Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surfvox browser hijacker and lost control of pc


  • Please log in to reply
20 replies to this topic

#1 Trr1ppy

Trr1ppy

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:10:01 PM

Posted 02 October 2014 - 02:28 AM

Dear security experts

So I was installing a game which went fine but when I went to open Google chrome the browser closes and a Mozilla Firefox browser by the name of surfvox opens. I tried uninstalling it in control panel but it was no where to be found.

So next I opened up avg the free version and was alarmed to find it was deactivated, I reactivated it and immediately ran a scan. When I tryed to open the scan page it would go back to the start page no matter how many times I clicked to go to the scan page as if someone was clicking back every time.

I tried searching for Firefox (which I didn't have installed on my pc but now I do unfortunately which is also no where to be found in uninstall programs) and when in the start menu search box the text bar would constantly space about every second as if someone was tapping space.

When I try to open task manager it's imediatly closed as if someone was clicking exit every time I press ctrl shift esc.

By now I'm pretty paranoid that's someone's monitoring my computer and hacked it with their own keyboard and mouse so I unplugged the Ethernet cable and restarted my pc but the same things described above keep happening.

I ran a rootkit scan from avg and it says it deleted two files of medium risk. But I think it's been denied administrator access because when the allow admin access window popped up it closed too quickly for me to choose an option.

I'm on my phone at the current moment cause I really don't wanna plug in the Ethernet cable to my pc, any help would be much appreciated! I'd love to enjoy the rest of my holidays playing computer.

Jack

Tech Enthusiast and Gamer
Twitch.tv/Trr1ppy - youtube.com/user/Trr1ppy - steamcommunity.com/id/Trr1ppy/


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 02 October 2014 - 06:01 AM

Download and run RKill. Do not reboot after RKill scan is completed.

You will see several RKill aliases/ file names on the download page. If the malware blocks one, try another.

RKill Download

 

Download MBAM's Chameleon. Malwarebytes | Chameleon - Free Malware Removal Tool

Usage

Download Chameleon from the link above. Unzip the contents to a folder in a convenient location.Follow the instructions in the included CHM Help File or, if the help file will not open, simply try to run the files by double-clicking on them one by one until one of them remains open, then follow the onscreen instructions

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

 

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Trr1ppy

Trr1ppy
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:10:01 PM

Posted 02 October 2014 - 10:16 AM

Thanks for the quick reply

I ran RKill and here is the log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/03/2014 12:46:20 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\nvxasync\nvxasync.exe (PID: 3860) [AU-HEUR]
 * D:\Users\Trr1ppy\Desktop\Files\Utilities\RivaTuner Statistics Server 6.1.2\RTSS.exe (PID: 4220) [UP-HEUR]
 * D:\Users\Trr1ppy\Desktop\Files\Utilities\RivaTuner Statistics Server 6.1.2\EncoderServer.exe (PID: 4432) [UP-HEUR]
 * D:\Users\Trr1ppy\Desktop\Files\Utilities\RivaTuner Statistics Server 6.1.2\RTSSHooksLoader64.exe (PID: 4440) [UP-HEUR]
 * D:\Users\Trr1ppy\AppData\Roaming\nvxasync\nvxasync.exe (PID: 4792) [UP-HEUR]
 
5 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Modified HKCU\...\Winlogon: [Shell] => C:\ProgramData\nvxasync\nvxasync.exe
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/03/2014 12:46:34 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
 
The "chameleon.chm" file was blank when opened so I opened up "firefox.com" which installed malwarebytes.
I continued to follow the instructions and here is the log from the scan:
 
Scan Date: 3/10/2014
Scan Time: 12:57:37 AM
Logfile: Malware Scan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.02.05
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Trr1ppy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319901
Time Elapsed: 5 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 2
PUP.Optional.SurfVox.A, HKU\S-1-5-21-4131642421-3897679573-1551491796-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, C:\ProgramData\nvxasync\nvxasync.exe, , [e99c48a793e80f2752fdda407e85d42c]
PUP.Optional.SurfVox.A, HKU\S-1-5-21-4131642421-3897679573-1551491796-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nvxasync, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\nvxasync.exe, , [0f76b33c354679bd7378e930fe05ac54]
 
Registry Data: 1
PUP.Optional.SurfVox.A, HKU\S-1-5-21-4131642421-3897679573-1551491796-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.surfvox.com/, Good: (www.google.com), Bad: (http://www.surfvox.com/),,[582d08e7512ab086696f977a8e7745bb]
 
Folders: 3
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\searchplugins, , [f68f7976cfac48ee359ad722ea18956b], 
 
Files: 19
PUP.Optional.Somoto, D:\Users\Trr1ppy\AppData\Local\Temp\nsrFEAD.tmp, , [4441767992e9979f70598725778a7c84], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\nvxasync.exe, , [0f76b33c354679bd7378e930fe05ac54], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\com.apple.Safari.plist, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\klite.exe, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\nvxasync.exe, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\Prefaddon, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\Preferences, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\prefs.js, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\setting.dat, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\starter.xml, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\Web Data, , [2560955a5427bb7b725d9e5bfa0836ca], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\com.apple.Safari.plist, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\klite.exe, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\Prefaddon, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\Preferences, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\prefs.js, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\setting.dat, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\starter.xml, , [f68f7976cfac48ee359ad722ea18956b], 
PUP.Optional.SurfVox.A, D:\Users\Trr1ppy\AppData\Roaming\nvxasync\Web Data, , [f68f7976cfac48ee359ad722ea18956b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

I restarted my pc because the scan requested it and the virus seems to be gone as I'm currently using chrome.

Thank you, your expertise is very much appreciated.


Tech Enthusiast and Gamer
Twitch.tv/Trr1ppy - youtube.com/user/Trr1ppy - steamcommunity.com/id/Trr1ppy/


#4 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 02 October 2014 - 11:28 AM

SurfVox may not be the only malware/ adware on your comp. Now that you are able to run scans I suggest

you run these.

 

download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Trr1ppy

Trr1ppy
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:10:01 PM

Posted 02 October 2014 - 10:04 PM

Here's the AdwCleaner log:

 

# AdwCleaner v3.311 - Report created 03/10/2014 at 11:49:28
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Trr1ppy - SLAYERZERO
# Running from : D:\Users\Trr1ppy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v37.0.2062.124
 
*************************
 
AdwCleaner[R0].txt - [2733 octets] - [03/10/2014 11:45:37]
AdwCleaner[S0].txt - [2696 octets] - [03/10/2014 11:49:28]
 
########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [2756 octets] ##########
 
And here is the Junkware Removal Tool log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.6 (10.02.2014:1)
OS: Windows 7 Ultimate x64
Ran by Trr1ppy on Fri 03/10/2014 at 11:54:01.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/10/2014 at 11:55:39.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

And ESET scan found no threats so there was no log.
Is there likely any damage done to my files/computer by this malware?


Edited by Trr1ppy, 02 October 2014 - 10:05 PM.

Tech Enthusiast and Gamer
Twitch.tv/Trr1ppy - youtube.com/user/Trr1ppy - steamcommunity.com/id/Trr1ppy/


#6 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 03 October 2014 - 07:00 AM

There is a mention of Wise Registry Cleaner in the logs. I suggest you look for that in your Add/ Remove program list

and uninstall it. It may be under a different name.

 

I don't suspect any damage was done. The computer should be a bit faster and certainly a lot fewer unwanted ads.

 

Use CCleaner to cleanup the temporary files, logs, remove ALL cookies, etc. Use the default settings. No need to use

the Registry Cleaning Tool and it has the potential to harm. Pay close attention while installing and UNcheck any offers of

toolbars especially Yahoo. CCleaner - PC Optimization and Cleaning - Free Download

 

Once you have CCleaner installed and have used it to clean, open it again. Click on Tools then click on Uninstall. At that

page you will see a listing of programs installed on your computer. At the bottom right you will see a button that when clicked

allows you to copy and paste that list back here....do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Trr1ppy

Trr1ppy
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:10:01 PM

Posted 03 October 2014 - 08:05 AM

I uninstalled wise registry cleaner installed CCleaner and here's the log of installed programs:

 

7-Zip 9.20 (x64 edition) Igor Pavlov 17/07/2014 4.53 MB 9.20.00.0
Adobe AIR Adobe Systems Incorporated 26/09/2014 3.8.0.870
Adobe Flash Player 15 ActiveX Adobe Systems Incorporated 24/09/2014 6.00 MB 15.0.0.167
Adobe Flash Player 15 Plugin Adobe Systems Incorporated 10/09/2014 6.00 MB 15.0.0.152
Adobe Reader XI (11.0.09) Adobe Systems Incorporated 19/09/2014 183 MB 11.0.09
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 4/09/2014 26.3 MB 8.0.916.0
Apple Application Support Apple Inc. 24/08/2014 93.4 MB 3.0.6
Apple Mobile Device Support Apple Inc. 21/07/2014 21.3 MB 7.1.2.6
Apple Software Update Apple Inc. 21/07/2014 2.38 MB 2.1.3.127
Arma 3 Bohemia Interactive 13/07/2014
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 12/07/2014 2.42 MB 1.16.15.0
Asmedia ASM106x SATA Host Controller Driver Asmedia Technology 12/07/2014 120 KB 2.0.8.0001
ASUS Product Register Program ASUSTek Computer Inc. 12/07/2014 21.2 MB 1.0.025
AVG 2014 AVG Technologies 3/09/2014 2014.0.4765
AVG Web TuneUp AVG Technologies 4/09/2014 3.1.0.7
Bonjour Apple Inc. 21/07/2014 2.04 MB 3.0.0.10
Broadcom 802.11 Network Adapter Broadcom Corporation 12/07/2014 6.32.223.1
CCleaner Piriform 3/10/2014 4.18
Chivalry: Medieval Warfare Torn Banner Studios 13/07/2014
CopyTrans Control Center Uninstall Only WindSolutions 21/07/2014 3.003
CPUID ROG CPU-Z 1.70 CPUID, Inc. 28/08/2014 6.82 MB 1.70
DAEMON Tools Lite Disc Soft Ltd 22/08/2014 4.49.1.0356
EVGA Precision X 4.2.1 EVGA Corporation 13/07/2014 4.2.1
Google Chrome Google Inc. 12/07/2014 37.0.2062.124
HTC BMP USB Driver HTC 26/09/2014 284 KB 1.0.5375
HTC Driver Installer HTC Corporation 24/09/2014 3.09 MB 4.13.0.003
HTC Sync Manager HTC 24/09/2014 166 MB 3.1.24.5
Intel® Management Engine Components Intel Corporation 12/07/2014 10.0.0.1204
Intel® Network Connections 19.1.51.0 Intel 12/07/2014 27.7 MB 19.1.51.0
Intel® Rapid Storage Technology Intel Corporation 12/07/2014 13.0.3.1001
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 21/02/2014 3.0.0.16
IPTInstaller HTC 24/09/2014 300 KB 4.0.9
iTunes Apple Inc. 24/08/2014 220 MB 11.3.1.2
Java 7 Update 60 (64-bit) Oracle 13/07/2014 118 MB 7.0.600
Java 7 Update 67 Oracle 23/08/2014 118 MB 7.0.670
Java 8 Update 20 (64-bit) Oracle Corporation 26/09/2014 88.8 MB 8.0.200
Java SE Development Kit 8 Update 20 (64-bit) Oracle Corporation 26/09/2014 314 MB 8.0.200.26
Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 3/10/2014 53.1 MB 2.0.2.1012
Microsoft .NET Framework 4.5.1 Microsoft Corporation 12/07/2014 38.8 MB 4.5.50938
Microsoft Mouse and Keyboard Center Microsoft Corporation 13/07/2014 2.3.188.0
Microsoft Office Professional Plus 2013 Microsoft Corporation 26/08/2014 15.0.4569.1506
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 24/08/2014 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25/09/2014 298 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 24/09/2014 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 26/09/2014 252 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 22/08/2014 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13/07/2014 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13/07/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 1/10/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 1/10/2014 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 1/10/2014 20.5 MB 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 1/10/2014 17.3 MB 11.0.60610.1
MSI Afterburner 3.0.1 MSI Co., LTD 13/07/2014 3.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25/09/2014 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25/09/2014 1.33 MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 26/09/2014 1.47 MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 28/09/2014 1.54 MB 4.30.2117.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/07/2014 6.0.1.7233
RivaTuner Statistics Server 6.1.2 Unwinder 13/07/2014 6.1.2
Stardock Fences 2 Stardock Software, Inc. 13/07/2014 2.13
Steam Valve Corporation 13/07/2014
Terraria Re-Logic 13/07/2014
The Forest Endnight Games Ltd 13/07/2014
Visual Studio 2012 x64 Redistributables AVG Technologies 13/07/2014 12.9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 13/07/2014 10.5 MB 14.0.0.1
VLC media player VideoLAN 24/09/2014 2.1.5
WIDCOMM Bluetooth Software Broadcom Corporation 12/07/2014 290 MB 6.5.1.4800
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) Google, Inc. 26/09/2014 01/27/2014 9.0.0000.00000
Windows Live Essentials Microsoft Corporation 24/08/2014 16.4.3528.0331
Wolfenstein: The New Order 22/08/2014 43.6 GB 1
µTorrent BitTorrent Inc. 1/10/2014 3.4.2.34024

Tech Enthusiast and Gamer
Twitch.tv/Trr1ppy - youtube.com/user/Trr1ppy - steamcommunity.com/id/Trr1ppy/


#8 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 03 October 2014 - 08:58 AM

Using µTorrent BitTorrent Inc. 1/10/2014 3.4.2.34024 to download free videos, music, etc. is dangerous. Some of the

most dangerous malware is often included in those downloads.

 

Do you have a use for these as a developer? If not, uninstall.

Visual Studio 2012 x64 Redistributables AVG Technologies 13/07/2014 12.9 MB 14.0.0.1

Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 13/07/2014 10.5 MB 14.0.0.1

 

Uninstall Java 7 Update 60 (64-bit) Oracle 13/07/2014 118 MB 7.0.600

 

Unless you are a developer uninstall

Java 8 Update 20 (64-bit) Oracle Corporation 26/09/2014 88.8 MB 8.0.200

Java SE Development Kit 8 Update 20 (64-bit) Oracle Corporation 26/09/2014 314 MB 8.0.200.26

 

Uninstall AVG Web TuneUp AVG Technologies 4/09/2014 3.1.0.7

 

 

 

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Trr1ppy

Trr1ppy
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:10:01 PM

Posted 03 October 2014 - 09:20 PM

Yeah I do like to try to learn some programming when I'm feeling ambitious so ill keep visual studio but the java and the AVG isn't needed so I uninstalled them.


Edited by Trr1ppy, 03 October 2014 - 11:35 PM.

Tech Enthusiast and Gamer
Twitch.tv/Trr1ppy - youtube.com/user/Trr1ppy - steamcommunity.com/id/Trr1ppy/


#10 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 04 October 2014 - 05:02 AM

Okay....if your AVG Free antivirus is functioning normally...getting updated...able to scan and is activated..then

I would say you are good to go.

I suggest you update and run scans occassionally using MBAM and AdwCleaner.

To emphasize...using any P2P/ bit torrent is high risk for downloading free stuff.

 

Happy surfin'!


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Trr1ppy

Trr1ppy
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:10:01 PM

Posted 04 October 2014 - 06:54 AM

AVG is updating and running fine.
Thanks for all your help :)


Tech Enthusiast and Gamer
Twitch.tv/Trr1ppy - youtube.com/user/Trr1ppy - steamcommunity.com/id/Trr1ppy/


#12 KunoiSlayr

KunoiSlayr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 05 December 2014 - 04:15 AM

Hello to you both,

I registered here only to thank you for ending my  despair regarding this same issue. I will agree that torrents are very harmful and unreliable. I was trying to download a game myself, it didn't work and for all I know now my chrome also turns into a firefox (which I had uninstalled months ago) with a surfvox homepage I was unable to get rid of until now. My Malwarebytes anti malware and regedit had refused to open and I just knew something suspicious had tagged along.

 

I resorted to google and since yesterday, downloaded a list of programs to rid my system of this PUP which showed up in my task manager:

 

nvxasync\cyxasync.exe

 

I would like to extend my sincerest gratitude for this beneficial thread. The chameleon mbam removed it for good, much to my relief.

 

Just a question while I am here. To avoid conflict of various cleaning softwares in future... Which ones are worthy of keeping and which one must I remove?

Avast free antivirus

HitmanPro

AdwCleaner

Adware Remover Tool v3.8

Yet_another_cleaner

 

Cloud System Booster

Anvi smart defender

Rkill

Junkware Removal Tool

CCleaner



#13 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 07 December 2014 - 09:55 AM

KunoiSlayr..........Remove Hitman Pro, Yet another cleaner, cloud system booster, Rkill and Adware Remover Tool

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 jonnyuk3

jonnyuk3

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 06 March 2015 - 03:03 PM

I registered on here to thank you buddy215 for ending my misery regarding this same issue.

I have been searching for the last few days for a solution to this surfvox hijack which also meant I was unable to open task manager or regedit.

Following the steps you provided I was finally able to get rid of all malware and anything else lurking within my PC.

 

Thanks again buddy215.

 

jonnyuk3



#15 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 07 March 2015 - 09:27 AM

8,674 views....surfvox is still in the business of causing misery....You're welcome...jonnyuk3...you should use the other programs to finish the

cleanup if you haven't already done so. Happy surfin'...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users