Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trovi full removal?


  • Please log in to reply
13 replies to this topic

#1 Webshark

Webshark

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 17 February 2015 - 08:22 PM

So last night I made a mistake I rarely make and that was rush trough an installation on a new machine.  A previously trusted software "Project 64" infected me with the horrible Trovi and search protector / conduit crap...

Any after spending a few hours using Revo, Malwarebytes, Rogue Killer, CCleaner, Hitman Pro, RKill and Junkware removal.  I think i got most of it.. But I am not quite sure I got all of it.. Is there anyway or anything else you guys recommend in order to completely remove this nasty piece of software.

I was not able able to do control panel > programs > uninstall on search protect.  I dont  know why.  Revo said it removed it but did not.  Further tools got rid of it eventually.. But scans still find things here and there in the registry and such. Even cookies in Firefox after I done a reset ...

RogueKiller seems to keep finding the same 2 registry file types PUM.Dns and they both give and error [5] when trying to delete. See below..

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C4E1BBF5-90BF-42DA-9E83-20218C8E7312} | DhcpNameServer : 10.9.0.1 8.8.4.4 [(Private Address) (XX)]  -> ERROR [5]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C4E1BBF5-90BF-42DA-9E83-20218C8E7312} | DhcpNameServer : 10.9.0.1 8.8.4.4 [(Private Address) (XX)]  -> ERROR [5]

I had a similiar error 5 when trying to install spybot and it would not let me install at all, it was some error about writing to the registry.

Any info much appreciated.

 

BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 AM

Posted 18 February 2015 - 05:51 AM

Lets see. :)

 

 

 

Step 1: Minitoolbox.
 
Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 
Step 2: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.



#3 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 February 2015 - 06:12 AM

Lets see. :)

 

 

 

Step 1: Minitoolbox.
 
Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 
Step 2: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

 

Thank you for this.. I have spent hours following another rigourous routine I found elsewhere utilizing some great tools incluidng junkware and adwarecleaner amongst others found on here.  But I will I also follow these steps now to make sure its gone.. I am paranoid of leftover files.. So far I think ive been successful and very thorough.

 

Thanks



#4 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 February 2015 - 06:20 AM

Results from Mini toolbox.

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Webshark (administrator) on 18-02-2015 at 03:17:13
Running from "C:\Users\Webshark\Desktop\Malware removal toolz"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel(R) Dual Band Wireless-N 7260 = Wi-Fi (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
TAP Adapter V9 for Private Tunnel = Ethernet 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mobile-Matrix
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : socal.rr.com

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP Adapter V9 for Private Tunnel
   Physical Address. . . . . . . . . : 00-FF-C4-E1-BB-F5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 80-19-34-79-45-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 80-19-34-79-45-74
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : SWDL.WDS
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 78-24-AF-C8-A4-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : socal.rr.com
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-N 7260
   Physical Address. . . . . . . . . : 80-19-34-79-45-73
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2605:e000:141e:19b:454d:8a38:6067:9a86(Preferred) 
   Temporary IPv6 Address. . . . . . : 2605:e000:141e:19b:64b5:8c3f:635c:bf48(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::454d:8a38:6067:9a86%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.113(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, February 18, 2015 12:44:22 AM
   Lease Expires . . . . . . . . . . : Thursday, February 19, 2015 12:44:25 AM
   Default Gateway . . . . . . . . . : fe80::cad7:19ff:fe98:65a1%3
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 58726708
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-1A-57-E8-78-24-AF-C8-A4-DF
   DNS Servers . . . . . . . . . . . : 2605:e000:141e:19b:cad7:19ff:fe98:65a1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       socal.rr.com

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-10-95
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::16a:6063:bb98:a74e%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 470286375
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-1A-57-E8-78-24-AF-C8-A4-DF
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1881:396b:3f57:fe8e(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1881:396b:3f57:fe8e%9(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-1A-57-E8-78-24-AF-C8-A4-DF
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{13F0E465-8649-4A89-85DE-CFA3E573E1B4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  2605:e000:141e:19b:cad7:19ff:fe98:65a1

Name:    google.com
Addresses:  2607:f8b0:4007:805::1004
	  216.58.216.46


Pinging google.com [2607:f8b0:4007:805::1004] with 32 bytes of data:
Reply from 2607:f8b0:4007:805::1004: time=36ms 
Reply from 2607:f8b0:4007:805::1004: time=17ms 

Ping statistics for 2607:f8b0:4007:805::1004:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 36ms, Average = 26ms
Server:  UnKnown
Address:  2605:e000:141e:19b:cad7:19ff:fe98:65a1

Name:    yahoo.com
Addresses:  98.139.183.24
	  98.138.253.109
	  206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=52ms TTL=47
Reply from 206.190.36.45: bytes=32 time=49ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 49ms, Maximum = 52ms, Average = 50ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 ff c4 e1 bb f5 ......TAP Adapter V9 for Private Tunnel
  7...80 19 34 79 45 77 ......Bluetooth Device (Personal Area Network)
  5...80 19 34 79 45 74 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...78 24 af c8 a4 df ......Realtek PCIe GBE Family Controller
  3...80 19 34 79 45 73 ......Intel(R) Dual Band Wireless-N 7260
 11...08 00 27 00 10 95 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.113     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.113    276
    192.168.1.113  255.255.255.255         On-link     192.168.1.113    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.113    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.113    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.113    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    276 ::/0                     fe80::cad7:19ff:fe98:65a1
  1    306 ::1/128                  On-link
  9    306 2001::/32                On-link
  9    306 2001:0:9d38:90d7:1881:396b:3f57:fe8e/128
                                    On-link
  3    276 2605:e000:141e:19b::/64  On-link
  3     36 2605:e000:141e:19b::/64  fe80::cad7:19ff:fe98:65a1
  3    276 2605:e000:141e:19b:454d:8a38:6067:9a86/128
                                    On-link
  3    276 2605:e000:141e:19b:64b5:8c3f:635c:bf48/128
                                    On-link
 11    276 fe80::/64                On-link
  3    276 fe80::/64                On-link
  9    306 fe80::/64                On-link
 11    276 fe80::16a:6063:bb98:a74e/128
                                    On-link
  9    306 fe80::1881:396b:3f57:fe8e/128
                                    On-link
  3    276 fe80::454d:8a38:6067:9a86/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  9    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (02/18/2015 03:16:56 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/18/2015 03:16:26 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/18/2015 03:15:56 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/18/2015 02:57:04 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/18/2015 02:56:34 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/18/2015 02:48:08 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/18/2015 02:47:38 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/18/2015 02:38:13 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/18/2015 02:37:43 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/18/2015 02:21:19 AM) (Source: DCOM) (User: Mobile-Matrix)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================


=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 16.0.0.245 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.9 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.19 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.29 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Glary Utilities 5.19 (HKLM-x32\...\Glary Utilities 5) (Version: 5.19.0.32 - Glarysoft Ltd)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 17.00.6000.1654 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{50748ecf-730e-4c86-87be-0346d4aa7aac}) (Version: 17.0.6 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.0.5.0389 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Matrix-ks (HKLM-x32\...\{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}) (Version: 3.6 - KellySoftware)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Control Panel 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 17.12.8 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.173.1392 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.2 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
NVIDIA Update 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 17.12.8 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.27 (Version: 1.2.27 - NVIDIA Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation)
Paragon HFS+ for Windows 8 Free Edition (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.23 - ASUS)
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.3.10.2 - OpenVPN Technologies)
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

========================= Devices: ================================


**** End of log ****



#5 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 February 2015 - 06:26 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Webshark on Wed 02/18/2015 at  3:23:08.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/18/2015 at  3:25:38.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 February 2015 - 06:32 AM

# AdwCleaner v4.110 - Logfile created 18/02/2015 at 03:30:45
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Webshark - MOBILE-MATRIX
# Running from : C:\Users\Webshark\Desktop\Malware removal toolz\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1902 bytes] - [17/02/2015 12:40:18]
AdwCleaner[R1].txt - [1086 bytes] - [17/02/2015 12:46:08]
AdwCleaner[R2].txt - [981 bytes] - [17/02/2015 12:56:21]
AdwCleaner[R3].txt - [1099 bytes] - [17/02/2015 14:18:45]
AdwCleaner[R4].txt - [1178 bytes] - [17/02/2015 20:13:08]
AdwCleaner[R5].txt - [1229 bytes] - [18/02/2015 02:02:24]
AdwCleaner[R6].txt - [1288 bytes] - [18/02/2015 03:28:13]
AdwCleaner[S0].txt - [2019 bytes] - [17/02/2015 12:41:34]
AdwCleaner[S1].txt - [1161 bytes] - [17/02/2015 12:50:56]
AdwCleaner[S2].txt - [1046 bytes] - [17/02/2015 12:57:40]
AdwCleaner[S3].txt - [1216 bytes] - [18/02/2015 03:30:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1275  bytes] ##########



#7 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 February 2015 - 06:51 AM

So on the last step with adware removal tool, the first scan found 11 items mostly registry items of IE which I uninstalled previosly.  But than at the end it gave an error which Ill paste below and produced no log.  So I tried again.. This time found nothing and produced same error.  No log..

 

The error gives you an option to quit or continue where it will ignore it.. here is the error.

 

 

e the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ComponentModel.Win32Exception: The system cannot find the file specified
   at Microsoft.VisualBasic.CompilerServices.Symbols.Container.InvokeMethod(Method TargetProcedure, Object[] Arguments, Boolean[] CopyBack, BindingFlags Flags)
   at Microsoft.VisualBasic.CompilerServices.NewLateBinding.CallMethod(Container BaseReference, String MethodName, Object[] Arguments, String[] ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, BindingFlags InvocationFlags, Boolean ReportErrors, ResolutionFailure& Failure)
   at Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateCall(Object Instance, Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack, Boolean IgnoreReturn)
   at Adware_Removal_Tool_v3._8.form2.BackgroundWorker2_RunWorkerCompleted(Object sender, RunWorkerCompletedEventArgs e)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs e)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8009 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
Adware-Removal-Tool-v3.9
    Assembly Version: 3.9.0.0
    Win32 Version: 3.9.0.0
    CodeBase: file:///C:/Users/Webshark/Desktop/Malware%20removal%20toolz/Adware-Removal-Tool-v3.9.1.exe
----------------------------------------
Microsoft.VisualBasic
    Assembly Version: 8.0.0.0
    Win32 Version: 8.0.50727.8007 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8009 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8008 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8007 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8012 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8007 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8009 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Management
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.8007 (FX35W81RTMGDR.050727-8000)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Management/2.0.0.0__b03f5f7f11d50a3a/System.Management.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 AM

Posted 18 February 2015 - 04:57 PM

Change your dns with the easy to use tool.

http://www.rentanadviser.com/en/products/smart-dns-changer/smart-dns-changer.aspx

 

That is the error you are seeing in the RK log it has to do with the dns settings on your machine. Are you actually having any Trovi popups?



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 AM

Posted 18 February 2015 - 05:00 PM

I would suggest open dns or google dns. :)



#10 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 February 2015 - 08:53 PM

I would suggest open dns or google dns. :)

 

 

Great will do.. I was actually wanting to do that becayse RR sucks. Thanks.. No trovi popups.. Had some things show up in rogue killer today but all seems good.



#11 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 February 2015 - 11:45 PM

I would suggest open dns or google dns. :)

 

Hey thats a great little tool for changing the DNS quickly, is there a way to do that across my network or is that not reccomended?  To change at the router?  Will this software do that?  Between OpenDNS and Google what do you prefer?

 

Also If this cannot be done across my network how would I do it on my mac, is there a similar tool?



#12 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 19 February 2015 - 02:12 AM

When this start happening something put a user folder and This PC icon on my desktip.  They come back after reboots if I delete.  Any idea what this could be?



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 AM

Posted 19 February 2015 - 04:04 PM

 

Hey thats a great little tool for changing the DNS quickly, is there a way to do that across my network or is that not reccomended?

 

 

Far as I know you have to do individually for each machine.
 

 

To change at the router?

 

 

 

http://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

 

 

Between OpenDNS and Google what do you prefer?

 

There is a tool that should tell you the best DNS for your machine/area.

https://www.grc.com/dns/benchmark.htm

 

how would I do it on my mac, is there a similar tool?

 

 

Not sure, I do not use mac only a google search on the subject is what I could offer and there would be no way for me to assure that the link I provide would be accurate so I will leave that up to you.

 

 

When this start happening something put a user folder and This PC icon on my desktip.  They come back after reboots if I delete.  Any idea what this could be?

 

 

 

 

Screen shots please.



#14 Webshark

Webshark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 10 March 2015 - 04:02 PM

Hey,

 

after following this guide and others.  The system appeared clean on multiple scans with multiple programs.  But today hitman pro produced the following results.

 

HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : MOBILE-MATRIX
   Windows . . . . . . : 6.3.0.9600.X64/8
   User name . . . . . . : Mobile-Matrix\Webshark
   UAC . . . . . . : Enabled
   License . . . . . . : Trial (9 days left)

   Scan date . . . . . . : 2015-03-10 13:26:54
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 4s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . : Internet
   Reboot  . . . . . . : No

   Threats . . . . . . : 7
   Traces  . . . . . . : 12

   Objects scanned . . . : 1,444,677
   Files scanned . . . . : 18,213
   Remnants scanned  . . : 393,809 files / 1,032,655 keys

Suspicious files ______

   C:\Users\Webshark\Desktop\Malware removal toolz\FRST64.exe
      Size . . . . . . : 2,095,104 bytes
      Age  . . . . . . : 0.5 days (2015-03-10 00:26:28)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : D0FEB7D4FBC9D9B3A7974FD62244AEAB84629BEFF19EB048CF7BDF0129FAFD26
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
      Program has no publisher information but prompts the user for permission elevation.
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      Authors name is missing in version info. This is not common to most programs.
      Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Time indicates that the file appeared recently on this computer.
      Forensic Cluster
      -13.6s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\BA4F8165CCF83FB081E4492680680F52E475A6C5
      -13.6s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\9C8E43EB42B8821F7F796EFDB041BE5DBD234957
      -13.4s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\97CD3E199933304A22F9FF46EE1ED382A2F5C17B
      -4.7s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\BED4D087A45FE7917F2E3CB126DFB7174EAF2F63
      -4.3s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\123A5F3CFF062101DF37149EEFBA78FFB2B5381D
      -4.1s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\15A0EDC0D589FEA363948F2F5D52267F1B5BE369
      -4.1s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\FD6037B860360EC7D0768F5694876024D81F503F
      -4.1s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\EE5749AA65B97C7399480A2604A0EF530FBBED14
      -4.1s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\A01B3C31B9057290C1D7B844149EC45899239D32
      -4.1s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\FB4D1C5F36CCD48FF901A47289298D73E648DC38
      -3.9s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\ABB898AB73F6059FAF229B0B12D276E8898CC2D7
      -3.9s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\98AD08CF520EB769850461AEA5AF485C373969A8
      -3.9s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\11B2FBD3031745CCE81CDFE784E09926D6B2059E
      -3.8s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\E21F0EFF8DF77DFB7F21FA7BCE7F16AF6DF74BA0
      -3.8s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\36F7A474BBCF8C7B239998324D552C8A944832BF
      -3.8s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\47A6F0FA2D0F23467B9F9F5AF722C41B71B74E99
      -3.6s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\96A090F32518A74486B6B224458C44E103AFF4BF
      -3.5s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\6AD589EDBDAAC18FD98440C463FC3025408D721D
      -3.5s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\E53C7F0B582AB687BC552CEFA27B3F0EE55913FF
      -3.4s C:\Users\Webshark\AppData\Local\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cache2\entries\BB313B2ED0794996DBB6B69E4C070E18A44EA677
      0.0s C:\Users\Webshark\Desktop\Malware removal toolz\FRST64.exe

   C:\Users\Webshark\Desktop\Malware removal toolz\MiniToolBox.exe
      Size . . . . . . : 401,920 bytes
      Age  . . . . . . : 20.4 days (2015-02-18 04:12:56)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 520E765E9043243127BE3D7B7210D32E2D1994866DC7A0F57EC05FA480D6D062
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
      Program has no publisher information but prompts the user for permission elevation.
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      Authors name is missing in version info. This is not common to most programs.
      Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Time indicates that the file appeared recently on this computer.
      Forensic Cluster
      0.0s C:\Users\Webshark\Desktop\Malware removal toolz\MiniToolBox.exe
      29.9s C:\Users\Webshark\Desktop\Malware removal toolz\Adware-Removal-Tool-v3.9.1.exe

Malware remnants ______

   C:\Windows\apppatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb (SearchProtect)
   C:\Windows\apppatch\nbin\VC32Loader.dll (SearchProtect)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\VC32Ldr\ (SearchProtect)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe\ (SearchProtect)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe\ (SearchProtect)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iLivid.exe\ (SearchProtect)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iMesh.exe\ (SearchProtect)

Cookies ______

   C:\Users\Webshark\AppData\Roaming\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cookies.sqlite:ads.pubmatic.com
   C:\Users\Webshark\AppData\Roaming\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cookies.sqlite:doubleclick.net
   C:\Users\Webshark\AppData\Roaming\Mozilla\Firefox\Profiles\8yu5c6h0.default-1424234290264\cookies.sqlite:statcounter.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users