Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Spyware/Hijacked Browser

Started by heyage13 , Dec 09 2014 07:34 PM

  • This topic is locked This topic is locked

#1
heyage13
Posted 09 December 2014 - 07:34 PM

heyage13

    Member

  • Member
  • PipPipPip
  • 132 posts

Hello, 

 

It seems as though my laptop PC has acquired some sort of malware. Certain words in my web browser are highlighted and lead to other "dealsaver" webpages, A browser add-on Called "ShopNNSAUVE" was installed on its own (which I have since uninstalled), and a new tab constantly opens with directions to contact a 1-888 number for assistantce with removing spyware from my PC. 

 

Please help!

 

Thank you very much!


  • 0

Advertisements

#2
zep516
Posted 09 December 2014 - 08:50 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,095 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
heyage13
Posted 14 December 2014 - 11:33 AM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Sorry for the late reply been very busy. As well, thanks for getting back to me :)

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014
Ran by Laptop (administrator) on LAPTOP-PC on 14-12-2014 12:31:34
Running from C:\Users\Laptop\Desktop
Loaded Profile: Laptop (Available profiles: Laptop)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2831346804-4224379402-4095742990-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2831346804-4224379402-4095742990-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-28]
CHR Extension: (Google Docs) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28]
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-28]
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28]
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28]
CHR Extension: (Google Sheets) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-28]
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28]
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28]
CHR Extension: (BuyNNsavue) - C:\ProgramData\dadncacoiojifmgobdhjjfhhinmefgfd\ [2014-11-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-14 12:28 - 2014-12-14 12:29 - 00014537 _____ () C:\Users\Laptop\Desktop\Addition.txt
2014-12-14 12:27 - 2014-12-14 12:31 - 00005418 _____ () C:\Users\Laptop\Desktop\FRST.txt
2014-12-14 12:27 - 2014-12-14 12:31 - 00000000 ____D () C:\FRST
2014-12-14 12:26 - 2014-12-14 12:26 - 02119680 _____ (Farbar) C:\Users\Laptop\Desktop\FRST64.exe
2014-12-14 12:24 - 2014-12-14 12:24 - 01145992 _____ () C:\Users\Laptop\Downloads\Unconfirmed 840552.crdownload
2014-12-08 22:19 - 2014-12-08 22:19 - 00000000 ____D () C:\Users\Laptop\Documents\Sonic Academy
2014-12-07 17:46 - 2014-12-07 17:46 - 00000000 ____D () C:\ProgramData\dadncacoiojifmgobdhjjfhhinmefgfd
2014-12-07 17:46 - 2014-12-07 17:46 - 00000000 ____D () C:\ProgramData\11136701001618742780
2014-12-03 23:11 - 2014-12-03 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1
2014-12-03 22:50 - 2014-12-03 22:50 - 00000000 ____D () C:\Program Files\Steinberg
2014-12-03 22:15 - 2014-12-03 22:15 - 00000000 ____D () C:\ProgramData\Sonic Academy
2014-12-01 23:14 - 2014-12-01 23:14 - 00001280 _____ () C:\Users\Laptop\Desktop\Harmor.lnk
2014-12-01 23:11 - 2014-12-01 23:11 - 01922688 _____ () C:\Users\Laptop\Downloads\winrar-x64-511.exe
2014-12-01 23:11 - 2014-12-01 23:11 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\WinRAR
2014-12-01 23:11 - 2014-12-01 23:11 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-01 23:11 - 2014-12-01 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-01 23:11 - 2014-12-01 23:11 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-01 23:09 - 2014-12-01 23:09 - 00371008 _____ () C:\Users\Laptop\Downloads\SoftonicDownloader_for_winrar.exe
2014-12-01 23:02 - 2014-12-01 23:02 - 00005205 _____ () C:\Users\Laptop\Downloads\[kickass.so]image.line.harmor.standalone.vsti.v1.0.0.assign.torrent
2014-12-01 22:47 - 2014-12-01 22:47 - 00000000 ____D () C:\Program Files\Image-Line
2014-12-01 22:47 - 2014-12-01 22:47 - 00000000 ____D () C:\Program Files\Common Files\VST2
2014-12-01 22:43 - 2014-12-01 22:43 - 51912016 _____ () C:\Users\Laptop\Downloads\harmor_install.exe
