Jump to content

Constant adware and redirects!


Recommended Posts

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.




warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

 

 

Uninstall µTorrent

 

 

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;bitsadmin /reset /allusers;bipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 

Link to post
Share on other sites

Can't get it to upload, so here it is in the spoiler.

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Anthony on Fri 06/05/2015 at 13:34:41.94.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Documents\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\AGEIA Technologies not found
"C:\Windows\Installer\9f1e35.msi" not found
C:\Users\Anthony\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\3ddb07a6.msi" deleted
"C:\PROGRA~2\MagicISO\misosh64.dll" deleted
"C:\PROGRA~2\MagicISO" not deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [02/18/2015 06:15 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 06:36 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default
- Razor Web - %ProfilePath%\extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.81
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[11/11/2013 11:21 PM]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[11/11/2013 11:21 PM]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[11/11/2013 11:18 PM]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[11/11/2013 11:18 PM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/01/2015 11:17 AM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[11/11/2013 11:21 PM]
 
Bookmark Manager - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
==== Chromium Fix ======================
 
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0C110 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\585C6EDEDFDBC0348960D0FA53A4482A deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDE6C585-BDFD-430C-9806-0DAF354A84A2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0C110 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\585C6EDEDFDBC0348960D0FA53A4482A deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\IE\0CLWK774 will be deleted at reboot
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\IE\0GFRTLTC will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\Anthony\AppData\Local\Mozilla\Firefox\Profiles\jup72wv8.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=48 folders=37 32496381 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Anthony\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
Link to post
Share on other sites

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.



Please include the contents of that file in your reply.

Link to post
Share on other sites

# AdwCleaner v4.206 - Logfile created 05/06/2015 at 15:31:43

# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Anthony - ANTHONYPC
# Running from : D:\Documents\adwcleaner_4.206.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v36.0.1 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.81
 
 
*************************
 
AdwCleaner[R0].txt - [4714 bytes] - [05/06/2015 12:19:51]
AdwCleaner[R1].txt - [966 bytes] - [05/06/2015 12:49:14]
AdwCleaner[R2].txt - [1024 bytes] - [05/06/2015 15:27:17]
AdwCleaner[s0].txt - [4753 bytes] - [05/06/2015 12:20:45]
AdwCleaner[s1].txt - [953 bytes] - [05/06/2015 15:31:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1011  bytes] ##########

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.



Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Wasnt on my desktop, but found it here: C:\FRST\Logs

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015

Ran by Anthony at 2015-06-05 16:23:38 Run:1
Running from D:\Documents
Loaded Profiles: Anthony & DefaultAppPool (Available Profiles: Anthony & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
closeprocesses:
emptytemp:
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {0d4efc6e-0c61-11e3-9587-00248cd8bb9a} - F:\AutoRun.exe
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {4930320e-0c5a-11e3-a428-00248cd8bb9a} - F:\AutoRun.exe
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {49303211-0c5a-11e3-a428-00248cd8bb9a} - F:\AutoRun.exe
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {7a73c8e1-a010-11e3-ab33-00248cd8bb9a} - F:\AutoRun.exe
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {7a73c8e5-a010-11e3-ab33-00248cd8bb9a} - F:\AutoRun.exe
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {84b6e33c-4a87-11e4-b0c4-00248cd8bb9a} - F:\Windows/Autorun.exe
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {8f3556c6-0bbe-11e3-b265-00248cd8bb9a} - F:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin HKU\S-1-5-21-1933547834-1420827827-3990081825-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S4 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S4 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
C:\mnwu.exe
C:\Users\User\AppData\Local\Temp\bkeqih.exe
S3 sjcst; C:\Windows\system32\sjcsu64.sys [86352 2015-02-15] ()
C:\Windows\system32\sjcsu64.sys
S4 e81a9dc1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
c:\progra~2\gs-ena~1\AssistantSvc.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d4efc6e-0c61-11e3-9587-00248cd8bb9a} => key not found. 
HKCR\CLSID\{0d4efc6e-0c61-11e3-9587-00248cd8bb9a} => key not found. 
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4930320e-0c5a-11e3-a428-00248cd8bb9a} => key not found. 
HKCR\CLSID\{4930320e-0c5a-11e3-a428-00248cd8bb9a} => key not found. 
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49303211-0c5a-11e3-a428-00248cd8bb9a} => key not found. 
HKCR\CLSID\{49303211-0c5a-11e3-a428-00248cd8bb9a} => key not found. 
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a73c8e1-a010-11e3-ab33-00248cd8bb9a} => key not found. 
HKCR\CLSID\{7a73c8e1-a010-11e3-ab33-00248cd8bb9a} => key not found. 
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a73c8e5-a010-11e3-ab33-00248cd8bb9a} => key not found. 
HKCR\CLSID\{7a73c8e5-a010-11e3-ab33-00248cd8bb9a} => key not found. 
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84b6e33c-4a87-11e4-b0c4-00248cd8bb9a} => key not found. 
HKCR\CLSID\{84b6e33c-4a87-11e4-b0c4-00248cd8bb9a} => key not found. 
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f3556c6-0bbe-11e3-b265-00248cd8bb9a} => key not found. 
HKCR\CLSID\{8f3556c6-0bbe-11e3-b265-00248cd8bb9a} => key not found. 
HKLM\SOFTWARE\Policies\Google => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found. 
C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => moved successfully.
iPod Service => Service not found.
Steam Client Service => Service removed successfully
EagleX64 => Service not found.
ew_hwusbdev => Service not found.
ew_usbenumfilter => Service not found.
GGSAFERDriver => Service not found.
huawei_cdcacm => Service not found.
huawei_enumerator => Service not found.
huawei_ext_ctrl => Service not found.
huawei_wwanecm => Service not found.
VBoxNetFlt => Service not found.
X6va012 => Service not found.
X6va013 => Service not found.
X6va014 => Service not found.
X6va015 => Service not found.
X6va028 => Service not found.
"C:\mnwu.exe" => File/Folder not found.
"C:\Users\User\AppData\Local\Temp\bkeqih.exe" => File/Folder not found.
sjcst => Service not found.
"C:\Windows\system32\sjcsu64.sys" => File/Folder not found.
e81a9dc1 => Service not found.
"c:\progra~2\gs-ena~1\AssistantSvc.dll" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
'reg' is not recognized as an internal or external command,
operable program or batch file.
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
'reg' is not recognized as an internal or external command,
operable program or batch file.
 
 
========= End of Reg: =========
 
 
=========  ipconfig /flushdns =========
 
'ipconfig' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
EmptyTemp: => 146.5 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 16:23:47 ====

Link to post
Share on other sites

Again.

 

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.



Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015

Ran by Anthony at 2015-06-05 16:44:30 Run:2
Running from D:\Documents
Loaded Profiles: Anthony (Available Profiles: Anthony & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
closeprocesses:
emptytemp:
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
FF Extension: Razor Web - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi [2015-05-30]
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CMD: ipconfig /flushdns
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => key removed successfully
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi not found.
"C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi" => File/Folder not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
 
=========  ipconfig /flushdns =========
 
'ipconfig' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
EmptyTemp: => 141.2 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 16:44:35 ====

Link to post
Share on other sites

Uninstall Chrome

Export your bookmarks
https://support.google.com/chrome/answer/96816?hl=en


Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.


Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google

Download and install Chrome
https://www.google.com/intl/en/chrome/browser/desktop/




Export Firefox bookmarks
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer



- Uninstall Firefox (Programs and Features)

Then

Click Start, copy in search %appdata%\ Then delete folder Mozilla
Click Start, copy in search %LOCALAPPDATA%\ delete folder Mozilla

Then delete following folders:

C:\Program Files (x86)\mozilla firefox
C:\Program Files (x86)\Mozilla Maintenance Service


Restart your PC.
Then install Firefox again.

https://www.mozilla.org/en-US/firefox/new/

Link to post
Share on other sites

The following will implement some post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.