[glenn78]

Greetings,

 

My son was using the new computer this morning and downloaded a program that blew my computer up with multiple Adware and Trojans.  I have run malwarebytes.exe and adwcleaner_4.107.exe.  These removed close to 50 items.  My computer was still dragging though, so I looked in the task manager.  My disk usage was at 100% and I had close to 15 instances of Chrome running.  I went ahead and uninstalled Chrome.  Even with a restart though, I still have multiple instances of it running. 

 

This leads me to believe there is still garbage on the laptop.

 

The Laptop is running Windows 8.1

The infection started this morning.

 

I have attached a copy of the FRST logs and a screenshot of my task manager.

 

Any help that can be provided would be greatly appreciated.

Attached Thumbnails

• 

Attached Files

•  Addition.txt   33.12KB   242 downloads
•  FRST.txt   75.34KB   221 downloads

[Advertisements]

Hi there, let me know if this stops the problem

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AppInit_DLLs-x32: C:/PROGRA~3/{BF295~1/171~1.0/rite.dll => C:/PROGRA~3/{BF295~1/171~1.0/rite.dll [649216 2015-01-10] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-01-10 09:38 - 2015-01-10 09:38 - 00000000 ____D () C:\ProgramData\{BF2957EA-EFAB-866C-5E2D-F6EE8EAF2560}
2015-01-09 18:49 - 2015-01-10 13:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 14:02 - 2014-12-30 14:04 - 00000000 ____D () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056
2014-12-30 14:02 - 2014-12-30 14:02 - 00004622 _____ () C:\Windows\System32\Tasks\Runner IC
2014-12-30 13:51 - 2014-12-30 13:51 - 00000047 _____ () C:\Users\gle97_000\AppData\Roaming\WB.CFG
2014-12-30 13:25 - 2014-12-30 13:25 - 00000000 __SHD () C:\Users\gle97_000\AppData\Local\EmieBrowserModeList
Task: {3EE4691B-826A-49EF-93D7-4BA6A6FD49B8} - \Voo Update No Task File <==== ATTENTION
Task: {AFF1C77D-2E65-47E2-B279-B40124D06937} - System32\Tasks\Runner IC => %LOCALAPPDATA%\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Runner.exe
C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[Essexboy]

Hi there, let me know if this stops the problem

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AppInit_DLLs-x32: C:/PROGRA~3/{BF295~1/171~1.0/rite.dll => C:/PROGRA~3/{BF295~1/171~1.0/rite.dll [649216 2015-01-10] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-01-10 09:38 - 2015-01-10 09:38 - 00000000 ____D () C:\ProgramData\{BF2957EA-EFAB-866C-5E2D-F6EE8EAF2560}
2015-01-09 18:49 - 2015-01-10 13:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 14:02 - 2014-12-30 14:04 - 00000000 ____D () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056
2014-12-30 14:02 - 2014-12-30 14:02 - 00004622 _____ () C:\Windows\System32\Tasks\Runner IC
2014-12-30 13:51 - 2014-12-30 13:51 - 00000047 _____ () C:\Users\gle97_000\AppData\Roaming\WB.CFG
2014-12-30 13:25 - 2014-12-30 13:25 - 00000000 __SHD () C:\Users\gle97_000\AppData\Local\EmieBrowserModeList
Task: {3EE4691B-826A-49EF-93D7-4BA6A6FD49B8} - \Voo Update No Task File <==== ATTENTION
Task: {AFF1C77D-2E65-47E2-B279-B40124D06937} - System32\Tasks\Runner IC => %LOCALAPPDATA%\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Runner.exe
C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.