Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

websites keeps redirecting


  • This topic is locked This topic is locked
15 replies to this topic

#1 dhruv21290

dhruv21290

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 01 March 2017 - 12:52 PM

I have been facing this issue from 10-15 days.

Whenever I open any website it redirects me to advertisement website called shmokiads.com

 

I have uninstalled various software and finally formatted operating system and reinstalled chrome but nothing worked.

 

I am putting my log into this.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-03-2017
Ran by Dena (administrator) on DENA-PC (01-03-2017 23:12:08)
Running from C:\Users\Dena\Downloads
Loaded Profiles: Dena (Available Profiles: Dena)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-143307835-4274986909-3245975376-1000\...\MountPoints2: {7fa994f6-f976-11e6-a73f-5891cf09f384} - G:\Setup.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 35.165.139.186 8.8.8.8
Tcpip\..\Interfaces\{688C45AC-E07C-41A0-B154-C7F18758E756}: [DhcpNameServer] 35.165.139.186 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-143307835-4274986909-3245975376-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trotux.com/?z=fe387a40b7053cd62e0a9fegdz8bbzagfz2wem1odt&from=icb&uid=ST980811AS_5LY9LM27XXXX5LY9LM27&type=hp
CHR StartupUrls: Default -> "hxxp://www.trotux.com/?z=fe387a40b7053cd62e0a9fegdz8bbzagfz2wem1odt&from=icb&uid=ST980811AS_5LY9LM27XXXX5LY9LM27&type=hp"
CHR Profile: C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default [2017-03-01]
CHR Extension: (Google Slides) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Google Sheets) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Gmail) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-09-30] (ST Microelectronics)
R3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [167424 2011-09-05] (Fresco Logic)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [47616 2011-09-05] (Fresco Logic)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKsl648a6079; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B0CF4AB-EED0-415F-8A6C-CA53667677F3}\MpKsl648a6079.sys [39168 2017-03-01] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7522304 2011-12-02] (Intel Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 23:12 - 2017-03-01 23:12 - 00008240 _____ C:\Users\Dena\Downloads\FRST.txt
2017-03-01 23:12 - 2017-03-01 23:12 - 00000000 ____D C:\FRST
2017-03-01 23:11 - 2017-03-01 23:11 - 01765888 _____ (Farbar) C:\Users\Dena\Downloads\FRST.exe
2017-03-01 22:33 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2017-03-01 22:33 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2017-03-01 22:33 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2017-03-01 22:33 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2017-03-01 22:33 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2017-03-01 21:37 - 2010-05-23 15:45 - 01619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-03-01 21:37 - 2010-05-23 15:41 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-03-01 21:37 - 2010-05-23 15:41 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2017-03-01 21:36 - 2010-10-16 10:06 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-03-01 21:36 - 2010-08-21 11:06 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-01 21:36 - 2010-06-22 08:17 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-01 21:36 - 2010-06-22 08:17 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-01 21:36 - 2010-06-22 08:17 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-01 21:36 - 2010-04-07 12:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-03-01 21:36 - 2010-03-09 03:03 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-01 21:36 - 2010-01-09 12:22 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2017-03-01 21:36 - 2009-12-29 12:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-03-01 21:36 - 2009-12-02 13:47 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-01 21:36 - 2009-09-26 11:28 - 00194488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2017-03-01 21:35 - 2010-02-27 13:02 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-01 21:35 - 2010-02-27 13:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-01 21:35 - 2010-02-27 13:02 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-01 20:43 - 2017-03-01 20:43 - 00000000 ____D C:\Users\Dena\AppData\Local\Foxit Reader
2017-03-01 20:42 - 2017-03-01 20:42 - 00021436 _____ C:\Users\Dena\Desktop\34450100001199 (1).pdf
2017-03-01 20:13 - 2011-04-09 11:26 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-03-01 20:07 - 2017-03-01 21:25 - 00000000 ____D C:\Windows\system32\MRT
2017-03-01 20:07 - 2017-03-01 21:23 - 135086848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-01 20:07 - 2017-03-01 20:07 - 00000000 ____D C:\Program Files\Intel
2017-03-01 20:07 - 2017-03-01 20:07 - 00000000 ____D C:\Intel
2017-02-23 10:16 - 2017-02-23 10:16 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-02-23 10:16 - 2017-02-23 10:16 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-02-23 10:15 - 2017-02-23 10:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-02-23 09:44 - 2017-02-23 10:17 - 00000000 ____D C:\Windows\Panther
2017-02-23 09:13 - 2017-02-23 09:14 - 00000000 ____D C:\Users\Dena\AppData\Roaming\Foxit Software
2017-02-23 09:13 - 2017-02-23 09:13 - 00002091 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-02-23 09:13 - 2017-02-23 09:13 - 00000000 ____D C:\Users\Public\Foxit Software
2017-02-23 09:13 - 2017-02-23 09:13 - 00000000 ____D C:\Users\Dena\AppData\Roaming\Foxit AgentInformation
2017-02-23 09:13 - 2017-02-23 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-23 09:13 - 2017-02-23 09:13 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-23 09:13 - 2017-02-23 09:13 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-02-23 09:12 - 2017-02-23 09:12 - 00000000 ____D C:\Program Files\Foxit Software
2017-02-23 09:01 - 2010-12-18 10:59 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-23 09:00 - 2017-02-23 09:13 - 00000000 ____D C:\Users\Dena\AppData\Roaming\vlc
2017-02-23 08:58 - 2017-02-23 08:58 - 00001024 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-02-23 08:58 - 2017-02-23 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-23 08:58 - 2017-02-23 08:58 - 00000000 ____D C:\Program Files\VideoLAN
2017-02-23 08:56 - 2016-06-25 21:13 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2017-02-23 08:56 - 2014-09-15 06:12 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-23 08:55 - 2017-02-23 09:11 - 54164800 _____ (Foxit Software Inc. ) C:\Users\Dena\Downloads\FoxitReader82_enu_Setup_Prom.exe
2017-02-23 08:55 - 2015-03-19 08:27 - 03963320 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-02-23 08:55 - 2015-03-19 08:27 - 03908024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-23 08:55 - 2013-03-19 10:24 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-23 08:55 - 2013-03-19 08:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-23 08:53 - 2017-02-23 08:53 - 00043297 _____ C:\Users\Dena\Downloads\1487820232892.pdf
2017-02-23 08:51 - 2017-02-23 08:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-02-22 22:52 - 2017-02-22 22:52 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-02-22 22:52 - 2017-02-22 22:52 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-02-22 22:00 - 2012-06-03 03:49 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-22 22:00 - 2012-06-03 03:49 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-22 22:00 - 2012-06-03 03:49 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-02-22 22:00 - 2012-06-03 03:49 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-02-22 22:00 - 2012-06-03 03:49 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-02-22 22:00 - 2012-06-03 03:42 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-02-22 22:00 - 2012-06-03 03:42 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-02-22 22:00 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-02-22 22:00 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-02-22 21:50 - 2017-02-22 21:50 - 00002154 _____ C:\Windows\epplauncher.mif
2017-02-22 21:49 - 2017-02-22 21:49 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-02-22 21:49 - 2017-02-22 21:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-02-22 21:49 - 2010-04-09 12:54 - 01285000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-22 21:49 - 2010-04-09 12:54 - 00240008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-02-22 21:45 - 2017-02-22 21:47 - 12231000 _____ (Microsoft Corporation) C:\Users\Dena\Downloads\MSEInstall.exe
2017-02-22 21:35 - 2016-10-28 06:52 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-22 21:21 - 2017-02-22 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-22 21:21 - 2009-02-27 03:42 - 00031640 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2017-02-22 21:20 - 2017-03-01 20:47 - 00000000 ____D C:\Program Files\Microsoft Works
2017-02-22 21:19 - 2017-02-22 21:20 - 00000000 ____D C:\Users\Dena\AppData\Local\Adobe
2017-02-22 21:19 - 2017-02-22 21:19 - 00000000 ____D C:\Windows\PCHEALTH
2017-02-22 21:19 - 2017-02-22 21:19 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2017-02-22 21:19 - 2017-02-22 21:19 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-22 21:18 - 2017-02-22 21:18 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2017-02-22 21:17 - 2017-02-22 21:20 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-22 21:17 - 2017-02-22 21:17 - 00000000 ____D C:\Users\Dena\AppData\Local\Microsoft Help
2017-02-22 21:15 - 2017-02-22 21:15 - 00000000 ____D C:\Users\Dena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-22 21:15 - 2017-02-22 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-22 21:15 - 2017-02-22 21:15 - 00000000 ____D C:\Program Files\WinRAR
2017-02-22 21:14 - 2017-02-22 21:15 - 01972424 _____ C:\Users\Dena\Downloads\wrar540.exe
2017-02-22 21:09 - 2017-02-22 21:09 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-22 21:09 - 2017-02-22 21:09 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-22 21:03 - 2017-03-01 22:45 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-22 21:02 - 2017-02-22 21:51 - 00108824 _____ C:\Users\Dena\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-22 21:02 - 2017-02-22 21:16 - 00000000 ____D C:\Users\Dena\AppData\Local\Google
2017-02-22 21:02 - 2017-02-22 21:09 - 00000000 ____D C:\Program Files\Google
2017-02-22 21:02 - 2017-02-22 21:02 - 00000000 ____D C:\Users\Dena\AppData\Local\Deployment
2017-02-22 21:02 - 2017-02-22 21:02 - 00000000 ____D C:\Users\Dena\AppData\Local\Apps\2.0
2017-02-22 21:01 - 2017-02-22 21:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-02-22 21:00 - 2017-02-22 21:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_FLxHCIc_01009.Wdf
2017-02-22 20:57 - 2017-02-22 20:57 - 00000000 __RHD C:\MSOCache
2017-02-22 20:57 - 2017-02-22 20:57 - 00000000 ____D C:\Program Files\STMicroelectronics
2017-02-22 20:57 - 2010-08-20 11:04 - 00017648 _____ (ST Microelectronics) C:\Windows\system32\Drivers\stdcfltn.sys
2017-02-22 20:53 - 2017-02-22 20:53 - 00001413 _____ C:\Users\Dena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-22 20:53 - 2017-02-22 20:53 - 00000000 ____D C:\Users\Dena\AppData\Local\VirtualStore
2017-02-22 20:52 - 2017-02-22 20:53 - 00000000 ____D C:\Users\Dena
2017-02-22 20:52 - 2017-02-22 20:52 - 00000020 ___SH C:\Users\Dena\ntuser.ini
2017-02-22 20:52 - 2017-02-22 20:52 - 00000000 _SHDL C:\Users\Dena\My Documents
2017-02-22 20:52 - 2017-02-22 20:52 - 00000000 _SHDL C:\Users\Dena\Documents\My Videos
2017-02-22 20:52 - 2017-02-22 20:52 - 00000000 _SHDL C:\Users\Dena\Documents\My Pictures
2017-02-22 20:52 - 2017-02-22 20:52 - 00000000 _SHDL C:\Users\Dena\Documents\My Music
2017-02-22 20:52 - 2009-07-14 13:18 - 00000000 ____D C:\Users\Dena\AppData\Roaming\Media Center Programs
2017-02-22 18:31 - 2017-01-14 19:25 - 30533688 _____ C:\Users\Dena\Downloads\vlc-2.2.4-win32.exe
2017-02-22 18:31 - 2017-01-14 11:06 - 38086544 _____ (PandoraTV) C:\Users\Dena\Downloads\KMPlayer_4.1.5.8.exe
2017-02-22 18:31 - 2017-01-11 21:22 - 00073594 _____ C:\Users\Dena\Downloads\List of Farmer eligible under PMFBY rabi 2016.xlsx
2017-02-22 18:31 - 2014-09-14 16:37 - 01295648 _____ (VideoPerformer) C:\Users\Dena\Downloads\VideoPerformerSetup.exe
2017-02-22 18:31 - 2014-01-18 17:09 - 23469349 _____ C:\Users\Dena\Downloads\Biometric.rar
2017-02-22 18:31 - 2014-01-03 21:23 - 00007491 _____ C:\Users\Dena\Downloads\mudit cc dec.htm
2017-02-22 18:31 - 2014-01-02 18:06 - 09916056 _____ (VS Revo Group ) C:\Users\Dena\Downloads\RevoUninProSetup.exe
2017-02-22 18:31 - 2014-01-02 17:10 - 06035264 _____ (TeamViewer GmbH) C:\Users\Dena\Downloads\TeamViewer_Setup_en.exe
2017-02-22 18:31 - 2014-01-01 13:13 - 00741832 _____ (Citrix Systems, Inc.) C:\Users\Dena\Downloads\winfix.exe
2017-02-22 18:31 - 2013-12-06 17:06 - 00797688 _____ C:\Users\Dena\Downloads\DownloadManagerSetup.exe
2017-02-22 18:31 - 2013-11-29 14:27 - 00846152 _____ (WinRecovery Software ) C:\Users\Dena\Downloads\cardrecovery_setup.exe
2017-02-22 18:31 - 2013-11-23 08:50 - 03440371 _____ C:\Users\Dena\Downloads\datarecovery (1).zip
2017-02-22 18:31 - 2013-11-23 08:49 - 03440371 _____ C:\Users\Dena\Downloads\datarecovery.zip
2017-02-22 18:31 - 2013-11-23 08:47 - 02897776 _____ C:\Users\Dena\Downloads\mac-mobile-phone-recovery-demo.zip
2017-02-22 18:31 - 2013-11-16 14:53 - 02335378 _____ C:\Users\Dena\Downloads\KISSINGJOEY_0488_w_2.3gp
2017-02-22 18:31 - 2013-10-31 22:03 - 00025058 _____ C:\Users\Dena\Downloads\TEJ9QE_4937624_ITIN.htm
2017-02-22 18:31 - 2013-10-15 20:44 - 00071680 _____ C:\Users\Dena\Downloads\delhi_ldc_alloation6813.xls
2017-02-22 18:31 - 2013-10-13 00:25 - 00255705 _____ C:\Users\Dena\Downloads\Advertisement_PDF_20_09_13_1300.pdf
2017-02-22 18:31 - 2013-10-09 20:24 - 02481608 _____ C:\Users\Dena\Downloads\Filemail.com - GK.zip
2017-02-22 18:31 - 2013-10-04 20:51 - 00000462 _____ C:\Users\Dena\Downloads\CyberReceipt1380900009131.txt
2017-02-22 18:31 - 2013-09-29 19:08 - 04342370 _____ C:\Users\Dena\Downloads\State Coordinator 003.tif
2017-02-22 18:31 - 2013-09-29 19:08 - 04092466 _____ C:\Users\Dena\Downloads\State Coordinator 004.tif
2017-02-22 18:31 - 2013-09-29 19:08 - 04090610 _____ C:\Users\Dena\Downloads\State Coordinator 002.tif
2017-02-22 18:31 - 2013-09-29 19:08 - 03891454 _____ C:\Users\Dena\Downloads\State Coordinator 001.tif
2017-02-22 18:31 - 2013-09-29 19:08 - 03374058 _____ C:\Users\Dena\Downloads\State Coordinator.tif
2017-02-22 18:31 - 2013-09-28 11:45 - 00065816 _____ C:\Users\Dena\Downloads\attachments.zip
2017-02-22 18:31 - 2013-09-28 11:45 - 00065816 _____ C:\Users\Dena\Downloads\attachments (1).zip
2017-02-22 18:31 - 2013-09-27 19:43 - 00029982 _____ C:\Users\Dena\Downloads\RptExamScoreCardDetails (1).pdf
2017-02-22 18:31 - 2013-09-27 19:42 - 00053683 _____ C:\Users\Dena\Downloads\RptExamScoreCardDetails.pdf
2017-02-22 18:31 - 2013-09-22 16:08 - 00136467 _____ C:\Users\Dena\Downloads\MR. MUDIT KUMAR SRIVASTAVA-22082013 - 21092013.pdf
2017-02-22 18:31 - 2013-09-18 23:34 - 00169984 _____ C:\Users\Dena\Downloads\clerk.xls
2017-02-22 18:31 - 2013-09-15 17:01 - 00163328 _____ C:\Users\Dena\Downloads\OFFICERS-PAY-SCALES-DIFFERENT-SCENARIOS.xls
2017-02-22 18:31 - 2013-09-05 15:32 - 00003670 _____ C:\Users\Dena\Downloads\sigma-institute-physiotherapy.zip
2017-02-22 18:31 - 2013-08-28 13:19 - 00000495 _____ C:\Users\Dena\Downloads\CyberReceipt1377676078787.txt
2017-02-22 18:31 - 2013-08-25 21:45 - 00113405 _____ C:\Users\Dena\Downloads\Revised_AIS_Rule_Vol_I_Rule_03.pdf
2017-02-22 18:31 - 2013-08-20 11:23 - 00318534 _____ C:\Users\Dena\Downloads\Attachments_2013820.zip
2017-02-22 18:31 - 2013-08-16 21:57 - 00014027 _____ C:\Users\Dena\Downloads\New Basic with DA for officers.xlsx
2017-02-22 18:31 - 2013-08-11 12:24 - 00501248 _____ (Facebook Inc.) C:\Users\Dena\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2017-02-22 18:31 - 2013-08-10 20:14 - 09352354 _____ C:\Users\Dena\Downloads\Sabse Aage Honge Hindustaani - India's Independence Day 2010.3gp
2017-02-22 18:31 - 2013-08-09 22:20 - 00054601 _____ C:\Users\Dena\Downloads\New Folder (3).zip
2017-02-22 18:31 - 2013-08-09 19:31 - 32776560 _____ (Skype Technologies S.A.) C:\Users\Dena\Downloads\SkypeSetupFull.exe
2017-02-22 18:31 - 2013-08-09 15:37 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Dena\Downloads\SkypeSetup.exe
2017-02-22 18:31 - 2013-08-07 21:57 - 35630836 _____ C:\Users\Dena\Downloads\STAR Parivaar Awards 2013 - Ratan and Pankhuri's splendid performance.mp4
2017-02-22 18:31 - 2013-07-19 20:17 - 00026350 _____ C:\Users\Dena\Downloads\NPA LIST MAHUVABook1 (1).xlsx
2017-02-22 18:31 - 2013-07-19 20:16 - 00026350 _____ C:\Users\Dena\Downloads\NPA LIST MAHUVABook1.xlsx
2017-02-22 18:31 - 2013-07-16 14:04 - 00424392 _____ (WinZip Computing) C:\Users\Dena\Downloads\WinZip175.exe
2017-02-22 18:30 - 2017-02-23 08:54 - 00000000 ____D C:\Users\Dena\Downloads\mudit cc dec_files
2017-02-22 18:30 - 2017-02-21 22:09 - 00395884 _____ C:\Users\Dena\Downloads\ByteFence Anti-Malware Pro 2500 License Key.zip
2017-02-22 18:30 - 2017-02-18 10:56 - 01405327 _____ C:\Users\Dena\Downloads\DematAndTradingR.pdf
2017-02-22 18:30 - 2017-02-17 18:49 - 00041030 _____ C:\Users\Dena\Downloads\7462866671022073D63472117R11CYIMBIP73187430.pdf
2017-02-22 18:30 - 2017-02-17 18:32 - 01765970 _____ C:\Users\Dena\Downloads\ZerodhaCommodity.pdf
2017-02-22 18:30 - 2017-02-17 18:26 - 01989792 _____ C:\Users\Dena\Downloads\Trading & Demat.pdf
2017-02-22 18:30 - 2017-02-05 11:10 - 00374830 _____ C:\Users\Dena\Downloads\16808716-20170201.pdf
2017-02-22 18:30 - 2017-01-28 13:52 - 00005698 _____ C:\Users\Dena\Downloads\Mechanical-Engineering-Resume.doc.zip
2017-02-22 18:30 - 2017-01-24 21:39 - 21708002 _____ (Friedemann Schmidt ) C:\Users\Dena\Downloads\geosetter_setup.exe
2017-02-22 18:30 - 2017-01-24 20:33 - 01485824 _____ C:\Users\Dena\Downloads\DENA BANK LIST.xls
2017-02-22 18:30 - 2017-01-24 20:30 - 01270873 _____ C:\Users\Dena\Downloads\scan0321.pdf
2017-02-22 18:30 - 2017-01-19 20:04 - 00009968 _____ C:\Users\Dena\Downloads\NPS094950C.xlsb
2017-02-22 18:30 - 2017-01-18 23:56 - 00119986 _____ C:\Users\Dena\Downloads\List of Farmer eligible under PMFBY rabi 2016 (1).xlsx
2017-02-22 18:30 - 2017-01-17 21:59 - 00153724 _____ C:\Users\Dena\Downloads\RTP_Receivedbutnotverify.pdf
2017-02-22 18:25 - 2011-12-02 07:26 - 07522304 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
2017-02-22 18:25 - 2011-12-02 07:26 - 02760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
2017-02-22 18:25 - 2011-12-02 07:26 - 00684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
2017-02-22 18:24 - 2011-09-05 23:08 - 00167424 _____ (Fresco Logic) C:\Windows\system32\Drivers\FLxHCIc.sys
2017-02-22 18:24 - 2011-09-05 23:08 - 00047616 _____ (Fresco Logic) C:\Windows\system32\Drivers\FLxHCIh.sys
2017-02-22 18:24 - 2011-09-01 03:16 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-02-22 18:24 - 2011-08-24 11:27 - 00414824 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2017-02-22 18:24 - 2011-08-24 11:27 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2017-02-22 18:24 - 2011-08-24 11:27 - 00080416 _____ C:\Windows\system32\RtNicProp32.dll
2017-02-22 18:24 - 2010-10-20 06:03 - 00041088 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECI.sys
2017-02-22 18:24 - 2010-10-08 00:25 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2017-02-22 18:24 - 2010-10-08 00:25 - 00581192 _____ (Microsoft Corporation) C:\Windows\system32\WinUsbCoinstaller.dll
2017-02-22 18:24 - 2010-09-30 00:08 - 00079472 _____ (ST Microelectronics) C:\Windows\system32\accelernco01.dll
2017-02-22 18:24 - 2010-09-30 00:08 - 00043888 _____ (ST Microelectronics) C:\Windows\system32\Drivers\Accelern.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 22:45 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2017-03-01 22:44 - 2009-07-14 10:04 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 22:44 - 2009-07-14 10:04 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 22:39 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-01 20:47 - 2009-07-14 08:07 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-01 20:45 - 2009-07-14 08:07 - 00000000 ____D C:\Program Files\Common Files\System
2017-03-01 20:45 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini
2017-02-23 10:19 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\rescache
2017-02-23 10:16 - 2009-07-14 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-23 10:16 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\sysprep
2017-02-23 10:13 - 2009-07-14 13:19 - 00000000 ____D C:\Windows\CSC
2017-02-23 09:44 - 2009-07-14 10:22 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-02-23 09:44 - 2009-07-14 10:04 - 00000000 ____D C:\Windows\Setup
2017-02-23 09:20 - 2009-07-14 10:03 - 00408704 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-22 21:20 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\MSBuild
2017-02-22 21:19 - 2009-07-14 13:19 - 00000000 ____D C:\Windows\ShellNew
 
Some files in TEMP:
====================
2017-02-22 21:45 - 2017-02-22 21:45 - 1189912 _____ (                                                            ) C:\Users\Dena\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
2017-02-22 22:01 - 2017-02-22 22:52 - 112492544 _____ () C:\Users\Dena\AppData\Local\Temp\mpam-64a8e89.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 22:36
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:05 AM

Posted 02 March 2017 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HomePage: Default -> hxxp://www.trotux.com/?z=fe387a40b7053cd62e0a9fegdz8bbzagfz2wem1odt&from=icb&uid=ST980811AS_5LY9LM27XXXX5LY9LM27&type=hp
CHR StartupUrls: Default -> "hxxp://www.trotux.com/?z=fe387a40b7053cd62e0a9fegdz8bbzagfz2wem1odt&from=icb&uid=ST980811AS_5LY9LM27XXXX5LY9LM27&type=hp"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
C:\Users\Dena\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
C:\Users\Dena\AppData\Local\Temp\mpam-64a8e89.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

If the problem persists reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

#3 dhruv21290

dhruv21290
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 06 March 2017 - 10:34 AM

Hello Nasdaq

 

After doing this procedure problem still persist and now my handset also redirects me to another website.

 

Kindly help fix this.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-03-2017
Ran by Dena (06-03-2017 20:55:59) Run:2
Running from C:\Users\Dena\Downloads
Loaded Profiles: Dena (Available Profiles: Dena)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HomePage: Default -> hxxp://www.trotux.com/?z=fe387a40b7053cd62e0a9fegdz8bbzagfz2wem1odt&from=icb&uid=ST980811AS_5LY9LM27XXXX5LY9LM27&type=hp
CHR StartupUrls: Default -> "hxxp://www.trotux.com/?z=fe387a40b7053cd62e0a9fegdz8bbzagfz2wem1odt&from=icb&uid=ST980811AS_5LY9LM27XXXX5LY9LM27&type=hp"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
C:\Users\Dena\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
C:\Users\Dena\AppData\Local\Temp\mpam-64a8e89.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
Chrome HomePage => not found.
Chrome StartupUrls => not found.
C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found.
C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found.
"C:\Users\Dena\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe" => not found.
"C:\Users\Dena\AppData\Local\Temp\mpam-64a8e89.exe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5250830 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 12377297 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 0 B
NetworkService => 0 B
Dena => 115216 B
 
RecycleBin => 0 B
EmptyTemp: => 25 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:56:18 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:05 AM

Posted 06 March 2017 - 01:35 PM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#5 dhruv21290

dhruv21290
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 March 2017 - 11:27 AM

I have run the RogueKiller

 

RogueKiller V12.9.9.0 [Feb 27 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7600) 32 bits version
Started in : Normal mode
User : Dena [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 03/08/2017 21:05:04 (Duration : 00:14:16)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen1][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.trotux.com/?z=fe387a40b7053cd62e0a9fegdz8bbzagfz2wem1odt&from=icb&uid=ST980811AS_5LY9LM27XXXX5LY9LM27&type=hp] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727550A9E364 ATA Device +++++
--- User ---
[MBR] 3d9509d8be48c506662f86c04e566a5c
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 208896 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 413696 | Size: 276738 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 567173120 | Size: 199999 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
But winner is Zoek Tool
It worked and it solved my problem
Thanks a lot.
 
this is Zoek results log
 
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Dena on Wed 03/08/2017 at 21:25:24.73.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Dena\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
3/8/2017 9:26:21 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\Dena\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Chromium Look ======================
 
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Reset Google Chrome ======================
 
C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\Users\Dena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Dena\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Dena\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Dena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
 
==== EOF on Wed 03/08/2017 at 21:35:19.99 ======================
 
Thanks again.
 
If I have any problem in future than I will reply in this blog.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:05 AM

Posted 08 March 2017 - 01:55 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 dhruv21290

dhruv21290
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 09 March 2017 - 11:56 AM

STILL PROBLEM PERSIST

BUT ONLY 50%

 

SOME WEBSITES REDIRECT BUT SOME DOESN'T



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:05 AM

Posted 09 March 2017 - 01:58 PM

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

If the problem persists reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Keep me posted.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:05 AM

Posted 15 March 2017 - 07:42 AM

Are you still with me?

#10 dhruv21290

dhruv21290
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 15 March 2017 - 09:04 AM

Yes Sir

 

I am with you

problem still persist

 

I was out of town for few days

 

I will try this tonight and reply to you

 

Thank you...



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:05 AM

Posted 15 March 2017 - 12:30 PM

Keep me posted.

#12 dhruv21290

dhruv21290
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 15 March 2017 - 11:32 PM

# AdwCleaner v6.044 - Logfile created 15/03/2017 at 23:30:09
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-15.2 [Server]
# Operating System : Windows 7 Ultimate  (X86)
# Username : Dena - DENA-PC
# Running from : C:\Users\Dena\Downloads\adwcleaner_6.044 (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Dena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1619 Bytes] - [06/03/2017 20:35:25]
C:\AdwCleaner\AdwCleaner[C2].txt - [1051 Bytes] - [15/03/2017 23:30:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [1744 Bytes] - [06/03/2017 20:33:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [1448 Bytes] - [15/03/2017 23:29:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1270 Bytes] ##########


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:05 AM

Posted 16 March 2017 - 07:30 AM

Can I see the Malwarebytes log.

If the problem persists which Browser(s) is in service at the time?

#14 dhruv21290

dhruv21290
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 16 March 2017 - 10:06 AM

actually when I installed malwarebytes it keeps giving me update error and scan wasn't fruitful and it wasn't generating log.

 

I think maybe you gave me wrong link because I have already installed this software once



#15 dhruv21290

dhruv21290
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 16 March 2017 - 10:10 AM

actually after resetting chrome this time as you said in last e-mail websites are not redirecting in chrome and also ie.

 

Thanks 

For time being there is no issue.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users