Jump to content

sng119

Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by sng119

  1. Hi Ron, I did step 4 & 5 successfully, and I have the logs. But when I tried to update MBAM, it says "unable to access update server". I didn't want to go on to step 7 just in case. I did want to post the logs from Junkware removal and adwcleaner so you could see what we're working with here. Thanks in advance! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 8.1 x64Ran by Jessica on Mon 07/21/2014 at 19:17:04.08~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 07/21/2014 at 19:38:32.50End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.213 - Report created 26/06/2014 at 07:19:36# Updated 23/06/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : Jessica - FAMILY-PC# Running from : C:\Users\Jessica\Downloads\adwcleaner_3.213.exe# Option : Clean ***** [ Services ] ***** Service Deleted : CltMngSvc ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Users\Jessica\AppData\Local\SearchProtectFolder Deleted : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedhFile Deleted : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\pih6l7su.default\searchplugins\trovi-search.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedhKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}Key Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\pih6l7su.default\prefs.js ] Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M82441EBE-880D-4D26-BC75-B68765293FA5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP20B934F1-BA8E-413[...]Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M82441EBE-880D-4D26-BC75-B68765293FA5&SearchSource=55&CUI=&UM=5&UP=SP20B934F1-BA8E-4133-937D[...] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M82441EBE-880D-4D26-BC75-B68765293FA5&SearchSource=55&CUI=&UM=5&UP=SP20B934F1-BA8E-4133-937D-C7C9C3A61A72&SSPV=Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M82441EBE-880D-4D26-BC75-B68765293FA5&SearchSource=55&CUI=&UM=5&UP=SP20B934F1-BA8E-4133-937D-C7C9C3A61A72&SSPV=Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfglDeleted [Extension] : bopakagnckmlgajfccecajhnimjiiedhDeleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [3425 octets] - [26/06/2014 07:15:43]AdwCleaner[s0].txt - [3271 octets] - [26/06/2014 07:19:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3331 octets] ########### AdwCleaner v3.216 - Report created 21/07/2014 at 19:50:08# Updated 17/07/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : Jessica - FAMILY-PC# Running from : C:\Users\Jessica\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\ReimageFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\jw282w8z.default\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4535 octets] - [26/06/2014 07:15:43]AdwCleaner[s0].txt - [4396 octets] - [26/06/2014 07:19:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4456 octets] ##########
  2. Oops, that was RKill's report, here is RogueKiller's report. Sorry about that. RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Jessica [Admin rights]Mode : Scan -- Date : 07/19/2014 08:24:37 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E749224B-6AB3-4438-8228-838FD66382DF} | DhcpNameServer : 100.100.22.24 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E749224B-6AB3-4438-8228-838FD66382DF} | DhcpNameServer : 100.100.22.24 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST500LT012-1DG14 SATA Disk Device +++++--- User ---[MBR] 651c0a60f453e1064257af99d9e62741[bSP] ceb2134793fbeb842f10e973b4affb7d : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_07192014_074251.log
  3. I have the report now... Please disregard my last comment. I remembered RogueKiller had that report button, but figured it meant report your results to the site. I reran the scan and clicked report; here are the results: Rkill 2.6.7 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/19/2014 08:03:06 AM in x64 mode.Windows Version: Windows 8.1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * MsKeyboardFilter [Missing Service] * CSC [Missing Service] * E1G60 [Missing Service] * kbldfltr [Missing Service] * storvsp [Missing Service] * Vid [Missing Service] * vmbusr [Missing Service] * vpcivsp [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/19/2014 08:06:48 AMExecution time: 0 hours(s), 3 minute(s), and 41 seconds(s)
  4. Sorry for the wait! I ran Roguekiller and it said scan is finished. Then next to that it said, "please check tabs and delete the ones with buttons" or something to that effect. So I just closed Roguekiller figuring that checking tabs and deleting things meant fixing the problems. I don't see a report on the desktop. So sorry for the inconvenience. Bear with me lol!
  5. Hi Ron, thank you so much for helping me! I followed all of the instructions. When I open MBAM, it tries to check for updates but stops with a pop up saying "a program has caused it to stop working". It will not update, and shuts off after the pop up comes on. I didn't want to go through with step 3, roguekiller until you knew that I could not complete step 2. Please advise if you want me to still go ahead and download roguekiller anyway. Thanks in advance!
  6. Hello my name is Jessica. I cannot run Malwarebytes, even after running Chameleon. The error I received was "failed to determine update state". I am running on Windows 8.1 / 64 bit. I have attached my logs because when I tried to copy and paste, the screen froze and I had to refresh my browser.(google chrome) Thanks in advance! FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.