Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Chrome ?trackid=sp-006 on 2 successive new computers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » January 25th, 2015, 7:18 pm

I notice that it is changing the google site to https://www.google.de and then adding the trackid thing. If that helps.
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm
Advertisement
Register to Remove

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby nunped » January 26th, 2015, 5:15 am

Hi Julie,

I am trully sorry for the delay getting back at you.

Did you update Java from a link provided by the website you were streaming from? You should only update any program from its original website.

I have a couple of questions:
  1. Do you have any other computer connected to the same network?
  2. If so, is it experiencing the same issues?
  3. Are you using a router? Which one?

Also, run a fresh scan with FRST:
Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » January 28th, 2015, 11:44 am

Hi, Nunped,
No; No; No.
I will get you notepad - just didn't want to time out.

Thanks,
j
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » January 30th, 2015, 9:31 am

OK. Sorry for the delay - my son's been sick.
Again with the too many characters. :)
Texts as addended - I had the Adware thing redownloaded between when the stupid trackid re-showed up and when you replied. I re-ran it, and the stupid thing (the tag) hasn't showed up again. But what bothers me is why it showed up a second time in the first place if we got actually rid of it.

I'd love to get rid of it. Really get rid of it. If I can't, can I find you again?

Thanks,
J

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Julia at 2015-01-30 08:20:41
Running from C:\Users\Julia\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Music (HKU\S-1-5-21-2660173606-927079686-655349376-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.7 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.8 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.316 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.458 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

23-01-2015 17:04:47 End of disinfection
25-01-2015 16:37:01 Installed Java 7 Update 65

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {022EF2C0-B5AB-4356-B849-63102183262C} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {07560155-FEF7-4F0B-9588-2A0996928E7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
Task: {0CDA7C06-8505-499B-9288-53A6BC3230BD} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {17BAE188-A0B9-4868-B976-F315AB5C895B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {1C0A0E82-3784-4B14-B0FC-1657C5578929} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-01-03] ()
Task: {1CD2FD52-A111-496D-B87C-9C94132AF8F1} - System32\Tasks\Check Updates => C:\Users\Julia\AppData\Local\browser extensions\updater.exe
Task: {4247B30E-D604-42CF-B9EF-976F9C6E8290} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-01-25] ()
Task: {4E248F7C-7B8C-4D86-B652-38DA14DED1A3} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-01-16] (ASUSTek Computer Inc.)
Task: {8BA552F5-552B-495B-9D4F-AF189BE9D320} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-01-25] ()
Task: {91FD0BDF-3BA0-4B33-BE36-E83E27FEDFE0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {AE4AF25B-D40D-44A2-B49C-CAB4BB412F2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
Task: {B197D2E1-2FF3-4F73-BD5B-72EF1B2288A7} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Julia\AppData\Local\browser extensions\client.exe"
Task: {CF3F1393-028D-477A-98F1-EC5D112887EA} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {D4D0FFB0-DDAE-49D3-9A16-A3C154981CF1} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-01-03] (ASUS)
Task: {E93932B9-4000-4A63-BB65-F707844FC84A} - System32\Tasks\Validate Installation => C:\Users\Julia\AppData\Local\browser extensions\updater.exe
Task: {EF828658-9A6C-4477-86D1-E1FB7B38DF01} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {F770AE9D-D845-4DB7-B82D-9B346F62C978} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-03 19:26 - 2014-01-03 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-01-03 19:26 - 2014-01-03 19:26 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-01-24 05:24 - 2014-01-24 05:24 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-24 05:21 - 2014-01-24 05:21 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-24 05:27 - 2014-01-24 05:27 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-14 10:16 - 2014-12-08 01:27 - 06277952 _____ () C:\Users\Julia\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 05:46 - 2013-10-23 15:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-10-08 22:41 - 2013-10-08 22:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 20:23 - 2013-09-09 20:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-01-25 21:34 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-25 21:34 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-25 21:34 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
2015-01-25 21:34 - 2015-01-20 22:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Julia\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Julia\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2660173606-927079686-655349376-500 - Administrator - Disabled)
Guest (S-1-5-21-2660173606-927079686-655349376-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2660173606-927079686-655349376-1003 - Limited - Enabled)
Julia (S-1-5-21-2660173606-927079686-655349376-1001 - Administrator - Enabled) => C:\Users\Julia

==================== Faulty Device Manager Devices =============
You do not have the required permissions to view the files attached to this post.
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby nunped » January 30th, 2015, 4:26 pm

Hi Julia,

I understand it took a long time for me to reply, but please, do not run any fix or program that I don't instruct you to, while we're in the cleaning process. It really turns my job harder...

Can you post the log that AdwCleaner created? If you didn't delete it, it's in your desktop with the name: AdwCleaner[S0]20150125.txt


Also, run another fix with FRST:
Step 1 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKU\S-1-5-21-2660173606-927079686-655349376-1001\...\MountPoints2: {8c5d8923-db53-11e3-824e-806e6f6e6963} - "D:\WRSetupCD.exe" 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Extension: Cyti Web 1.0.1 - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\fpstxbkn.default\Extensions\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}.xpi [2015-01-25]
    CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=55&CUI=&UM=8&UP=SP8ABFDD1D-D88B-4876-BA89-A4D38AED6F7C&SSPV=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=55&CUI=&UM=8&UP=SP8ABFDD1D-D88B-4876-BA89-A4D38AED6F7C&SSPV="
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » February 1st, 2015, 11:16 pm

Dear Nunped,
Understood - thought we were done & I was trying to fix it before getting back in touch with you. Just FYI, it's back again tonight.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Julia at 2015-02-01 22:14:56 Run:1
Running from C:\Users\Julia\Desktop
Loaded Profiles: Julia (Available profiles: Julia)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2660173606-927079686-655349376-1001\...\MountPoints2: {8c5d8923-db53-11e3-824e-806e6f6e6963} - "D:\WRSetupCD.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Cyti Web 1.0.1 - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\fpstxbkn.default\Extensions\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}.xpi [2015-01-25]
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=55&CUI=&UM=8&UP=SP8ABFDD1D-D88B-4876-BA89-A4D38AED6F7C&SSPV=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=55&CUI=&UM=8&UP=SP8ABFDD1D-D88B-4876-BA89-A4D38AED6F7C&SSPV="
*****************

"HKU\S-1-5-21-2660173606-927079686-655349376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c5d8923-db53-11e3-824e-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{8c5d8923-db53-11e3-824e-806e6f6e6963} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\fpstxbkn.default\Extensions\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}.xpi => Moved successfully.
Chrome StartupUrls deleted successfully.

==== End of Fixlog 22:15:00 ====
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby nunped » February 2nd, 2015, 6:21 am

Hi Julie,

No problem :) I hope your son is getting better...
Did you install anything new? I will need a whole new set of logs....

Step 1
Can you post the log that AdwCleaner created? If you didn't delete it, it's in your desktop with the name: AdwCleaner[S0]20150125.txt


Step 2
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.

Step 3
Please download RogueKiller by Tigzy and save it to your desktop.
  • Allow the download if prompted by your security software and please close all your programs.
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » February 2nd, 2015, 9:58 am

Hi, Nunped -
I don't think I installed anything new.... Oh, wait. I did install iTunes a while back so I could sync my iPod.
Son is better; husband now sick. Apparently flu vaccine ineffective this year.
Running the Roguekiller now.
J

# AdwCleaner v4.109 - Report created 25/01/2015 at 21:11:14
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Julia - ANGYLAIDD5
# Running from : C:\Users\Julia\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\Julia\AppData\Local\Temp\apn
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Users\Julia\AppData\Local\Browser Extensions
Folder Deleted : C:\Users\Julia\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\Julia\Documents\ProPCCleaner
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\fpstxbkn.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Reimage Reminder
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savepass 2.0
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49793;hxxps=127.0.0.1:49793
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 en-US)

[fpstxbkn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=55&CUI=&UM=8&UP=SP8ABFDD1D-D88B-4876-BA89[...]
[fpstxbkn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
[fpstxbkn.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP8ABFDD1D-D88B-487[...]

-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [4195 octets] - [25/01/2015 21:05:00]
AdwCleaner[S0].txt - [3810 octets] - [25/01/2015 21:11:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3870 octets] ##########
You do not have the required permissions to view the files attached to this post.
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » February 2nd, 2015, 10:20 am

Hi, Nunped,
Here's the RogueKiller Report -

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Julia [Administrator]
Mode : Scan -- Date : 02/02/2015 09:16:45

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0225631422477878mcinstcleanup (C:\Windows\TEMP\022563~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0225631422477878mcinstcleanup (C:\Windows\TEMP\022563~1.EXE -cleanup -nolog) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \\Check Updates -- C:\Users\Julia\AppData\Local\browser extensions\tasks.exe -> Found
[Suspicious.Path] \\GeniusBox -- cmd.exe (/C start "" "C:\Users\Julia\AppData\Local\browser extensions\client.exe") -> Found
[Suspicious.Path] \\Validate Installation -- C:\Users\Julia\AppData\Local\browser extensions\uninstall.exe (/ValidateInstall=true) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 +++++
--- User ---
[MBR] 02e7a19825ac3960dad8ce3502be43e4
[BSP] 830c709eac1784eb700b9267c9ad653e : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: USB Device +++++
--- User ---
[MBR] edd47808f1060c94a89909fdfb14f072
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 11328 | Size: 7410 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

-Julie
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » February 2nd, 2015, 10:20 am

Hi, Nunped,
Here's the RogueKiller Report -

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Julia [Administrator]
Mode : Scan -- Date : 02/02/2015 09:16:45

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0225631422477878mcinstcleanup (C:\Windows\TEMP\022563~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0225631422477878mcinstcleanup (C:\Windows\TEMP\022563~1.EXE -cleanup -nolog) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \\Check Updates -- C:\Users\Julia\AppData\Local\browser extensions\tasks.exe -> Found
[Suspicious.Path] \\GeniusBox -- cmd.exe (/C start "" "C:\Users\Julia\AppData\Local\browser extensions\client.exe") -> Found
[Suspicious.Path] \\Validate Installation -- C:\Users\Julia\AppData\Local\browser extensions\uninstall.exe (/ValidateInstall=true) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 +++++
--- User ---
[MBR] 02e7a19825ac3960dad8ce3502be43e4
[BSP] 830c709eac1784eb700b9267c9ad653e : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: USB Device +++++
--- User ---
[MBR] edd47808f1060c94a89909fdfb14f072
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 11328 | Size: 7410 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

-Julie
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby nunped » February 2nd, 2015, 7:04 pm

Hi Julia,

Let's see if we get it this time. There a lot of steps. Please take your time to follow the instructions:


Step 1 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  • Close ALL open programs, including your Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Scan. When the scan finishes...the Clean button will become active.
  • Click on Clean.
  • Select OK at each prompt... to reboot the computer.
  • A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  • Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.

Step 2 - Fix with RogueKiller
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • When the Status box shows Scan Finished, click the Registry tab and locate these detections:
    [Suspicious.Path] \\Check Updates -- C:\Users\Julia\AppData\Local\browser extensions\tasks.exe -> Found
    [Suspicious.Path] \\GeniusBox -- cmd.exe (/C start "" "C:\Users\Julia\AppData\Local\browser extensions\client.exe") -> Found
    [Suspicious.Path] \\Validate Installation -- C:\Users\Julia\AppData\Local\browser extensions\uninstall.exe (/ValidateInstall=true) -> Found
  • Place a checkmark next to each of these items, leave the others unchecked.
  • Now press the Delete button.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.

Step 3 - Remove Program Using Control Panel
From Start, Settings, Control Panel click Add/Remove Programs, and uninstall the program:

GeniusBox 2.0


Step 4 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=55&CUI=&UM=8&UP=SP8ABFDD1D-D88B-4876-BA89-A4D38AED6F7C&SSPV=", "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M70B6A940-3343-4ABF-9E91-D3D4349EA8FB&SearchSource=55&CUI=&UM=8&UP=SP8ABFDD1D-D88B-4876-BA89-A4D38AED6F7C&SSPV="
    2015-01-25 16:36 - 2015-01-25 16:36 - 00004540 _____ () C:\Windows\System32\Tasks\Validate Installation
    2015-01-25 16:36 - 2015-01-25 16:36 - 00004332 _____ () C:\Windows\System32\Tasks\Check Updates
    2015-01-25 16:36 - 2015-01-25 16:36 - 00003900 _____ () C:\Windows\System32\Tasks\GeniusBox
    2015-01-25 16:36 - 2015-01-25 16:36 - 00000064 _____ () C:\Users\Julia\AppData\Local\794b7b339b1fd8f8aebd8142a2918ae2
    2015-01-25 16:36 - 2015-01-25 16:36 - 00000000 ____D () C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547
    2015-01-15 12:35 - 2014-02-01 01:00 - 00011109 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
    2015-01-15 12:35 - 2014-02-01 01:00 - 00011109 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
    2015-01-15 12:35 - 2014-02-01 01:00 - 00007762 _____ () C:\Windows\SysWOW64\connectedsearch-suggestions.searchconnector-ms
    2015-01-15 12:35 - 2014-02-01 01:00 - 00007762 _____ () C:\Windows\system32\connectedsearch-suggestions.searchconnector-ms
    2015-01-15 12:35 - 2014-02-01 01:00 - 00007130 _____ () C:\Windows\SysWOW64\connectedsearch-zeroinput.searchconnector-ms
    2015-01-15 12:35 - 2014-02-01 01:00 - 00007130 _____ () C:\Windows\system32\connectedsearch-zeroinput.searchconnector-ms
    Task: {1CD2FD52-A111-496D-B87C-9C94132AF8F1} - System32\Tasks\Check Updates => C:\Users\Julia\AppData\Local\browser extensions\updater.exe
    Task: {B197D2E1-2FF3-4F73-BD5B-72EF1B2288A7} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Julia\AppData\Local\browser extensions\client.exe"
    Task: {E93932B9-4000-4A63-BB65-F707844FC84A} - System32\Tasks\Validate Installation => C:\Users\Julia\AppData\Local\browser extensions\updater.exe
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Step 5 - Search with FRST
  • Right-click FRST64.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Copy and Paste the following script into the Search: box Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
Code: Select all
geniusbox;browserextensions;propccleaner;searchprotect;trovi

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.

For your next reply:
  1. AdwCleaner log
  2. RogueKiller log
  3. Fixlog.txt by FRST
  4. Search.txt by FRST
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » February 2nd, 2015, 8:36 pm

Dear Nunped,
I absolutely don't mind following all the steps, but to make it easier for you, because it always gives me more text than the malware removal (dot) com allows me to put into the reply, would you rather me put them into multiple responses, or would you rather me put them in one response as attachments?

Thanks,
Julie Hoover
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby nunped » February 3rd, 2015, 9:43 am

Hi Julie,

It's preferable if you paste the logs in multiple posts. Attachments make it harder for us to search the thread.

Thank you!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby VT Author » February 5th, 2015, 3:18 pm

Hi, Nunped -
First, the Adw...
So. I ran the Adwcleaner. And I can't find the notepad results - usually I save them directly before moving on, but this one, I just left alone after I restarted the computer, so if you know how to refind it rather than running it again...

And then the RK - Under the registry tab, there are none of those pathways. There are two of them under the task tab, the top and the bottom ones.

I did not go beyond that, because I think you want them done in order.

Please advise,
Thanks,
Julie
VT Author
Regular Member
 
Posts: 27
Joined: January 17th, 2015, 4:21 pm

Re: Google Chrome ?trackid=sp-006 on 2 successive new comput

Unread postby nunped » February 5th, 2015, 3:54 pm

Hi Julie,

You shall find the AdwCleaner log at this location: C:\AdwCleaner\
Please post the most recent if you find it. If not, you may proceed.

RK was my mistake.
You can delete the ones you find in the task tab.

Sorry about that :oops:
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware