Jump to content

selvaracp

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral

About selvaracp

  • Birthday 09/08/1987
  1. Hi I have attached the scnned log of FRST after doing all the above steps. Also I have completely uninstalled the P2P client software before doing so. Regards A.Selva Kumar
  2. Hi JRT Scan log contents ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.9 (03.31.2015:1) OS: Windows 8.1 Pro x64 Ran by SelvaKumar on 31-03-2015 at 20:16:31.20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\SelvaKumar\AppData\Roaming\mozilla\firefox\profiles\c6z4chel.default\prefs.js user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.iconURL", "hxxp://www.google.com/favicon.ico"); user_pref("browser.search.searchengine.name", "Google "); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.ts", ""); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "st31000524as_5vp8njr9xxxx5vp8njr9"); user_pref("browser.search.searchengine.url", "hxxp://www.google.com/search?q={searchTerms}"); user_pref("extensions.93Yh00URSbrNIVLY.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHCHpjUEqTY7qTr5pdC8qdC9rE\")>-1){return;}}catch(e){}try{var d=[[\"trian user_pref("extensions.ahlS9q82XYSD8cHN.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHCHpjUEqTY7qTr5pdC8qdC9rE\")>-1){return;}}catch(e){}try{var d=[[\"trian user_pref("extensions.rjePO3fCbomu9GOW.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHCHpjUEqTY7qTr5pdC8qdC9rE\")>-1){return;}}catch(e){}try{var d=[[\"trian ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31-03-2015 at 20:18:58.06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. HI Adwcleaner Scan Log # AdwCleaner v4.200 - Logfile created 31/03/2015 at 19:47:14 # Updated 29/03/2015 by Xplode # Database : 2015-03-29.1 [server] # Operating system : Windows 8.1 Pro (x64) # Username : SelvaKumar - ASK-PC # Running from : C:\Users\SelvaKumar\Downloads\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** Service Deleted : sp_rsdrv2 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\8f7d9a8b000032b7 Folder Deleted : C:\ProgramData\96c3d24902f17d14 Folder Deleted : C:\Users\SELVAK~1\AppData\Local\Temp\GetNowUpdater Folder Deleted : C:\Users\SelvaKumar\AppData\Local\FreeFixer Folder Deleted : C:\Users\SelvaKumar\AppData\Local\SmartWeb Folder Deleted : C:\Users\SelvaKumar\AppData\Local\GetNowUpdater Folder Deleted : C:\Users\SelvaKumar\AppData\Roaming\FreeFixer File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log File Deleted : C:\Users\SelvaKumar\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.mystartsearch.com_0.localstorage File Deleted : C:\Users\SelvaKumar\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal ***** [ Scheduled tasks ] ***** Task Deleted : SmartWeb Upgrade Trigger Task ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Users\Public\Desktop\Inquisition.lnk Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk Shortcut Disinfected : C:\Users\Public\Desktop\Start The Witcher 2.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2\Start The Witcher 2.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games\Dragon Age Inquisition\Run Inquisition.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\67375ec3-2e9f-473b-808c-244f44e97ae8 Key Deleted : HKLM\SOFTWARE\73a8179a-5d77-48e0-866c-8c6b6ff458b0 Key Deleted : HKLM\SOFTWARE\f68fb63d-16e7-484c-aa59-88905fe94d07 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB} Key Deleted : HKCU\Software\Appscion Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v35.0 (x86 en-US) [c6z4chel.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false); [c6z4chel.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); -\\ Google Chrome v41.0.2272.101 -\\ Opera v28.0.1750.48 ************************* AdwCleaner[R0].txt - [6299 bytes] - [31/03/2015 19:45:08] AdwCleaner[s0].txt - [6350 bytes] - [31/03/2015 19:47:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6409 bytes] ##########
  4. Hi MBAM Scan Log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 31-03-2015 Scan Time: 19:14:21 Logfile: Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.03.29.07 Rootkit Database: v2015.03.26.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: SelvaKumar Scan Type: Threat Scan Result: Completed Objects Scanned: 367858 Time Elapsed: 14 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe, 1252, Delete-on-Reboot, [a1aafd4ee5a569cdb0870132748ec838] FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe, 1404, Delete-on-Reboot, [c98287c48802ec4a79bebd768280b14f] FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe, 4332, Delete-on-Reboot, [63e8cf7cddad65d11e19cf6479890bf5] Modules: 15 FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll, Delete-on-Reboot, [2f1c2229a4e6c86ea88fb083b34fb050], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isaferpt.dll, Delete-on-Reboot, [2e1d8dbe4b3fe84ee7500a29c53d41bf], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\sqlite3.dll, Delete-on-Reboot, [b497301bacdea98dc6719b9825dd3ec2], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll, Delete-on-Reboot, [f75474d7444682b477c0c2719969e020], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll, Delete-on-Reboot, [2229d675ff8b3bfb2413af84c43e7d83], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafepxy.dll, Delete-on-Reboot, [0249f3581d6d261072c57db6d1315da3], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll, Delete-on-Reboot, [5af170db2961d85ed562330022e08b75], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll, Delete-on-Reboot, [71dafe4d28624beb0c2b5dd6f40efe02], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], Registry Keys: 7 FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeService, Quarantined, [a1aafd4ee5a569cdb0870132748ec838], FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeNetFilter, Quarantined, [93b83318503a0e2850e789aacd35ce32], FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlKit, Quarantined, [da710942513974c296a141f2a35f46ba], FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlR3, Quarantined, [c98279d24842a88e14230f2445bda35d], FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnl, Quarantined, [eb601e2d2367191d8cabd85bbb474eb2], FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlBoot, Quarantined, [3516a5a6bad0ff37ee494ee5cf339c64], FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlMon, Quarantined, [74d7a1aa305acc6aec4b49ea4cb68080], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 31 FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe, Quarantined, [a1aafd4ee5a569cdb0870132748ec838], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe, Quarantined, [c98287c48802ec4a79bebd768280b14f], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe, Quarantined, [63e8cf7cddad65d11e19cf6479890bf5], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll, Quarantined, [2f1c2229a4e6c86ea88fb083b34fb050], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isaferpt.dll, Quarantined, [2e1d8dbe4b3fe84ee7500a29c53d41bf], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\sqlite3.dll, Quarantined, [b497301bacdea98dc6719b9825dd3ec2], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll, Quarantined, [f75474d7444682b477c0c2719969e020], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll, Quarantined, [2229d675ff8b3bfb2413af84c43e7d83], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafepxy.dll, Quarantined, [0249f3581d6d261072c57db6d1315da3], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll, Quarantined, [5af170db2961d85ed562330022e08b75], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll, Quarantined, [71dafe4d28624beb0c2b5dd6f40efe02], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Quarantined, [fe4d2b20c5c5b87ecb6cbb7803ff9a66], FraudTool.YAC, C:\Windows\System32\drivers\iSafeNetFilter.sys, Quarantined, [93b83318503a0e2850e789aacd35ce32], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys, Quarantined, [da710942513974c296a141f2a35f46ba], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys, Quarantined, [c98279d24842a88e14230f2445bda35d], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys, Quarantined, [eb601e2d2367191d8cabd85bbb474eb2], FraudTool.YAC, C:\Windows\System32\drivers\iSafeKrnlBoot.sys, Quarantined, [3516a5a6bad0ff37ee494ee5cf339c64], FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys, Quarantined, [74d7a1aa305acc6aec4b49ea4cb68080], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1677.tmp, Quarantined, [3516113a5a30ee48fa3d36fd8280b050], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1678.tmp, Quarantined, [df6c4209a7e30036122531027290837d], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1679.tmp, Quarantined, [a4a75af1c4c6e25495a238fb2ad89d63], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@167A.tmp, Quarantined, [85c6173414765fd7ea4d74bf877b15eb], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@168A.tmp, Delete-on-Reboot, [62e90f3cd5b5d165ae89be75788ad42c], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@168B.tmp, Quarantined, [89c26eddf6949f973ef94ce71fe3b848], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@168C.tmp, Quarantined, [4605f556cbbfba7c5cdb32016a9850b0], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1749.tmp, Quarantined, [07440447cbbfbd79e6512e056b97bb45], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1759.tmp, Quarantined, [c9823912ff8b1f179c9b979c04fec838], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@176A.tmp, Quarantined, [46053e0ddbafc472a69191a2748e1de3], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@176B.tmp, Quarantined, [68e355f69eecbf77b3847bb8c939d62a], FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1782.tmp, Quarantined, [e368de6d26646dc9d16671c2ab570af6], PUP.Optional.ELEX, C:\Users\SelvaKumar\Downloads\yet_another_cleaner_rmv.exe, Quarantined, [fa51262599f13df9a768fb38a561fa06], Physical Sectors: 0 (No malicious items detected) (end)
  5. Hi https://forums.malwarebytes.org/index.php?/topic/166809-webpage-redirect-to-ccebba93se-and-youradexchange-in-chrome/?p=952059 I already made a request in the above URL and I was recommended to start a new topic here along with the outputs of FRST (Farbar Recovery Scan Tool). As the contents of the file First.txt and Addition.txt is too large to accommodate in the text space I am attaching the file. Kindly help me in removing the malware that has been bugging me for the past few days. Also MBAM has returned there is no malware in my system. Regards A.Selva Kumar FRST.txt Addition.txt
  6. Hi The FIRST.txt and Addition.txt is too large to copy and paste in the reply screen. Regards A.Selva Kumar FRST.txt Addition.txt
  7. Hi I am using google chrome as my browser. Recently which ever page I go during browsing session the page by itself redirects to ccebba.se or youradexchaneg or ilivid. I have scanned with Malwarebytes Antimalware but it says nothing. Kindly assist me with this as it is annoying as ever. Regards A.Selva Kumar
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.