2014-11-29 20:21 - 2014-11-29 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2014-11-29 20:21 - 2009-10-24 21:15 - 01332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2014-11-28 22:09 - 2014-11-28 22:09 - 00000000 ____D () C:\Users\Laptop\Documents\Native Instruments
2014-11-28 22:09 - 2014-11-28 22:09 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Native Instruments
2014-11-28 22:01 - 2014-11-28 22:01 - 00000990 _____ () C:\Users\Public\Desktop\Massive.lnk
2014-11-28 22:01 - 2014-11-28 22:01 - 00000000 __HDC () C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2014-11-28 22:01 - 2014-11-28 22:01 - 00000000 __HDC () C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2014-11-28 22:01 - 2014-11-28 22:01 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-11-28 22:01 - 2014-11-28 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-11-28 22:01 - 2014-11-28 22:01 - 00000000 ____D () C:\Program Files\Native Instruments
2014-11-28 22:01 - 2014-11-28 22:01 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-11-28 21:59 - 2014-11-28 21:59 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\PowerISO
2014-11-28 21:56 - 2014-11-28 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-11-28 21:56 - 2014-11-28 21:56 - 00000000 ____D () C:\Program Files\PowerISO
2014-11-28 21:56 - 2014-10-08 08:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2014-11-28 21:55 - 2014-11-28 21:55 - 02878920 _____ (Power Software Ltd) C:\Users\Laptop\Downloads\PowerISO6-x64.exe
2014-11-28 21:51 - 2014-11-28 21:51 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Apple Computer
2014-11-28 21:48 - 2014-11-28 21:48 - 01640984 _____ () C:\Users\Laptop\Downloads\SetupVirtualCloneDrive5470.exe
2014-11-28 21:42 - 2014-11-28 21:42 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-11-28 21:42 - 2014-11-28 21:42 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-11-28 21:42 - 2014-11-28 21:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-11-28 21:41 - 2014-12-07 18:07 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-11-28 21:41 - 2014-12-01 23:14 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-11-28 21:41 - 2014-11-28 21:41 - 00001150 _____ () C:\Users\Laptop\Desktop\FL Studio 10.lnk
2014-11-28 21:41 - 2014-11-28 21:41 - 00000000 ____D () C:\Users\Laptop\Documents\Image-Line
2014-11-28 21:41 - 2014-11-28 21:41 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-11-28 21:41 - 2014-11-28 21:41 - 00000000 ____D () C:\Program Files (x86)\Outsim
2014-11-28 21:41 - 2014-11-28 21:41 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-11-28 21:41 - 2009-09-15 04:14 - 01554944 _____ (HMS http://hp.vector.co....thors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2014-11-28 21:41 - 2006-06-20 03:56 - 00225280 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2014-11-28 21:39 - 2014-12-01 22:44 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-11-28 21:22 - 2014-11-28 21:22 - 00000000 ____D () C:\Users\Laptop\.swt
2014-11-28 21:21 - 2014-12-09 20:45 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Azureus
2014-11-28 21:21 - 2014-11-28 21:21 - 00001798 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-11-28 21:21 - 2014-11-28 21:21 - 00000000 ____D () C:\Program Files\Vuze
2014-11-28 21:19 - 2014-11-28 21:19 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Laptop\Downloads\VuzeBittorrentClientInstaller.exe
2014-11-28 19:33 - 2014-12-12 23:17 - 00000000 ____D () C:\Users\Laptop\Desktop\DJ Tools
2014-11-28 19:28 - 2014-11-28 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-28 19:27 - 2014-12-14 12:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 19:27 - 2014-12-12 23:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 19:27 - 2014-11-28 19:28 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Google
2014-11-28 19:27 - 2014-11-28 19:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-28 19:27 - 2014-11-28 19:27 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-28 19:27 - 2014-11-28 19:27 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-28 19:26 - 2014-11-28 19:27 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Deployment
2014-11-28 19:26 - 2014-11-28 19:26 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Apps\2.0
