Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome hijacker (?)


  • This topic is locked This topic is locked
25 replies to this topic

#1 vickieross

vickieross

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 01 September 2015 - 10:37 AM

I have Norton 360, and it cleaned a lot of viruses from my computer. 

(from a download I was stupid enough to click on )

  However, I'm pretty sure I now  have safesearch hijacker.??

I cannot change my google chrome settings because of this, ugh!

   Norton doesnt find this, neither does spybot. 

   Can you please help me

Thanks so much,

Vickie

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 PM

Posted 01 September 2015 - 12:36 PM





Hello vickieross

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 01 September 2015 - 02:48 PM

Thanks so much for your reply :-)

 

  I did as you said, but when I clicked the farbar download link,  my norton stopped it, saying it was not safe and won't let me. 

 

????

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 PM

Posted 01 September 2015 - 05:36 PM

Hello vickieross

.


Norton has been blocking a lot of the tools we have been using to clean up the things that they have been missing (guess it makes them look bad), any of the tools that I ask you to run can be looked up on Google to see if they are a problem or not - in this case you can look up **Farbars recovery scan tool** or even just **FRST**.

Here is also a link to virus total that shows **ONLY** Norton (Symantec) is detecting this as a threat - https://www.virustotal.com/en/file/9a92493668d313771db011c6fd2bf7b894b97281bc5e3c3dee5c104372a33dca/analysis/1415161465/

.
A quick search even shows it being used on their forums.

http://community.norton.com/en/forums/norton-antivirus-detected-trojanzeroaccessinf4-cwindowssystem32servicesexe
http://community.norton.com/en/forums/trojanzeroaccessinf4-infection

.
To be able to run these tools you will have to turn off Norton.


.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 01 September 2015 - 06:12 PM

Thanks so much,

I disabled my norton  and was finally able to download this program. Here you go ;

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Vickie (2015-09-01 18:05:25)
Running from C:\Users\Vickie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1582899774-2182911257-657564139-500 - Administrator - Disabled)
Guest (S-1-5-21-1582899774-2182911257-657564139-501 - Limited - Disabled)
Vickie (S-1-5-21-1582899774-2182911257-657564139-1001 - Administrator - Enabled) => C:\Users\Vickie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton 360 (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (HKLM-x32\...\Cake Mania) (Version:  - Spintop Media, Inc)
Cake Mania 2 (HKLM-x32\...\BFG-Cake Mania 2) (Version:  - )
Cake Mania 3 (HKLM-x32\...\BFG-Cake Mania 3) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DinerMania (HKLM-x32\...\BFG-DinerMania) (Version:  - )
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.3.0.43 - Symantec Corporation)
Paint Shop Pro 7 ESD (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
PANTECH UML290 (HKLM\...\{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}) (Version: 4.11.2.0 - PANTECH CO., LTD)
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Verizon Wireless UML290 Firmware Updates (HKLM-x32\...\{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}) (Version: 1.0.11 - Smith Micro Software, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VZAccess Manager (HKLM-x32\...\{FF35BA14-9CF3-41DD-9BC3-7C2A0763B4F3}) (Version: 7.9.1.0 - Smith Micro Software Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
12-08-2015 12:35:48 Windows Update
20-08-2015 14:17:37 Scheduled Checkpoint
28-08-2015 13:10:32 Scheduled Checkpoint
31-08-2015 21:46:41 Norton_Power_Eraser_20150831214637662
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05A2486E-D0AF-473F-99AE-414D5FA271CA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {132D02D2-8E53-4C34-8F1C-9C68E5F140C3} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {1543809E-9301-457E-88C7-85C60A0C48B9} - System32\Tasks\Component System\Component => C:\Users\Vickie\AppData\Local\Component\com.exe [2015-08-25] ()
Task: {22C35575-E6A1-4052-A40F-31F5852C1430} - System32\Tasks\HPCeeScheduleForVickie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {25CDF8B3-971C-480E-A893-B0B33BC0AF00} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {2C7D2345-8B9C-46E6-9702-6FD2129B15A6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {4613AF69-AE92-42A2-8464-861B57BD0153} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {517EB82D-1AF1-4F98-B0C7-7627C442FC36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {7B164B3F-037D-4C8F-BD42-F7E769132CDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {91699136-BCDE-44AD-A642-93E4A280FBD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {999B381A-DEED-41C1-8C73-00588886FF20} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A09F26B0-7907-416C-998E-D6DB0BA59621} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)
Task: {AD744149-D201-4CA1-A661-9192BF583528} - System32\Tasks\HPCeeScheduleForROSS$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BCBBB87E-236A-42B7-AE44-87F4503D6424} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {BDCBE4F4-9393-4E15-BC65-5AA57CA7DD79} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {C1644433-A474-4192-9953-9BE6626ED77A} - System32\Tasks\Updanager_1441029135 => C:\Users\Vickie\AppData\Local\updanager\upd.exe
Task: {C3D04C01-4CBC-4AC6-B9B9-B5C6A22882AB} - System32\Tasks\Norton Security Scan for Vickie => C:\Program Files (x86)\Norton Security Scan\Engine\4.3.0.43\Nss.exe [2015-07-07] (Symantec Corporation)
Task: {D78A92BC-8907-4927-9187-5C9C46B0930C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {DA423528-8552-46D2-B60D-8D06B7AF53F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {F465AB3C-1BB0-49F5-A7E1-2F5DA97416C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {F80A969A-E75F-45C3-A429-A334811F4DCF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F8AADF3B-0C64-4A4E-B173-F00B0B928C45} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForROSS$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForVickie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Vickie.job => C:\PROGRA~2\NORTON~2\Engine\430~1.43\Nss.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-08-31 22:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-31 22:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-31 22:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-31 22:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-31 22:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-05-30 09:45 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-08-23 00:36 - 2015-08-18 00:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-23 00:36 - 2015-08-18 00:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:04B74CC5
AlternateDataStreams: C:\ProgramData\Temp:1C5E1FAF
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:439E3411
AlternateDataStreams: C:\ProgramData\Temp:554C6431
AlternateDataStreams: C:\ProgramData\Temp:E8FC771D
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1582899774-2182911257-657564139-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vickie\Desktop\pics-misc\a-butterfly-wallpapers.jpg
DNS Servers: 198.224.156.135 - 198.224.157.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{48E95D83-9B8B-414B-A9A7-2AFD0BA50208}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F82BB814-FD51-4987-A33F-250BD832B780}] => (Allow) LPort=2869
FirewallRules: [{819306FA-D122-44F5-A748-CC1307C44A50}] => (Allow) LPort=1900
FirewallRules: [{FAEF3E55-C130-456B-8301-4308D692F08E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97341521-45FF-4B11-BE55-A98259F3B813}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{10A8357A-9891-4E0F-A210-B8EA2B6A0797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9BFC4880-E030-4567-B043-90586B015F34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D8949918-8DBE-4174-B1A4-21E923345040}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{AAAE8851-C17B-4D97-8DA9-AF9D769002A2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{67EC9B8E-F43D-4498-B2F0-94D3123E8E11}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{85BD6E4C-043A-4DBA-8308-329AC116AAA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{34B81364-FFAB-4069-B652-2282426D9C00}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0BF2AEC0-4A89-49B4-9B04-135882C03799}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{714C7C78-647B-46FD-A411-E70EBA8D6D59}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D1CC67AB-A2A2-4646-9517-41D3AF130713}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A3A514C3-5109-448A-AA1C-5CBB6DC885CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B718EDF7-CC16-49EC-B0D5-78F7C4C4B8C8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/01/2015 08:29:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24030656
 
Error: (09/01/2015 08:29:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24030656
 
Error: (09/01/2015 08:29:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/01/2015 01:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDScan.exe, version: 2.4.40.181, time stamp: 0x535a5179
Faulting module name: SDScanLibrary.dll_unloaded, version: 2.4.40.131, time stamp: 0x535a510a
Exception code: 0xc0000005
Fault offset: 0x0014fbb6
Faulting process id: 0x10e0
Faulting application start time: 0xSDScan.exe0
Faulting application path: SDScan.exe1
Faulting module path: SDScan.exe2
Report Id: SDScan.exe3
Faulting package full name: SDScan.exe4
Faulting package-relative application ID: SDScan.exe5
 
Error: (08/31/2015 04:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8968219
 
Error: (08/31/2015 04:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8968219
 
Error: (08/31/2015 04:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2015 04:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8967078
 
Error: (08/31/2015 04:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8967078
 
Error: (08/31/2015 04:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/01/2015 04:21:51 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff8003c72379a, 0xffffd0002174da58, 0xffffd0002174d260)C:\Windows\MEMORY.DMP090115-30000-01
 
Error: (09/01/2015 04:21:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:13:52 PM on ‎9/‎1/‎2015 was unexpected.
 
Error: (09/01/2015 12:19:09 PM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/01/2015 12:18:39 PM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (09/01/2015 11:09:36 AM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/01/2015 11:09:06 AM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (09/01/2015 08:34:11 AM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (08/31/2015 11:08:52 AM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (08/31/2015 11:04:17 AM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (08/31/2015 11:03:47 AM) (Source: DCOM) (EventID: 10010) (User: ROSS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office:
=========================
Error: (09/01/2015 08:29:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24030656
 
Error: (09/01/2015 08:29:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24030656
 
Error: (09/01/2015 08:29:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/01/2015 01:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDScan.exe2.4.40.181535a5179SDScanLibrary.dll_unloaded2.4.40.131535a510ac00000050014fbb610e001d0e4779090de83C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeSDScanLibrary.dll5ea88282-5075-11e5-8465-f8a96391e1e8
 
Error: (08/31/2015 04:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8968219
 
Error: (08/31/2015 04:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8968219
 
Error: (08/31/2015 04:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2015 04:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8967078
 
Error: (08/31/2015 04:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8967078
 
Error: (08/31/2015 04:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3520 @ 2.16GHz
Percentage of memory in use: 39%
Total physical RAM: 3984.27 MB
Available physical RAM: 2416.76 MB
Total Virtual: 8080.27 MB
Available Virtual: 6316.57 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:444.93 GB) (Free:401.01 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.81 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 57DF2823)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 PM

Posted 02 September 2015 - 07:31 AM

Hello


Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
.

: Malwarebytes' Anti-Malware :

Install Malwarebytes Antimalware

1.Download Malwarebytes Anti-Malware at Malwarebytes
2.After downloading, double-click the downloaded file to get started.
3.Choose Yes if the User Account Control dialog appears.
4.The installation wizard will now appear to guide you through the upgrade process.
5.Click on Next.
6.Review and accept the license agreement, then click Next.
7.Review the latest changes made to Malwarebytes Anti-Malware, then click Next.
8.Choose where to install Malwarebytes Anti-Malware, then click Next.
9.Choose whether or not to have a Start Menu entry and its name, then click Next.
10.Choose if you want a desktop icon, then click Next.
11.Review your installation choices, then click Install.
12.The wizard will begin to install the files.
13.After upgrading, you will have the option to enable a free trial of Malwarebytes Anti-Malware Premium.

To see a video on how to do this - https://helpdesk.malwarebytes.org/entries/44648553

Now lets run a scan

1.On the Dashboard, click the 'Update Now >>' link
2.After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
3.If an update is available, click the Update Now button.
4.A Threat Scan will begin.
5.When the scan is complete, if there have been detections,verify that everything has been selected (All boxes on left have a check mark)
**Note** If they are to many to check then you can put a check mark in the very top box and this will select them all
6.click "Remove Selected" to allow MBAM to clean what was detected.
6.In most cases, a restart will be required.
7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.

.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 02 September 2015 - 12:20 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/2/2015
Scan Time: 11:31 AM
Logfile: mbam1.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.02.07
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Vickie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352766
Time Elapsed: 31 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-1582899774-2182911257-657564139-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://www.safesear.ch/web/?type=20150831-120-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20150831-120-sshome-ie-df&q={searchTerms}),Replaced,[e738d15ad3b812246cba203f798c718f]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-1582899774-2182911257-657564139-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear.ch/web/?type=20150831-120-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20150831-120-sshome-ie-df&q={searchTerms}),Replaced,[a6791c0f53387abcdd49fc6343c2946c]
 
Folders: 1
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Vickie\AppData\Local\Component, Quarantined, [a7787fac2b6086b097ba76acd231dd23], 
 
Files: 1
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Vickie\AppData\Local\Component\com.exe, Quarantined, [a7787fac2b6086b097ba76acd231dd23], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 PM

Posted 02 September 2015 - 03:07 PM




Hello vickieross

.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please attach the two reports for me

JRT.txt
AdwCleaner[S0].txt


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 02 September 2015 - 04:40 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by Vickie on Wed 09/02/2015 at 15:43:46.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3AE9266C-74C3-47EB-B9D2-D42F690B11A6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3AE9266C-74C3-47EB-B9D2-D42F690B11A6}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Vickie\AppData\Roaming\Microsoft\Windows\Start Menu\facebook.lnk
Successfully deleted: [File] C:\Users\Vickie\AppData\Roaming\Microsoft\Windows\Start Menu\search.lnk
Successfully deleted: [File] C:\Users\Vickie\AppData\Roaming\Microsoft\Windows\Start Menu\youtube.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar
 
 
 
~~~ Chrome
 
 
[C:\Users\Vickie\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Vickie\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Vickie\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Vickie\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  gpdgdlcjhlbaphcjmagicjhhgfnkiihp
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/02/2015 at 15:50:35.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 02 September 2015 - 04:43 PM

# AdwCleaner v5.005 - Logfile created 02/09/2015 at 16:14:15
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Vickie - ROSS
# Running from : C:\Users\Vickie\Downloads\adwcleaner_5.005 (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
 
***** [ Web browsers ] *****
 
[C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask
[C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www.safesear.ch
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2340 bytes] ##########


#11 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 02 September 2015 - 04:45 PM

# AdwCleaner v5.005 - Logfile created 02/09/2015 at 16:14:15
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Vickie - ROSS
# Running from : C:\Users\Vickie\Downloads\adwcleaner_5.005 (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
 
***** [ Web browsers ] *****
 
[C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask
[C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www.safesear.ch
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2340 bytes] ##########


#12 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 02 September 2015 - 04:57 PM

Please note ****

 

After running  my AdwCleaner, (which I've already posted it's log file)...

It is now waiting on a response from me

"Waiting for action, please uncheck items you want to keep"

 

I don't know what to do now ?

 

Everything was  checked, so I just left it as it was .(and did'nt delete anything .. until I heard from you

If you want me to run it again, please let me know?



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 PM

Posted 02 September 2015 - 05:15 PM

Allow it to remove what it has found


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 vickieross

vickieross
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:east Texas
  • Local time:08:35 PM

Posted 02 September 2015 - 06:08 PM

Thank you and sorry about that last issue I had; Just did'nt want to do anything wrong _ without asking you first :-) , LOL

 

# AdwCleaner v5.005 - Logfile created 02/09/2015 at 17:58:39
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Vickie - ROSS
# Running from : C:\Users\Vickie\Downloads\adwcleaner_5.005.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1214tb
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask
[-] [C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.safesear.ch
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2530 bytes] ##########


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 PM

Posted 03 September 2015 - 07:37 AM



Hello vickieross

.

When in doubt always ask first.

.
At this point I would like you to check out the computer and give me an update to how it is doing.

This feedback will let me know if we need to keep digging deeper and will also let me know if we need to go into a different direction.

I also need you to rerun FRST for me and I would also like to have the Addition.txt with it so please run it this way
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • When the tool opens click "Yes" for the disclaimer in order to continue using "FRST".
  • Under the section called "Whitelist" make sure all boxes are checked
  • Under the section called "Optional Scan" I would like you to have a check mark next to "Addition.txt"
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Note** If you cannot find where you saved "FRST" the first time then here are the links again for you.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please attach both reports to your Next reply

.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users