16
bittercreek1414

bittercreek1414

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Adam,

 

I tried to download, the CKscanner . My Norton 

antivirus program keeps removing it, saying it is a threat. It doesn't give me any options. I don't know what I should do. I tried to download it several times and then decided to check with you. I copied this info from Norton, when I view details after it removed the program (what I copied and pasted BELOW) is what it said.
 
I downloaded MGADiag but didn't run it yet because I wanted to see if I should do the CKScanner first.
 
I do not recognize the program you asked about C:Windows/AutoKMS. Should I remove it?
 
Let me know what to do from here. Thanks again for your assistance.
 
Linda
 
 
 
 
 
 
 
 
 
 
WS.Reputation.1
 
Updated: February 15, 2012 3:15:47 PM Type: Other Risk Impact: High Systems Affected: Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
 
 
Behavior WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques. Antivirus Protection Dates
  • Initial Rapid Release version March 27, 2009
  • Latest Rapid Release version April 20, 2010 revision 025
  • Initial Daily Certified version March 27, 2009 revision 005
  • Latest Daily Certified version April 20, 2010 revision 024
  • Initial Weekly Certified release date April 1, 2009
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
 

  • 0

Advertisements


#17
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Hi Linda,

I hope all is well now.

CKScanner is perfectly safe. The detection of it by Norton is known as a false-positive and not something to be concerned about.

Please temporarily disable Norton, and repeat the steps to download and run CKScanner. You can disable Norton by right-clicking the Norton icon in your System Tray, and selecting temporarily disable. Pick the lowest time offered to you.

Please include CKFiles.txt and the MGADiag log in your next reply.
  • 0

#18
bittercreek1414

bittercreek1414

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

sorry, I didn't see your reply. working on what you told me now.


Edited by bittercreek1414, 03 September 2014 - 07:38 PM.

  • 0

#19
bittercreek1414

bittercreek1414

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-xxxxxxxxxxxxxxxxxxxx
Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
Windows Product ID: 00371-OEM-8992671-00008
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {E1A618ED-C6B5-4439-9ADA-E0DCD4F76E9E}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E1A618ED-C6B5-4439-9ADA-E0DCD4F76E9E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-156859833-1109330561-1971365752</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq 6910p (AK677US#ABA)</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68MCD Ver. F.16</Version><SMBIOSVersion major="2" minor="4"/><Date>20080818000000.000000+000</Date></BIOS><HWID>9AAA3F07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-WKS</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, Professional edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700008-02-1033-7601.0000-2372014
Installation ID: 016712309016498681239190910945417561456834315601954713
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 6P6GT
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 9/3/2014 9:44:43 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAEABQABAAEAAAABAAAAAgABAAEAJJQAMJXkRoN0+LB4UtUGDAIHeih+HKYoHNMqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   HP      30C1   
  FACP   HP      30C1   
  HPET   HP      30C1   
  MCFG   HP      30C1   
  TCPA   HP      30C1   
  SSDT   HP      HPQSAT
  SSDT   HP      HPQSAT
  SSDT   HP      HPQSAT
  SSDT   HP      HPQSAT
  SSDT   HP      HPQSAT
  SLIC   HPQOEM  SLIC-WKS

This is what I got after running the CKScanner

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.VJAPWZ
 ----- EOF -----
 

 

Thanks again for your assistance. I hope I did it right. This is all foreign to me.

Linda


  • 0

#20
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Linda, 
 
Sorry for the delay. I've had to consult with a colleague regarding a few items. 
 
For now, please do the following: 
 
GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

  • 0

#21
bittercreek1414

bittercreek1414

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Results of the ESET Online Scan

 

C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Disketch\disketch.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Disketch\disketchsetup_v3.24.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburn.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburnsetup_v4.66.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\WavePad\wavepad.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\WavePad\wavepadsetup_v5.96.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS Trojan

 

Thanks,

Linda


Edited by bittercreek1414, 05 September 2014 - 07:20 PM.

  • 0

#22
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Linda,

 

In your opening posts, you mentioned this was a second-hand computer. Where exactly did you purchase it from? Was it from your local computer repair store?

 

Do you know if your Operating System (Windows 7) and Microsoft Office (Microsoft Office Professional Plus 2013) are licensed? 


  • 0

#23
bittercreek1414

bittercreek1414

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Adam,

 

I bought it from a guy that repairs computers. He has an ad for his business on the online yard sale in my county. So I don't really know if they are licensed. I thought Windows  came with the computer so I figured at least it was legitimate. Is that what is wrong with it? Why it is so slow?

 

All the programs on here were already on it when I got it, except Norton anti virus, I added. I can live without almost all of these programs. I just wanted my daughter to be able to play Facebook games, which it won't play because it is so slow.

 

Linda


Edited by bittercreek1414, 06 September 2014 - 08:34 PM.

  • 0

#24
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Linda, 

 

Unfortunately, based on the various logs you've provided, I suspect both your Operating System (Windows 7) and Microsoft Office (Professional Plus 2013) are cracked. There are no less than 6 different indicators in your logs that would suggest this is the case. 

 

This essentially means your computer cannot be "fixed". As with the nature of most/all cracked software, not only does it pose a serious security risk, it also in many cases, does not function correctly. Attempting to resolve your issues here is not a worthwhile exercise, as the main issue (your cracked OS) cannot be resolved without wiping the drive and installing a legitimate copy of Windows. 

 

Software is cracked to bypass activation, and to avoid paying the license fee. However, almost all cracked software will come with issues - most notably, malware. Here are some articles on cracked software. 

 

Here's what I think you should do. 

  • Refrain from completely using the machine for the time being.
  • Contact Microsoft. Explain that you believe the shop that sold you the computer is distributing cracked software, and what your best course of action is. 
  • Contact the shop that sold you the computer. This will unlikely yield any useful results, but is still worthwhile trying in my opinion.

  • 0

#25
bittercreek1414

bittercreek1414

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Adam,

 

I am so sorry that I took so much of your time. I did not know, I've never even heard of cracked software. I thought I might be taking a chance buying a used computer but I thought as long as it worked it would be okay. Well, it didn't work, as least did not work right and then when it had that Trovi hijacker thing, I thought I could just get rid of that.

 

I appreciate your help and the information you gave me. I WILL contact the guy I bought it from and hope he works with me. At $150 I didn't even think it was such a great deal that I should be suspicious. Oh well, live and learn.

 

Thanks again for all your time and help. I really appreciate what ya'll do here.

 

Sincerely,

Linda


  • 0

Advertisements


#26
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Linda, 
 

I am so sorry that I took so much of your time.

Not a problem at all.
 

At $150 I didn't even think it was such a great deal that I should be suspicious.

I think you would struggle to purchase Microsoft Office Professional Plus 2013 for that cost, let alone Windows 7 and the machine as well.

 

Good luck Linda.

I will close this thread, but if you have any additional questions you are more than welcome to ask it be reopened. 


  • 0

#27
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP