Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE, Chrome and Firefox keep re-directing me to unwanted search results and ads


  • This topic is locked This topic is locked
6 replies to this topic

#1 seelnaj

seelnaj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 18 February 2015 - 04:19 PM

I am running Windows 8.1 on my laptop..

 

When clicking on links in all browsers - they sometimes randomly re-direct me to search results or advertisement pages instead of where the link is intended to go..

If I click back in the browser and click the link again it normally then goes to the intended page.  I have seen it re-directing through find-all-you-want.com - but not always, sometimes

it is other sites.

 

I have run quite a few scans with multiple Anti-Virus and Anti-Malware tools (most of which I have used based on info on bleepingcomputer) and no threats are detected.

I have run the scans both normally and while booted into safe mode.

 

Posting  FRST.txt results below

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Jeff (administrator) on ASUSNB on 18-02-2015 15:02:40
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available profiles: Jeff & cyg_server)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\cygwin64\bin\cygrunsrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\cygwin64\usr\sbin\sshd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
() C:\Program Files (x86)\Xming\XLaunch.exe
() C:\Program Files (x86)\Xming\Xming.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-24] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-24] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253960 2014-10-14] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2014-11-20] (VMware, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar835.lnk
ShortcutTarget: Sidebar835.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XLaunch.lnk
ShortcutTarget: XLaunch.lnk -> C:\Program Files (x86)\Xming\XLaunch.exe ()
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1972130086-1269075674-2879670794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1972130086-1269075674-2879670794-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1972130086-1269075674-2879670794-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{02B23507-0456-4D64-A9E2-6CC2BEF7D595}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7B4F733A-C668-483C-B9A5-8C0E3C1622D6}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9E46EDCB-3465-42B3-BECD-3013885A4754}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{AC20C738-1ADB-4501-BE75-049E14368857}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\946v8mnb.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-08]
CHR Extension: (Google Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-08]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-28]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Google Cast) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-28]
CHR Extension: (Google Search) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Google Sheets) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-08]
CHR Extension: (Google Wallet) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-08]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2014-10-14] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-01] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 sshd; C:\cygwin64\bin\cygrunsrv.exe [184851 2015-01-28] () [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730560 2014-11-20] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2014-07-14] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2014-10-14] ()
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-14] ()
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2014-11-18] (Intel  Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows ® Win 7 DDK provider)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
S4 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015i\WNt600x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 15:02 - 2015-02-18 15:02 - 00018138 _____ () C:\Users\Jeff\Desktop\FRST.txt
2015-02-18 15:01 - 2015-02-18 15:01 - 02086912 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2015-02-18 15:00 - 2015-02-18 15:01 - 02086912 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2015-02-18 14:34 - 2015-02-18 14:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\Intel_Corporation
2015-02-18 14:28 - 2015-02-18 14:28 - 00000000 ____D () C:\Users\Jeff\Desktop\Autoruns
2015-02-18 14:27 - 2015-02-18 14:27 - 00573697 _____ () C:\Users\Jeff\Downloads\Autoruns.zip
2015-02-18 13:41 - 2015-02-18 13:41 - 00001168 _____ () C:\Users\Jeff\Downloads\EmsiClean_2015.02.18_13.41.41.txt
2015-02-18 13:24 - 2015-02-18 13:24 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-02-18 12:17 - 2015-02-18 12:19 - 00000000 ____D () C:\AdwCleaner
2015-02-18 11:57 - 2015-02-18 15:02 - 00000000 ____D () C:\FRST
2015-02-14 17:47 - 2015-02-14 17:47 - 00000000 _____ () C:\Recovery.txt
2015-02-14 16:48 - 2015-02-14 16:48 - 05611771 _____ (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
2015-02-14 16:48 - 2015-02-14 16:48 - 02112512 _____ () C:\Users\Jeff\Downloads\AdwCleaner.exe
2015-02-14 16:46 - 2015-02-14 16:46 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-02-14 16:45 - 2015-02-14 16:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-14 16:45 - 2015-02-14 16:45 - 11227888 _____ (SurfRight B.V.) C:\Users\Jeff\Downloads\HitmanPro_x64.exe
2015-02-14 16:44 - 2015-02-14 16:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jeff\Downloads\tdsskiller.exe
2015-02-14 16:43 - 2015-02-14 16:43 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jeff\Downloads\rkill64-25381.exe
2015-02-14 16:42 - 2015-02-18 12:55 - 00003774 _____ () C:\Users\Jeff\Desktop\Rkill.txt
2015-02-14 16:42 - 2015-02-14 16:42 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jeff\Downloads\rkill.exe
2015-02-14 16:42 - 2015-02-14 16:42 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jeff\Downloads\rkill64.exe
2015-02-14 16:35 - 2015-02-18 14:52 - 00000000 ____D () C:\Users\Jeff\AppData\Local\CrashDumps
2015-02-14 16:34 - 2015-02-14 16:35 - 00000000 ____D () C:\NPE
2015-02-14 16:33 - 2015-02-14 16:40 - 00000000 ____D () C:\Users\Jeff\AppData\Local\NPE
2015-02-14 16:33 - 2015-02-14 16:33 - 03060320 ____N (Symantec Corporation) C:\Users\Jeff\Downloads\NPE.exe
2015-02-14 16:33 - 2015-02-14 16:33 - 00000000 ____D () C:\ProgramData\Norton
2015-02-14 16:17 - 2015-02-14 16:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 16:17 - 2015-02-14 16:17 - 00001127 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-14 16:17 - 2015-02-14 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-14 16:17 - 2015-02-14 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-14 16:17 - 2015-02-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-14 16:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-14 16:17 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-14 16:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-14 16:15 - 2015-02-14 16:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jeff\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-07 15:03 - 2015-02-18 14:12 - 00000000 ____D () C:\Users\cyg_server
2015-02-07 15:03 - 2015-02-07 15:03 - 00001455 _____ () C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-07 15:03 - 2015-02-07 15:03 - 00000057 _____ () C:\Users\cyg_server\AppData\Roaming\sp_data.sys
2015-02-07 15:03 - 2015-02-07 15:03 - 00000020 ___SH () C:\Users\cyg_server\ntuser.ini
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Roaming\ASUS
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Roaming\Adobe
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Local\VirtualStore
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Local\Packages
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Local\NVIDIA Corporation
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Local\NVIDIA
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Local\Google
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Users\cyg_server\AppData\Local\ASUS
2015-02-07 15:03 - 2014-12-28 13:48 - 00000000 ___RD () C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-07 15:03 - 2014-11-28 18:19 - 00000000 ___RD () C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-07 15:03 - 2014-03-18 04:13 - 00000369 _____ () C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-07 15:03 - 2014-03-18 04:13 - 00000369 _____ () C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-07 15:03 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 15:03 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-07 13:58 - 2015-02-07 15:23 - 00001050 _____ () C:\Users\Jeff\Desktop\XLaunch.lnk
2015-02-07 13:54 - 2015-02-07 13:46 - 00000313 _____ () C:\config0.xlaunch
2015-02-07 13:46 - 2015-02-07 13:46 - 00000313 _____ () C:\Users\Jeff\Documents\config0.xlaunch
2015-01-31 16:06 - 2015-01-31 16:06 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1972130086-1269075674-2879670794-1003
2015-01-31 15:46 - 2015-01-31 15:52 - 00000611 _____ () C:\Users\Public\Desktop\Cygwin64 Terminal.lnk
2015-01-31 15:46 - 2015-01-31 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin-X
2015-01-31 15:22 - 2015-01-31 15:46 - 00000000 ____D () C:\cygwin64
2015-01-31 15:22 - 2015-01-31 15:22 - 00000000 ____D () C:\Users\Jeff\Downloads\http%3a%2f%2fcygwin.mirror.constant.com%2f
2015-01-31 15:21 - 2015-01-31 15:21 - 00786944 _____ () C:\Users\Jeff\Downloads\setup-x86_64.exe
2015-01-31 14:51 - 2015-01-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xming
2015-01-31 14:51 - 2015-01-31 14:51 - 00000000 ____D () C:\Program Files (x86)\Xming
2015-01-31 14:50 - 2015-01-31 14:50 - 02204914 _____ (Colin Harrison ) C:\Users\Jeff\Downloads\Xming-6-9-0-31-setup.exe
2015-01-31 14:31 - 2015-01-31 14:31 - 00184320 _____ (Simon Tatham) C:\Users\Jeff\Desktop\puttygen.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 15:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-18 14:58 - 2014-03-18 04:03 - 00867740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 14:53 - 2014-11-21 21:21 - 00000062 _____ () C:\Users\Jeff\AppData\Roaming\sp_data.sys
2015-02-18 14:52 - 2014-07-14 20:35 - 01862205 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 14:51 - 2014-12-08 20:38 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 14:51 - 2014-11-22 18:40 - 00000000 ____D () C:\ProgramData\VMware
2015-02-18 14:51 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 14:50 - 2014-12-02 23:10 - 00000025 _____ () C:\Users\Jeff\AppData\Roaming\Network Meter_Usage.ini
2015-02-18 14:48 - 2014-12-08 20:38 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 14:46 - 2014-11-28 19:33 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\ClassicShell
2015-02-18 14:45 - 2014-12-08 14:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-18 14:28 - 2014-12-02 21:39 - 00000000 ____D () C:\Users\Jeff\AppData\Local\Sidebar7
2015-02-18 14:14 - 2014-12-02 22:00 - 00002818 _____ () C:\Users\Jeff\Network_Meter_Data.js
2015-02-18 14:14 - 2014-12-02 21:44 - 00004432 _____ () C:\Users\Jeff\IP_Log_Data.js
2015-02-18 14:13 - 2014-11-21 21:20 - 00000000 ____D () C:\Users\Jeff
2015-02-18 14:11 - 2014-11-21 21:21 - 00000000 ____D () C:\Users\Jeff\AppData\Local\ASUS
2015-02-18 14:11 - 2014-07-14 20:57 - 00000000 ____D () C:\ProgramData\P4G
2015-02-18 14:11 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-18 14:03 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\registration
2015-02-18 13:37 - 2014-03-18 03:54 - 00012602 _____ () C:\Windows\PFRO.log
2015-02-18 11:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 16:24 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-14 16:22 - 2014-11-21 21:26 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1972130086-1269075674-2879670794-1001
2015-02-14 15:35 - 2015-01-17 13:34 - 00000600 _____ () C:\Users\Jeff\AppData\Local\PUTTY.RND
2015-02-14 15:35 - 2014-11-22 18:41 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\VMware
2015-02-14 15:00 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 14:37 - 2014-11-23 22:17 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{456942FA-8128-45CC-AE52-AAB9171DFFE3}
2015-02-14 14:22 - 2014-11-22 18:41 - 00000000 ____D () C:\Users\Jeff\AppData\Local\VMware
2015-02-07 13:49 - 2014-12-08 20:39 - 00002212 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 13:45 - 2014-12-08 14:02 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-07 13:43 - 2014-12-08 20:38 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 13:43 - 2014-12-08 20:38 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-31 20:33 - 2014-11-28 17:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 16:23 - 2014-11-28 17:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-31 16:13 - 2014-12-05 12:14 - 00000000 ____D () C:\VMDrive
2015-01-23 14:50 - 2015-01-16 15:12 - 00002152 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk

==================== Files in the root of some directories =======

2014-12-02 21:41 - 2014-12-02 21:43 - 0000839 _____ () C:\Users\Jeff\AppData\Roaming\Drives Meter_Settings.ini
2014-12-02 23:10 - 2015-02-18 14:50 - 0000025 _____ () C:\Users\Jeff\AppData\Roaming\Network Meter_Usage.ini
2014-11-21 21:21 - 2015-02-18 14:53 - 0000062 _____ () C:\Users\Jeff\AppData\Roaming\sp_data.sys
2015-01-17 13:34 - 2015-02-14 15:35 - 0000600 _____ () C:\Users\Jeff\AppData\Local\PUTTY.RND
2014-07-14 20:48 - 2014-07-14 20:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-16 14:02 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-16 14:02 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-16 14:02 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-11-21 22:31 - 2014-11-21 22:31 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-11-21 22:31 - 2014-11-21 22:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Jeff\IP_Log_Data.js
C:\Users\Jeff\Network_Meter_Data.js


Some content of TEMP:
====================
C:\Users\Jeff\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 15:00

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:58 PM

Posted 23 February 2015 - 10:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-1972130086-1269075674-2879670794-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1972130086-1269075674-2879670794-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015i\WNt600x64\Sandra.sys [X]
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Jeff\IP_Log_Data.js
C:\Users\Jeff\Network_Meter_Data.js

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running?

#3 seelnaj

seelnaj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 23 February 2015 - 09:55 PM

Hi nasdaq - Thank You for getting back to me.

 

Below are the contents of Fixlog.txt and the ADWCleaner report that was generated..

 

Fixlog.txt

------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by Jeff at 2015-02-23 20:36:37 Run:1
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available profiles: Jeff & cyg_server)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-1972130086-1269075674-2879670794-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1972130086-1269075674-2879670794-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015i\WNt600x64\Sandra.sys [X]
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Jeff\IP_Log_Data.js
C:\Users\Jeff\Network_Meter_Data.js
*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-1972130086-1269075674-2879670794-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1972130086-1269075674-2879670794-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
SANDRA => Service deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
C:\Users\Jeff\IP_Log_Data.js => Moved successfully.
C:\Users\Jeff\Network_Meter_Data.js => Moved successfully.


The system needed a reboot.

==== End of Fixlog 20:36:38 ====

 

AdwCleaner

----------------

# AdwCleaner v4.111 - Logfile created 23/02/2015 at 20:47:08
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jeff - ASUSNB
# Running from : C:\Users\Jeff\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

[C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R1].txt - [1048 bytes] - [23/02/2015 20:45:54]
AdwCleaner[S0].txt - [981 bytes] - [23/02/2015 20:47:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1039  bytes] ##########

 

 

I have done a little bit of surfing since completing the steps, and so far I have not been re-directed anywhere..

However, it sometimes does not start right away so I will reserve judgement for a bit until I get some more usage in...

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:58 PM

Posted 24 February 2015 - 09:07 AM

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 seelnaj

seelnaj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 26 February 2015 - 02:05 PM

Sorry I haven't replied - I am travelling and won't have access to my personal laptop until tomorrow (Friday) I will reset the browser settings then and test some more and provide feedback on the state of things.

 

Thank you for the help!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:58 PM

Posted 26 February 2015 - 02:43 PM

Take you time.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:58 PM

Posted 04 March 2015 - 09:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users