2014-11-28 19:25 - 2014-11-28 19:25 - 00000000 __SHD () C:\Users\Laptop\AppData\Local\EmieUserList
2014-11-28 19:25 - 2014-11-28 19:25 - 00000000 __SHD () C:\Users\Laptop\AppData\Local\EmieSiteList
2014-11-28 19:23 - 2014-11-28 19:23 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Serato
2014-11-28 19:17 - 2014-11-28 19:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-28 19:17 - 2014-11-28 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-28 19:17 - 2014-11-28 19:17 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-28 19:16 - 2014-11-28 19:16 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-28 19:16 - 2014-11-28 19:16 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Apple
2014-11-28 19:16 - 2014-11-28 19:16 - 00000000 ____D () C:\ProgramData\Apple
2014-11-28 19:16 - 2014-11-28 19:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-28 19:15 - 2014-11-28 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato
2014-11-28 19:15 - 2014-11-28 19:15 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-11-28 19:14 - 2014-11-28 19:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-28 19:12 - 2014-11-28 19:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-11-28 00:20 - 2014-11-28 00:20 - 00001417 _____ () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-28 00:20 - 2014-11-28 00:20 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Adobe
2014-11-28 00:19 - 2014-11-29 20:32 - 00000000 ____D () C:\Users\Laptop\AppData\Local\VirtualStore
2014-11-28 00:19 - 2014-11-28 00:19 - 00058016 _____ () C:\Users\Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-28 00:19 - 2014-11-28 00:19 - 00001373 _____ () C:\Windows\system32\WinToolkit_RunOnce_Log.log
2014-11-28 00:18 - 2014-11-28 21:22 - 00000000 ____D () C:\Users\Laptop
2014-11-28 00:18 - 2014-11-28 00:18 - 00000020 ___SH () C:\Users\Laptop\ntuser.ini
2014-11-28 00:18 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-28 00:18 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-28 00:16 - 2014-11-28 00:16 - 00350892 __RSH () C:\JWKLC
2014-11-27 23:51 - 2014-10-03 13:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-27 19:42 - 2014-11-27 19:42 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat
2014-11-27 19:42 - 2014-11-27 19:42 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-11-27 19:40 - 2014-12-14 12:10 - 00045538 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 19:37 - 2014-11-27 19:37 - 00000000 ____D () C:\Windows\CSC
2014-11-27 19:13 - 2014-11-27 19:13 - 00000000 ____D () C:\Windows.old.001
2014-11-22 21:38 - 2014-11-24 19:40 - 00000000 ____D () C:\Windows.old.000
2014-11-22 17:41 - 2014-11-27 23:51 - 00000000 __SHD () C:\Recovery
2014-11-22 17:22 - 2009-08-20 10:50 - 00000211 ____H () C:\Boot.BAK
2014-11-22 17:14 - 2014-11-24 19:33 - 00000000 ____D () C:\Windows.old
2014-11-22 14:11 - 2014-11-27 19:35 - 00008192 __RSH () C:\BOOTSECT.BAK
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-13 12:25 - 2009-07-13 23:51 - 00035655 _____ () C:\Windows\setupact.log
2014-12-12 23:18 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 20:53 - 2009-07-13 23:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 20:53 - 2009-07-13 23:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 20:46 - 2010-11-20 22:47 - 00012966 _____ () C:\Windows\PFRO.log
2014-12-09 20:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 23:02 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-30 12:17 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-28 19:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-11-28 00:19 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-28 00:16 - 2014-09-19 10:37 - 00000000 ____D () C:\Windows\Panther
2014-11-27 23:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-27 19:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-27 19:48 - 2009-07-13 23:51 - 00000276 _____ () C:\Windows\setuperr.log
2014-11-27 19:42 - 2014-09-19 00:38 - 00003652 _____ () C:\Windows\TSSysprep.log
2014-11-27 19:42 - 2009-07-13 23:46 - 00003806 _____ () C:\Windows\DtcInstall.log
2014-11-27 19:35 - 2009-07-14 00:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2014-11-22 17:22 - 2009-08-20 03:44 - 00000355 __RSH () C:\Boot.ini.saved
 
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\Temp\a8F4C4E75719.exe
C:\Users\Laptop\AppData\Local\Temp\i4jdel0.exe
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess642064261714819146228.dll
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess646745148463190909123.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-07 13:23
 
==================== End Of Log ============================
 
ADDITION Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014
Ran by Laptop at 2014-12-14 12:31:58
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version:  - Image-Line)
Microsoft .NET Framework 4.5.3 (HKLM\...\{9F6EA3D4-B2FA-3120-8DF8-07396231AFB4}) (Version: 4.5.53315 - Microsoft Corporation)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Serato DJ  (HKLM-x32\...\{9e649cc6-2e9a-4d16-a834-ec9b64c5a459}) (Version: 1.6.1.5835 - )
Serato DJ  (x32 Version: 1.6.1.5835 - Serato) Hidden
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-11-2014 00:14:07 Serato DJ 
29-11-2014 00:17:09 Installed QuickTime 7
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4FE600CC-5FBD-44CC-A21A-2A5871C0B3BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {A6991128-53B1-45E7-8D21-B868F999D46C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-28 19:28 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-28 19:28 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-28 19:28 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-28 19:28 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-28 19:28 - 2014-11-25 01:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2831346804-4224379402-4095742990-500 - Administrator - Disabled)
Guest (S-1-5-21-2831346804-4224379402-4095742990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2831346804-4224379402-4095742990-1002 - Limited - Enabled)
Laptop (S-1-5-21-2831346804-4224379402-4095742990-1000 - Administrator - Enabled) => C:\Users\Laptop
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: RICOH Bay8Controller
Description: RICOH Bay8Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2014 08:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/07/2014 05:45:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/01/2014 10:47:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: harmor_install.exe, version: 0.0.0.0, time stamp: 0x4b1ae3c6
Faulting module name: UAC.dll, version: 0.0.0.0, time stamp: 0x4ed2cf32
Exception code: 0xc0000005
Fault offset: 0x00002db3
Faulting process id: 0x1964
Faulting application start time: 0xharmor_install.exe0
Faulting application path: harmor_install.exe1
Faulting module path: harmor_install.exe2
Report Id: harmor_install.exe3
 
Error: (11/30/2014 11:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 09:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 07:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 00:19:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/12/2014 11:17:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (12/12/2014 11:17:48 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (12/12/2014 11:17:48 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (12/12/2014 11:17:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (12/09/2014 08:45:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (12/04/2014 08:42:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (12/04/2014 08:42:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (12/04/2014 08:42:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (12/04/2014 08:42:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (12/04/2014 08:42:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
 
Microsoft Office Sessions:
=========================
Error: (12/09/2014 08:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/07/2014 05:45:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Laptop\Downloads\SoftonicDownloader_for_winrar.exe
 
Error: (12/01/2014 10:47:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: harmor_install.exe0.0.0.04b1ae3c6UAC.dll0.0.0.04ed2cf32c000000500002db3196401d00de2a06fe6ddC:\Users\Laptop\Downloads\harmor_install.exeC:\Users\Laptop\AppData\Local\Temp\nsr92B9.tmp\UAC.dllf93df0c9-79d5-11e4-9755-001f29a3519a
 
Error: (11/30/2014 11:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 09:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 07:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 00:19:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T7700 @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 4031.3 MB
Available physical RAM: 2571.68 MB
Total Pagefile: 8060.79 MB
Available Pagefile: 6232.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.78 GB) (Free:55.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6198BA09)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
zep516
Posted 14 December 2014 - 12:28 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,095 posts
Hello,

I have noticed in your log file you are using Vuze P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

A few items to fix:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (BuyNNsavue) - C:\ProgramData\dadncacoiojifmgobdhjjfhhinmefgfd\ [2014-11-28]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-14 12:24 - 2014-12-14 12:24 - 01145992 _____ () C:\Users\Laptop\Downloads\Unconfirmed 840552.crdownload
C:\Users\Laptop\AppData\Local\Temp\a8F4C4E75719.exe
C:\Users\Laptop\AppData\Local\Temp\i4jdel0.exe
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess642064261714819146228.dll
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess646745148463190909123.dll
SearchScopes: HKU\S-1-5-21-2831346804-4224379402-4095742990-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
CMD: ipconfig /flushdns

Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

    In your next reply please post:
    • Fixlog.txt, located on desktop.
    • AdwCleaner [SO].txt
    • The JRT.txt Log
    Thanks
    Joe :)

  • 0

#5
heyage13
Posted 15 December 2014 - 06:40 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Laptop at 2014-12-15 19:28:04 Run:1
Running from C:\Users\Laptop\Desktop
Loaded Profile: Laptop (Available profiles: Laptop)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (BuyNNsavue) - C:\ProgramData\dadncacoiojifmgobdhjjfhhinmefgfd\ [2014-11-28]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-14 12:24 - 2014-12-14 12:24 - 01145992 _____ () C:\Users\Laptop\Downloads\Unconfirmed 840552.crdownload
C:\Users\Laptop\AppData\Local\Temp\a8F4C4E75719.exe
C:\Users\Laptop\AppData\Local\Temp\i4jdel0.exe
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess642064261714819146228.dll
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess646745148463190909123.dll
SearchScopes: HKU\S-1-5-21-2831346804-4224379402-4095742990-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
CMD: ipconfig /flushdns
 
Emptytemp:
reboot:
end
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\ProgramData\dadncacoiojifmgobdhjjfhhinmefgfd\ => Moved successfully.
VGPU => Service deleted successfully.
"C:\Users\Laptop\Downloads\Unconfirmed 840552.crdownload" => File/Directory not found.
C:\Users\Laptop\AppData\Local\Temp\a8F4C4E75719.exe => Moved successfully.
C:\Users\Laptop\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess642064261714819146228.dll => Moved successfully.
C:\Users\Laptop\AppData\Local\Temp\libProcessAccess646745148463190909123.dll => Moved successfully.
"HKU\S-1-5-21-2831346804-4224379402-4095742990-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 462.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
# AdwCleaner v4.105 - Report created 15/12/2014 at 19:34:33
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Downloads\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\11136701001618742780
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [1178 octets] - [15/12/2014 19:32:28]
AdwCleaner[S0].txt - [1107 octets] - [15/12/2014 19:34:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1167 octets] ##########
 
 
 

  • 0

#6
heyage13
Posted 15 December 2014 - 06:43 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Laptop on Mon 12/15/2014 at 19:39:45.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/15/2014 at 19:42:38.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#7
zep516
Posted 15 December 2014 - 06:48 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,095 posts
How is the computer now, what issues remain and in what browser ?

Thanks
Joe :)
  • 0

#8
heyage13
Posted 15 December 2014 - 06:50 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Seems to be running great! Thanks so much for the help. No more pop-ups/ frozen webpages. :)


  • 0

#9
zep516
Posted 15 December 2014 - 06:52 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,095 posts
OK,

Lets clean up the tools we used.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#10
heyage13
Posted 15 December 2014 - 07:07 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

# DelFix v10.8 - Logfile created 15/12/2014 at 20:05:23
# Updated 29/07/2014 by Xplode
# Username : Laptop - LAPTOP-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Laptop\Desktop\FRST-OlderVersion
Deleted : C:\Users\Laptop\Desktop\Addition.txt
Deleted : C:\Users\Laptop\Desktop\Fixlog.txt
Deleted : C:\Users\Laptop\Desktop\FRST.txt
Deleted : C:\Users\Laptop\Desktop\FRST64.exe
Deleted : C:\Users\Laptop\Desktop\JRT.txt
Deleted : C:\Users\Laptop\Downloads\adwcleaner_4.105 (1).exe
Deleted : C:\Users\Laptop\Downloads\adwcleaner_4.105 (2).exe
Deleted : C:\Users\Laptop\Downloads\adwcleaner_4.105.exe
Deleted : C:\Users\Laptop\Downloads\JRT (1).exe
Deleted : C:\Users\Laptop\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #3 [Serato DJ  | 11/29/2014 00:14:07]
Deleted : RP #4 [Installed QuickTime 7 | 11/29/2014 00:17:09]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 


  • 0

#11
zep516
Posted 15 December 2014 - 07:08 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,095 posts
Thanks,

Here's some tips for you and we will close the topic.


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)
  • 0

#12
heyage13
Posted 15 December 2014 - 07:09 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Thanks for all your help Joe


  • 0

#13
zep516
Posted 15 December 2014 - 07:11 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,095 posts
You're welcome !

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP