TheSauzz Posted June 5, 2015 ID:967494 Share Posted June 5, 2015 Ran FarBar, and attached the files. Also, ran malwarebytes and restarted computer. Still getting popups and such. Kaspersky isn't showing anything either. Super frustrated with these redirects, please help! Ty in advance!Addition.txtFRST.txt Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967496 Share Posted June 5, 2015 Helllo,My name is Argus and and I will be helping you with your computer problems.Before we begin, please note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions. Rules and policiesWe won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Uninstall µTorrent Scan with ZOEKPlease download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;autoclean;emptyalltemp;bitsadmin /reset /allusers;bipconfig /flushdns;bMake sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Post its content into your next reply. Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967505 Share Posted June 5, 2015 Here's the results Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967506 Share Posted June 5, 2015 Didnt upload last time Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967507 Share Posted June 5, 2015 Copy/Paste Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967508 Share Posted June 5, 2015 Can't get it to upload, so here it is in the spoiler. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Anthony on Fri 06/05/2015 at 13:34:41.94.Microsoft Windows 8.1 Pro 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: D:\Documents\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found"C:\Windows\Installer\9f1e35.msi" not foundC:\Users\Anthony\.android deletedC:\PROGRA~3\Package Cache deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deletedC:\windows\SysNative\GroupPolicy\Machine deletedC:\windows\SysNative\GroupPolicy\User deletedC:\windows\SysNative\GroupPolicy\gpt.ini deletedC:\Windows\Syswow64\GroupPolicy\gpt.ini deleted"C:\Windows\Installer\3ddb07a6.msi" deleted"C:\PROGRA~2\MagicISO\misosh64.dll" deleted"C:\PROGRA~2\MagicISO" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [02/18/2015 06:15 AM][HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 06:36 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default- Razor Web - %ProfilePath%\extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsdchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[11/11/2013 11:21 PM]hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[11/11/2013 11:21 PM]hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[11/11/2013 11:18 PM]jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[11/11/2013 11:18 PM]lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/01/2015 11:17 AM]lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[11/11/2013 11:21 PM] Bookmark Manager - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjikChrome Hotword Shared Module - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgSkype Click to Call - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Fix ====================== C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfullyC:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0C110 deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\585C6EDEDFDBC0348960D0FA53A4482A deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDE6C585-BDFD-430C-9806-0DAF354A84A2} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0C110 deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\585C6EDEDFDBC0348960D0FA53A4482A deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\IE\0CLWK774 will be deleted at rebootC:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\IE\0GFRTLTC will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Anthony\AppData\Local\Mozilla\Firefox\Profiles\jup72wv8.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=48 folders=37 32496381 bytes) ==== Empty Temp Folders ====================== C:\Users\Anthony\AppData\Local\Temp will be emptied at rebootC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\DefaultAppPool\AppData\Local\Temp emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967510 Share Posted June 5, 2015 Fix with AdwCleanerPlease download AdwCleaner by Xplode and save the file to your desktop.Right-click on icon and select Run as Administrator to start the tool. Follow the prompts and click Scan. When finished, please click Clean. Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.Please include the contents of that file in your reply. Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967513 Share Posted June 5, 2015 # AdwCleaner v4.206 - Logfile created 05/06/2015 at 15:31:43# Updated 01/06/2015 by Xplode# Database : 2015-06-05.1 [server]# Operating system : Windows 8.1 Pro (x64)# Username : Anthony - ANTHONYPC# Running from : D:\Documents\adwcleaner_4.206.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v36.0.1 (x86 en-US) -\\ Google Chrome v43.0.2357.81 ************************* AdwCleaner[R0].txt - [4714 bytes] - [05/06/2015 12:19:51]AdwCleaner[R1].txt - [966 bytes] - [05/06/2015 12:49:14]AdwCleaner[R2].txt - [1024 bytes] - [05/06/2015 15:27:17]AdwCleaner[s0].txt - [4753 bytes] - [05/06/2015 12:20:45]AdwCleaner[s1].txt - [953 bytes] - [05/06/2015 15:31:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1011 bytes] ########## Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967514 Share Posted June 5, 2015 How's your computer behaving now? Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967516 Share Posted June 5, 2015 Still getting redirects, and malwarebytes is trying to stop some things but cant get everything I guess. I'm not so sure. http://imgur.com/mL3TsYc Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967520 Share Posted June 5, 2015 On all browsers? Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967521 Share Posted June 5, 2015 Yes, and it always says RazorWeb Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967523 Share Posted June 5, 2015 Actually, I dont have it on Internet Explorer. Just Chrome and Firefox. Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967526 Share Posted June 5, 2015 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop:Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please attach it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967527 Share Posted June 5, 2015 Wasnt on my desktop, but found it here: C:\FRST\LogsFix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015Ran by Anthony at 2015-06-05 16:23:38 Run:1Running from D:\DocumentsLoaded Profiles: Anthony & DefaultAppPool (Available Profiles: Anthony & DefaultAppPool)Boot Mode: Normal============================================== fixlist content:*****************CreateRestorePoint:closeprocesses:emptytemp:HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {0d4efc6e-0c61-11e3-9587-00248cd8bb9a} - F:\AutoRun.exeHKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {4930320e-0c5a-11e3-a428-00248cd8bb9a} - F:\AutoRun.exeHKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {49303211-0c5a-11e3-a428-00248cd8bb9a} - F:\AutoRun.exeHKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {7a73c8e1-a010-11e3-ab33-00248cd8bb9a} - F:\AutoRun.exeHKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {7a73c8e5-a010-11e3-ab33-00248cd8bb9a} - F:\AutoRun.exeHKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {84b6e33c-4a87-11e4-b0c4-00248cd8bb9a} - F:\Windows/Autorun.exeHKU\S-1-5-21-1933547834-1420827827-3990081825-1001\...\MountPoints2: {8f3556c6-0bbe-11e3-b265-00248cd8bb9a} - F:\AutoRun.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin HKU\S-1-5-21-1933547834-1420827827-3990081825-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No FileFF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]S4 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]S4 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [X]S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]C:\mnwu.exeC:\Users\User\AppData\Local\Temp\bkeqih.exeS3 sjcst; C:\Windows\system32\sjcsu64.sys [86352 2015-02-15] ()C:\Windows\system32\sjcsu64.sysS4 e81a9dc1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",servicec:\progra~2\gs-ena~1\AssistantSvc.dllReg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fCMD: ipconfig /flushdnsCMD: bitsadmin /reset /allusers ***************** Restore point was successfully created.Processes closed successfully.HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d4efc6e-0c61-11e3-9587-00248cd8bb9a} => key not found. HKCR\CLSID\{0d4efc6e-0c61-11e3-9587-00248cd8bb9a} => key not found. HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4930320e-0c5a-11e3-a428-00248cd8bb9a} => key not found. HKCR\CLSID\{4930320e-0c5a-11e3-a428-00248cd8bb9a} => key not found. HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49303211-0c5a-11e3-a428-00248cd8bb9a} => key not found. HKCR\CLSID\{49303211-0c5a-11e3-a428-00248cd8bb9a} => key not found. HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a73c8e1-a010-11e3-ab33-00248cd8bb9a} => key not found. HKCR\CLSID\{7a73c8e1-a010-11e3-ab33-00248cd8bb9a} => key not found. HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a73c8e5-a010-11e3-ab33-00248cd8bb9a} => key not found. HKCR\CLSID\{7a73c8e5-a010-11e3-ab33-00248cd8bb9a} => key not found. HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84b6e33c-4a87-11e4-b0c4-00248cd8bb9a} => key not found. HKCR\CLSID\{84b6e33c-4a87-11e4-b0c4-00248cd8bb9a} => key not found. HKU\S-1-5-21-1933547834-1420827827-3990081825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f3556c6-0bbe-11e3-b265-00248cd8bb9a} => key not found. HKCR\CLSID\{8f3556c6-0bbe-11e3-b265-00248cd8bb9a} => key not found. HKLM\SOFTWARE\Policies\Google => key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-21-1933547834-1420827827-3990081825-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found. C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll not found.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => moved successfully.iPod Service => Service not found.Steam Client Service => Service removed successfullyEagleX64 => Service not found.ew_hwusbdev => Service not found.ew_usbenumfilter => Service not found.GGSAFERDriver => Service not found.huawei_cdcacm => Service not found.huawei_enumerator => Service not found.huawei_ext_ctrl => Service not found.huawei_wwanecm => Service not found.VBoxNetFlt => Service not found.X6va012 => Service not found.X6va013 => Service not found.X6va014 => Service not found.X6va015 => Service not found.X6va028 => Service not found."C:\mnwu.exe" => File/Folder not found."C:\Users\User\AppData\Local\Temp\bkeqih.exe" => File/Folder not found.sjcst => Service not found."C:\Windows\system32\sjcsu64.sys" => File/Folder not found.e81a9dc1 => Service not found."c:\progra~2\gs-ena~1\AssistantSvc.dll" => File/Folder not found. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= 'reg' is not recognized as an internal or external command,operable program or batch file. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= 'reg' is not recognized as an internal or external command,operable program or batch file. ========= End of Reg: ========= ========= ipconfig /flushdns ========= 'ipconfig' is not recognized as an internal or external command,operable program or batch file. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= 'bitsadmin' is not recognized as an internal or external command,operable program or batch file. ========= End of CMD: ========= EmptyTemp: => 146.5 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 16:23:47 ==== Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967529 Share Posted June 5, 2015 Again. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop:Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please attach it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967531 Share Posted June 5, 2015 Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015Ran by Anthony at 2015-06-05 16:44:30 Run:2Running from D:\DocumentsLoaded Profiles: Anthony (Available Profiles: Anthony & DefaultAppPool)Boot Mode: Normal============================================== fixlist content:*****************CreateRestorePoint:closeprocesses:emptytemp:CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplhFF Extension: Razor Web - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi [2015-05-30]C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpiHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CMD: ipconfig /flushdns ***************** Restore point was successfully created.Processes closed successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => key removed successfullyC:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi not found."C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jup72wv8.default\Extensions\{2538b37c-2900-4194-8bd8-e0699a1f15de}.xpi" => File/Folder not found.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\S-1-5-21-525087582-931666945-87983070-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfullyHKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found. ========= ipconfig /flushdns ========= 'ipconfig' is not recognized as an internal or external command,operable program or batch file. ========= End of CMD: ========= EmptyTemp: => 141.2 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 16:44:35 ==== Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967533 Share Posted June 5, 2015 How is the situation now? Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967535 Share Posted June 5, 2015 Same Link to post Share on other sites More sharing options...
_argus Posted June 5, 2015 ID:967537 Share Posted June 5, 2015 Uninstall ChromeExport your bookmarkshttps://support.google.com/chrome/answer/96816?hl=enClose all Chrome windows and tabs.Go to the Start menu > Control Panel.Click Programs and Features.Double-click Google Chrome.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.Click Start, copy in search %LOCALAPPDATA%\ and remove folder GoogleDownload and install Chromehttps://www.google.com/intl/en/chrome/browser/desktop/Export Firefox bookmarkshttps://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer- Uninstall Firefox (Programs and Features)ThenClick Start, copy in search %appdata%\ Then delete folder MozillaClick Start, copy in search %LOCALAPPDATA%\ delete folder MozillaThen delete following folders:C:\Program Files (x86)\mozilla firefoxC:\Program Files (x86)\Mozilla Maintenance ServiceRestart your PC.Then install Firefox again.https://www.mozilla.org/en-US/firefox/new/ Link to post Share on other sites More sharing options...
TheSauzz Posted June 5, 2015 Author ID:967554 Share Posted June 5, 2015 omg, everything is back to normal! I love you ! Link to post Share on other sites More sharing options...
_argus Posted June 6, 2015 ID:967575 Share Posted June 6, 2015 The following will implement some post-cleanup procedures: Download DelFix by Xplode and save it to your desktop.Run the tool by right click on the icon and Run as administrator option.Make sure that these ones are checked:Remove disinfection toolsPurge system restoreReset system settingsPush Run and wait until the tool completes his work.All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix Tool deletes old system restore points and create a fresh system restore point after cleaning. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 6, 2015 ID:967631 Share Posted June 6, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts