Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with removing spyware possibly installed by roommate


  • This topic is locked This topic is locked
6 replies to this topic

#1 commandershepard

commandershepard

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 20 February 2015 - 12:09 PM

Hi I've already started a thread at Am I Infected What Do I Do? Here is the link: http://www.bleepingcomputer.com/forums/t/566030/need-help-my-laptop-may-be-monitored-by-roommate/

 

I was advised by dev00790 to post here.

 

I've also attached the logs. Thanks in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 25 February 2015 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3668958733-3662128310-15301519-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Gab\AppData\Roaming\Mozilla\Firefox\Profiles\ghirumav.default\searchplugins\yahoo-avast.xml
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418673210&from=smt&uid=WDCXWD10JPVT-00MS8T0_WD-WXA1A13Y3176Y3176"
CHR Extension: (Avast Online Security) - C:\Users\Gab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MFE_RR; \??\C:\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#3 commandershepard

commandershepard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 27 February 2015 - 08:49 AM

Hi, I followed the instruction but no fixlog.txt was made. Thanks



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 27 February 2015 - 08:50 AM

Run the Farbar tool normally and post a fresh FRST.TXT log for my review.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 05 March 2015 - 09:30 AM

Are you still with me?

#6 commandershepard

commandershepard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 07 March 2015 - 12:55 PM

Hi I'm sorry, I totally forgot about this. I won't be needing help anymore. Thank you for you help


Edited by commandershepard, 07 March 2015 - 01:00 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 07 March 2015 - 01:57 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users