Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SavenShare Problem.


  • Please log in to reply
15 replies to this topic

#1 Chewypost

Chewypost

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 28 November 2013 - 11:43 PM

Hello, I am having the toughest time with this problem.I recently looked through my Uninstall list and found this program. I immediately assumed it was adware, considering it was dated as being installed before I even put together my PC. 

 

Here's a picture of what it I mean.

g40i.jpg

 

My computer was build just at the end of December 2012, So I was mind-boggled when I saw this. To make matters worse, When I right click it and select uninstall, nothing happen. No prompt, no nothing.

 

I have tried to remove it through Internet Explorer, but this is what it gives me.

wik2.jpg

I have also tried using JRT with my Antivirus off. Here's the results

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Trung Tang on 28/11/2013 at 23:29:32.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2219539015-2411851959-3110719469-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Trung Tang\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
So that's what I've tried, and what I have. I still can't uninstall it now and I am pretty stuck. 
 
EDIT: I have realised I may have posted this in the wrong section. I am sorry about that.

Edited by hamluis, 30 November 2013 - 08:44 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 29 November 2013 - 05:33 AM

Hello Chewypost -

If this is the wrong area, then "those above" will move it to the correct area -

 

First -Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

As you are not able to locate the file to remove it, we must find its location.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

 

If your operating system is 64 bit download this tool:
SystemLook_x64.exe

 

* Double-click SystemLook.exe to run it.

Vista Windows 7 & 8 users may need to Right click on the link and select Run as Administrator
* Copy and paste the content of the following bold text into the main textfield:

:regfind
savenshare

 

* Click the Look button to start the scan.
* When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
 * Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Thank You -



#3 Chewypost

Chewypost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 30 November 2013 - 04:24 AM

Hello Chewypost -

If this is the wrong area, then "those above" will move it to the correct area -

 

First -Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

As you are not able to locate the file to remove it, we must find its location.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

 

If your operating system is 64 bit download this tool:
SystemLook_x64.exe

 

* Double-click SystemLook.exe to run it.

Vista Windows 7 & 8 users may need to Right click on the link and select Run as Administrator
* Copy and paste the content of the following bold text into the main textfield:

:regfind
savenshare

 

* Click the Look button to start the scan.
* When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
 * Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Thank You -

 

Hey, I just did everything for it. 

 

Here's the results for the Security Check:

--------------------------------------------------------------------------

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2012 vsserv.exe  
 Bitdefender Bitdefender 2012 bdagent.exe  
 Bitdefender Bitdefender 2012 updatesrv.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
--------------------------------------------------------------------------
 
 
Here are the results for the SystemLook
--------------------------------------------------------------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 04:22 on 30/11/2013 by Trung Tang
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "savenshare"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\Users\Trung Tang\Pictures\Savenshare1.jpg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File2"="C:\Users\Trung Tang\Pictures\savenshare2.jpg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File3"="C:\Users\Trung Tang\Pictures\Savenshare.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\savenshAre.savenshAre]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\savenshAre.savenshAre\CurVer]
@="savenshAre.5.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\savenshAre.savenshAre.5.10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{411A454F-4BA4-9F3F-D637-CC9223D4E5ED}\ProgID]
@="savenshAre.5.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{411A454F-4BA4-9F3F-D637-CC9223D4E5ED}\VersionIndependentProgID]
@="savenshAre"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}]
"Publisher"="savenshAre"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{411A454F-4BA4-9F3F-D637-CC9223D4E5ED}\ProgID]
@="savenshAre.5.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{411A454F-4BA4-9F3F-D637-CC9223D4E5ED}\VersionIndependentProgID]
@="savenshAre"
[HKEY_USERS\S-1-5-21-2219539015-2411851959-3110719469-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\Users\Trung Tang\Pictures\Savenshare1.jpg"
[HKEY_USERS\S-1-5-21-2219539015-2411851959-3110719469-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File2"="C:\Users\Trung Tang\Pictures\savenshare2.jpg"
[HKEY_USERS\S-1-5-21-2219539015-2411851959-3110719469-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File3"="C:\Users\Trung Tang\Pictures\Savenshare.jpg"
 
-= EOF =-
--------------------------------------------------------------------------


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 30 November 2013 - 04:57 PM

Hi -

Sorry to be slow to return, but things got busy yesterday -

 

First run this program from Microsoft to help remove prpblem programs =>

http://support.microsoft.com/Mats/Program_Install_and_Uninstall/

 

 

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Full scan time is generally from 30 seconds to 2 minutes maximum.
If a log is produced, save it, or post it back here -

 

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Download Malwarebytes' Anti-Malware Free (aka MBAM)

Do Not accept the Free Pro Trial version at this time, as we only need quick results.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.

 

 

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

Thank You -



#5 Chewypost

Chewypost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 30 November 2013 - 10:08 PM

Okay I just finished doing all the tests. Here are the results. The Microsoft Fixit application was unable to find the savenshare program to uninstall it.

 

Rkill

-----------------------------------------------------------

Rkill 2.6.3 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/30/2013 05:09:47 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ASGT.exe (PID: 2772) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Trung Tang\Desktop\rkill\rkill-11-30-2013-05-09-51.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1    localhost
  127.0.0.1 validation.sls.microsoft.com
 
Program finished at: 11/30/2013 05:10:01 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
-----------------------------------------------------------
 
AdwCleaner
-----------------------------------------------------------
# AdwCleaner v3.013 - Report created 30/11/2013 at 17:12:23
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Trung Tang - TRUNGTANG-PC
# Running from : D:\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Trung Tang\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [6838 octets] - [28/11/2013 23:02:39]
AdwCleaner[R1].txt - [1252 octets] - [28/11/2013 23:11:09]
AdwCleaner[R2].txt - [1243 octets] - [28/11/2013 23:23:39]
AdwCleaner[R3].txt - [1368 octets] - [30/11/2013 17:11:34]
AdwCleaner[S0].txt - [6129 octets] - [28/11/2013 23:04:10]
AdwCleaner[S1].txt - [1118 octets] - [28/11/2013 23:11:35]
AdwCleaner[S2].txt - [1110 octets] - [28/11/2013 23:24:38]
AdwCleaner[S3].txt - [1095 octets] - [30/11/2013 17:12:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1155 octets] ##########
-----------------------------------------------------------
 
Malwarebytes
-----------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.30.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Trung Tang :: TRUNGTANG-PC [administrator]
 
Protection: Disabled
 
30/11/2013 5:20:21 PM
mbam-log-2013-11-30 (17-20-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239139
Time elapsed: 1 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
-----------------------------------------------------------
 
ESET 
-----------------------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ade0a8e2dd16fb458462d024272da662
# engine=16090
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-30 11:20:54
# local_time=2013-11-30 06:20:54 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2054 16777213 100 85 0 143991552 0 0
# compatibility_mode=5893 16776574 100 94 9587367 137397104 0 0
# scanned=216104
# found=20
# cleaned=20
# scan_time=3239
sh=20338DC859A5652F5661280DC508F4E5B533E76D ft=1 fh=acec80819253f8e4 vn="a variant of Win32/Adware.MultiPlug.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\saavenshare\c.dll.vir"
sh=DB7443E84D223B0924EFFE7FDA41D419A152B76F ft=1 fh=df82bdeae5a92cc4 vn="a variant of Win32/Toolbar.Babylon.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\VisualBee\VisualBeeSoftware.exe.vir"
sh=F167B998F07565D9FBA50809E12BB1679B987831 ft=1 fh=bc36e377d56d1196 vn="Win32/DownWare.N application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Trung Tang\AppData\Roaming\OpenCandy\DA04B8E9FC8E477282F1919F6DB73A7D\MixiCND_CID4.exe.vir"
sh=6AA5FAD110322E0B502FB784DDDE2677842707F8 ft=1 fh=7eac28b77e17143b vn="a variant of Win32/OpenCandy.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Trung Tang\AppData\Roaming\OpenCandy\DA04B8E9FC8E477282F1919F6DB73A7D\OCBrowserHelper_1.0.6.125.exe.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js"
sh=9284A0BBB505F8757322761BD9BF33B374B8B425 ft=1 fh=4b1c20670b9db072 vn="Win32/HackKMS.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\kmsemul.exe"
sh=C3D54B5C6569F04C9E076AF7D441D6745BB98C4E ft=1 fh=aa1a0cb4f5da8738 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\tbMixi.dll"
sh=453EDF283026FCA2FA60501EE7ED11EFE4317909 ft=1 fh=7ef09a539e12d4e4 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\tbVisu.dll"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\tbWhit.dll"
sh=58495F0458EDDC16D9A14A6E84CEE9C61AAE5E52 ft=1 fh=85d80dff1da9eafb vn="a variant of Win32/Toolbar.Babylon.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\232612E4-BAB0-7891-B731-D94F4D9CF4A9\BabMaint.exe"
sh=56371D74005B39D794FF8F30891F27BACECA56C8 ft=1 fh=c3e79ff37423ee01 vn="a variant of Win32/Toolbar.Babylon.P application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\232612E4-BAB0-7891-B731-D94F4D9CF4A9\BUSolution.dll"
sh=C9E3CDFA105FC1E7F8989C50242022EEE8374BAC ft=1 fh=589655440d93a8f9 vn="Win32/Toolbar.Babylon.M application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\232612E4-BAB0-7891-B731-D94F4D9CF4A9\ccp.exe"
sh=197CFB660786F445B44D37E249C5325363AF36EB ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\232612E4-BAB0-7891-B731-D94F4D9CF4A9\delta1.crx"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\232612E4-BAB0-7891-B731-D94F4D9CF4A9\IEHelper.dll"
sh=3F7976498661C306FE1B73EA0F8FD80C7C30F3F7 ft=1 fh=93a499006a4dae46 vn="Win32/Wajam.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\is1070216317\wajam_download.exe"
sh=6B5E70B3C2ADCF4F70ED8E1F6C5357C0A55492DC ft=1 fh=36028a8f19c504ee vn="a variant of Win32/Amonetize.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\{D5C0BB6C-B9F3-4B82-A969-F1D10E23999A}\Addons\Bundle.exe"
sh=6B5E70B3C2ADCF4F70ED8E1F6C5357C0A55492DC ft=1 fh=36028a8f19c504ee vn="a variant of Win32/Amonetize.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Trung Tang\AppData\Local\Temp\{D5C0BB6C-B9F3-4B82-A969-F1D10E23999A}\Addons\wsconduit__166.exe"
sh=987C03FF1FB219278602AEDFC564243A9C589B69 ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.J application (deleted - quarantined)" ac=C fn="C:\Users\Trung Tang\Desktop\Files\Windows 7 Loader.zip"
sh=E8EF1A7B7DF0643F74947F720C38CD83A87671F2 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AI application (deleted - quarantined)" ac=C fn="C:\Users\Trung Tang\Desktop\Files\WinRAR 4.20 Final.rar"
sh=F840E68A98F7E7035C55D371B353385EBB40C688 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.T application (deleted - quarantined)" ac=C fn="D:\Music\Far East Movement - Free Wired 2010\bonus\Trojan_Remover_6.8.2_Build_2596.rar"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ade0a8e2dd16fb458462d024272da662
# engine=16090
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-01 02:44:54
# local_time=2013-11-30 09:44:54 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2054 16777213 100 85 0 144003792 0 0
# compatibility_mode=5893 16776574 100 94 9599607 137409344 0 0
# scanned=216241
# found=0
# cleaned=0
# scan_time=3366
 
-----------------------------------------------------------
 


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 01 December 2013 - 02:56 AM

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

We pulled quite a few infections with ESET Scanner -

 

How is the system running now, and what browsers are you using ?



#7 Chewypost

Chewypost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 01 December 2013 - 03:00 PM

I've noticed my system's running a bit quicker upon loading websites and programs. The browser I'm using is Google Chrome specifically. I still have Internet Explorer installed.

 

Here are the results

-----------------------------------------------------------

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender 2012 vsserv.exe  
 Bitdefender Bitdefender 2012 bdagent.exe  
 Bitdefender Bitdefender 2012 updatesrv.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
-----------------------------------------------------------


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 01 December 2013 - 03:57 PM

There is a bit of information is missing -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (just post the link)



#9 Chewypost

Chewypost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 01 December 2013 - 05:20 PM

Okay. Here are the results for the test.

 

http://speccy.piriform.com/results/ccI1AcGUg4daq4OJ00kQxVz


Edited by Chewypost, 01 December 2013 - 05:20 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 01 December 2013 - 05:52 PM

Hotfixes
18/10/2013 Security Update for Windows 7 for x64-based Systems (KB2864058) Last Update -
Please visit Windows Updates for the last months updates
 
You have 3 Drives listed - 1 is a SSD and the others are HDD's
Storage
167GB ATA Corsair Force 3 SCSI Disk Device (SSD): 
 
931GB ATA ST31000524AS SCSI Disk Device (SATA): 
 
931GB ATA WDC WD10EAVS-00M SCSI Disk Device (SATA): 
 
Is the Corsair an external drive that is still plugged in ? If so, please remove it as we are not able to diagnose the report -
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
If any of these 3 are External drives, please remove it and re-run Security Check - If not, just tell me.

 

Has SavenShare popped up again ??

 

Thanks -



#11 Chewypost

Chewypost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 01 December 2013 - 07:38 PM

The corsair SSD is the one plugged in. All three are internal drives and Drive C: is the SSD. Also, SavenShare is still in my uninstall list, but I can't uninstall it still.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 02 December 2013 - 12:24 AM

Please download Junkware Removal Tool by thisisu and save it to your Desktop.

* Close all open programs and shut down any protection/security software now to avoid potential conflicts.

* How To Temporarily Disable Your Anti-virus
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

Clear Cache / Temp Files -
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator.
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Thank you -



#13 Chewypost

Chewypost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 02 December 2013 - 08:32 PM

Here are the results

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Trung Tang on 02/12/2013 at 19:52:19.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/12/2013 at 19:55:59.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 02 December 2013 - 08:38 PM

If you can still see the program, then REVO uninstaller is another option we must use to remove the program.

 

1) First we download it from here: Revo Uninstaller Free Version.  You can skip this Step if you already have it installed.  However, you may need to update it.  If you have it installed already, and you need to update it, go ahead and open it up and click the AutoUpdate Icon next to Help.  The use of this program makes registry changes based upon what you select for removal from the Registry.  Before running Revo Uninstaller please run ERUNT before proceeding to back up your registry in case you make a mistake.
 
2) Select the Program to remove from the list of programs and click the Uninstall button: 

revo_list_of_programs.png

  
 
3) After selecting the program you want to remove, and confirming you want to uninstall the program, then you will want to select the Advanced Option: 

methods_of_removal.png


 
4) Click Next. This will start the uninstaller for the application you picked.  When the uninstaller is done, and it proves to be successful, and a reboot is required, then select NO and continue the below steps.
 
5) Follow the prompts during the uninstallation of the application.  Once it closes you will be at this window: 

continue_uninstallation_of_application.p


 
6) Click Next again. Once the window is done scanning for files and other things that did not get removed, you will be presented with this window:

registry_settings_left_behind.png

.  
 
You will want to select only the bolded items, then click on Delete. If any entries-usually the last thing listed and not in bold-have a + sign click on the + until you see more bolded items.  Once done, click Next.
 
If it asks you to delete other files, then do so, but pay attention to the warnings.



#15 Chewypost

Chewypost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 02 December 2013 - 10:28 PM

That final step finally did it. Thank you so much for your help. I really appreciate it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users