Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infected HELP browser hijackers and no admin control

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware infected HELP browser hijackers and no admin control

Unread postby TS1997 » August 30th, 2016, 1:19 am

whenever i open chrome yourtv.link opens up and in the url bar serch google custom search pops up . i have no control in settings , admin control taken away. plus i have run adw cleaner before with no avail , it shows the threats says its cleaning them but when the system boots up again , all the things come back again. thanks in advance for helping . i have attached the logs as they were too long to fit in.
You do not have the required permissions to view the files attached to this post.
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am
Advertisement
Register to Remove

Re: Malware infected HELP browser hijackers and no admin con

Unread postby capnkrunch » August 30th, 2016, 5:19 pm

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello TS1997 and welcome to the Malware Removal Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Malware infected HELP browser hijackers and no admin con

Unread postby capnkrunch » August 30th, 2016, 5:26 pm

P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.

Otherwise, there are instructions for removing it in the next step.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step one...

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    µTorrent
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Step two...

Please answer these questions:
  • Is this computer used for business purposes, including home or small business?
  • Does this computer connect to a school network, for example a university or college?


Step three...

LicDiag Command
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    @Echo off
    Licensingdiag.exe -report %userprofile%\desktop\report.txt -log NUL
    Notepad.exe %userprofile%\desktop\report.txt
    del %0
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Licdiag.bat to your Desktop.
  • Save as file type All Files or it won't work.
  • Now right click on Licdiag.bat and select Run as administrator.
  • A file report.txt will open on your Desktop, please post the contents in your next reply.

Step four...

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Your decision about P2P software
  • Answers to my questions
  • report.txt
  • ckfiles.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » August 31st, 2016, 1:39 am

I am sorry bro , I got a little impatient waiting for you guys to reply, so I tried this: http://www.bleepingcomputer.com/virus-r ... uide#print
But even this didn't help. Chrome keeps on crashing now. I have MalwareBytes installed right now. Tell me what to do, now I am listening to you.
I uninstalled utorrent . This is a personal laptop not related to any business and does not connect to any university or college either.
Tell me what to do next if you want a new FRST report or not ?
This is the REPORT from licdiag.bat:
<DiagReport>
<LicensingData>
<ToolVersion>6.3.9600.16384</ToolVersion>
<LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
<LicensingStatusReason>0x00000000</LicensingStatusReason>
<LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
<LocalGenuineResultP>1</LocalGenuineResultP>
<LastOnlineGenuineResult>0x00000000</LastOnlineGenuineResult>
<GraceTimeMinutes>0</GraceTimeMinutes>
<TotalGraceDays>0</TotalGraceDays>
<ValidityExpiration></ValidityExpiration>
<ActivePartialProductKey>BG67T</ActivePartialProductKey>
<ActiveProductKeyPid2>00179-60311-28979-AAOEM</ActiveProductKeyPid2>
<OSVersion>6.3.9600.2.00010300.0.0.101</OSVersion>
<ProductName>Windows 8.1</ProductName>
<ProcessorArchitecture>x64</ProcessorArchitecture>
<EditionId>Core</EditionId>
<BuildLab>9600.winblue_ltsb.160611-0600</BuildLab>
<TimeZone>India Standard Time(GMT+05:30)</TimeZone>
<ActiveSkuId>9e4b231b-3e45-41f4-967f-c914f178b6ac</ActiveSkuId>
<ActiveSkuDescription>Windows(R) Operating System, OEM_DM channel</ActiveSkuDescription>
<ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
<ActiveProductKeyPKeyId>f17d07f1-620a-930a-ac26-7d22201b76be</ActiveProductKeyPKeyId>
<ActiveProductKeyPidEx>06401-01796-031-128979-02-1033-9600.0000-1052015</ActiveProductKeyPidEx>
<ActiveProductKeyChannel>OEM:DM</ActiveProductKeyChannel>
<ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
<OfflineInstallationId>247249177446913151431196944697554657651621269466015824359260484</OfflineInstallationId>
<DomainJoined>false</DomainJoined>
<ComputerSid>S-1-5-21-3268202683-2675470380-2750706328</ComputerSid>
<ProductLCID>1033</ProductLCID>
<UserLCID>1033</UserLCID>
<SystemLCID>1033</SystemLCID>
<CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
<ServiceAvailable>true</ServiceAvailable>
<OemMarkerVersion></OemMarkerVersion>
<OemId></OemId>
<OemTableId></OemTableId>
<Manufacturer>Hewlett-Packard</Manufacturer>
<Model>HP Pavilion Sleekbook 14 PC</Model>
<InstallDate>20150416081229.000000+330</InstallDate>
</LicensingData>
<HealthCheck>
<Result>PASS</Result>
<TamperedItems></TamperedItems>
</HealthCheck>
<GenuineAuthz>
<ServerProps>GenuineId=55c92734-d682-4d71-983e-d6ec3f16059f;OemId=0000064397;OptionalInfoId=t6Dix3g1HAS3JTxwHB3K8o/EIKuvGgV+qoA28dUAMXl2j7/Y5a1dOR3Av5wT4ar4;Pid=ttY0dAloDeRfxgbLaskPAQH8x8qvWSoQ0pfSMD3Wht8=;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;TimeStampServer=2015-04-16T04:52:38Z;</ServerProps>
</GenuineAuthz>
</DiagReport>
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » August 31st, 2016, 1:40 am

This is the report from ckfiles.txt:
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\adwcleaner\quarantine\files\ruderzbetfeuwebokmrppfqjlskkejwm\dll files fixer v3.2.81 keygen is here ![latest].dat
c:\users\user1\favorites\links\7 mind-blowing chemical reactions you won't believe are real - cracked.com.url
c:\users\user1\music\eminem\eminem presents the re-up (explicit version)\jimmy_crack_corn_album_version_explicit.m4a
c:\users\user1\music\eminem\relapse (explicit version)\crack_a_bottle_album_version_explicit.m4a
scanner sequence 3.BB.11.DAAPTZ
----- EOF -----

Thanks for helping me mate.
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby capnkrunch » August 31st, 2016, 10:51 pm

Hello TS1997 :)

You're welcome.

Thanks for letting me know about following the BleepingComputer guide. I don't need a new FRST log right yet but I would like to see some of the logs from all the tools you have run.

Step one...

Please locate and post the following logs:
  • C:\Users\user1\Desktop\JRT.txt
  • C:\Users\user1\Desktop\Rkill.txt
  • C:\TDSSKiller.3.1.0.11_30.08.2016_09.43.06_log.txt

Step two...

AdwCleaner Logs

Please navigate to the following folder:
C:\AdwCleaner


There should be logs named AdwCleaner[Sx].txt and AdwCleaner[Cx].txt where x is the number of times AdwCleaner has been run. Please post all the AdwCleaner[Cx].txt logs.

Step three...

MalwareBytes Anti-Malware Log

  • Press the Windows Key + R.
  • Type mbam.exe into the text box and click OK.
  • Click History and then click the most recent Scan Log.
  • Click Export and then click Copy to Clipboard. Paste the results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • C:\Users\user1\Desktop\JRT.txt
  • C:\Users\user1\Desktop\Rkill.txt
  • C:\TDSSKiller.3.1.0.11_30.08.2016_09.43.06_log.txt
  • The AdwCleaner[Cx].txt logs
  • The MBAM log
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 1st, 2016, 3:12 am

No problems with the instructions at all . Thanks
I couldn't find the previous jrt.txt file and rkill.txt files on the desktop . Maybe someone in the family deleted them . So I ran the rkill and jrt applications again and here are the logs :
REPORT FROM JRT.TXT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 x64
Ran by user1 (Administrator) on Thu 09/01/2016 at 12:25:20.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Failed to delete: C:\ProgramData\google\google chrome.exe (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/01/2016 at 12:26:37.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
REPORT FROM RKILL.TXT
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/01/2016 12:18:16 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\ProgramData\cu\cu.exe (PID: 2292) [AU-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/01/2016 12:18:53 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 1st, 2016, 3:15 am

The report from tdsskiller is too long so I have to upload it .
You do not have the required permissions to view the files attached to this post.
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 1st, 2016, 3:23 am

ADW CLEANER LOGS

File :AdwCleaner[C0]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 09:51:32
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\{b872f64c-82a2-92bc-b872-2f64c82ad932}
[-] Folder deleted: C:\ProgramData\Unknown
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Unknown


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\roboot64.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2056 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2202 Bytes] ##########

I couldn't find a file named AdwCleaner[C1]

File : AdwCleane[C2]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 09:58:49
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [zapmeta.co.in] [Search Provider] Deleted: zapmeta.co.in
[-] [dts.search.ask.com] [Search Provider] Deleted: dts.search.ask.com
[-] [cain-abel.en.softonic.com] [Search Provider] Deleted: cain-abel.en.softonic.com
[-] [recboot.en.softonic.com] [Search Provider] Deleted: recboot.en.softonic.com
[-] [google.com] [Search Provider] Deleted: google.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2175 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2394 Bytes] ##########

File : AdwCleaner[C3]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 10:06:22
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] [google.com] [Search Provider] Deleted: google.com
[-] [recboot.en.softonic.com] [Search Provider] Deleted: recboot.en.softonic.com
[-] [cain-abel.en.softonic.com] [Search Provider] Deleted: cain-abel.en.softonic.com
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [zapmeta.co.in] [Search Provider] Deleted: zapmeta.co.in
[-] [dts.search.ask.com] [Search Provider] Deleted: dts.search.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [2299 Bytes] - [30/08/2016 10:06:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3246 Bytes] - [30/08/2016 10:05:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2591 Bytes] ##########

File : AdwCleaner[C4]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 10:25:47
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [google.com] [Search Provider] Deleted: google.com
[-] [recboot.en.softonic.com] [Search Provider] Deleted: recboot.en.softonic.com
[-] [cain-abel.en.softonic.com] [Search Provider] Deleted: cain-abel.en.softonic.com
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [zapmeta.co.in] [Search Provider] Deleted: zapmeta.co.in
[-] [dts.search.ask.com] [Search Provider] Deleted: dts.search.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [2670 Bytes] - [30/08/2016 10:06:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1407 Bytes] - [30/08/2016 10:25:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3246 Bytes] - [30/08/2016 10:05:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [2285 Bytes] - [30/08/2016 10:25:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1772 Bytes] ##########

File : AdwCleaner[C5]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 12:45:31
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Desktop\safe\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] [google.com] [Search Provider] Deleted: google.com
[-] [recboot.en.softonic.com] [Search Provider] Deleted: recboot.en.softonic.com
[-] [cain-abel.en.softonic.com] [Search Provider] Deleted: cain-abel.en.softonic.com
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [zapmeta.co.in] [Search Provider] Deleted: zapmeta.co.in
[-] [dts.search.ask.com] [Search Provider] Deleted: dts.search.ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [2670 Bytes] - [30/08/2016 10:06:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1851 Bytes] - [30/08/2016 10:25:47]
C:\AdwCleaner\AdwCleaner[C5].txt - [2272 Bytes] - [30/08/2016 12:45:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3246 Bytes] - [30/08/2016 10:05:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [2285 Bytes] - [30/08/2016 10:25:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [3215 Bytes] - [30/08/2016 12:45:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2710 Bytes] ##########

File : AdwCleaner[C6]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 13:26:54
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Desktop\safe\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://yourtv.link"
[-] [recboot.en.softonic.com] [Search Provider] Deleted: recboot.en.softonic.com
[-] [cain-abel.en.softonic.com] [Search Provider] Deleted: cain-abel.en.softonic.com
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [zapmeta.co.in] [Search Provider] Deleted: zapmeta.co.in
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [dts.search.ask.com] [Search Provider] Deleted: dts.search.ask.com
[-] [google.com] [Search Provider] Deleted: google.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [2670 Bytes] - [30/08/2016 10:06:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1851 Bytes] - [30/08/2016 10:25:47]
C:\AdwCleaner\AdwCleaner[C5].txt - [2789 Bytes] - [30/08/2016 12:45:31]
C:\AdwCleaner\AdwCleaner[C6].txt - [2430 Bytes] - [30/08/2016 13:26:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3246 Bytes] - [30/08/2016 10:05:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [2285 Bytes] - [30/08/2016 10:25:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [3215 Bytes] - [30/08/2016 12:45:21]
C:\AdwCleaner\AdwCleaner[S5].txt - [3521 Bytes] - [30/08/2016 13:22:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [2941 Bytes] ##########
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 1st, 2016, 3:29 am

ADW CLEANER LOGS

File : AdwCleaner[S0]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 09:50:27
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\ProgramData\{b872f64c-82a2-92bc-b872-2f64c82ad932}
Folder Found: C:\ProgramData\Unknown
Folder Found: C:\ProgramData\Application Data\Unknown


***** [ Files ] *****

File Found: C:\Windows\SysNative\roboot64.exe


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\WEBAPP
Key Found: HKCU\Software\WEBAPP
Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Key Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "extensions.AtitrcEItCekWaIz.scode" - "(function(){try{if(window.location.href.indexOf(\"pjC6qHCHpdn4rTY8qHa6rdY6q
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "extensions.LthWAkrCkuOEgpNs.scode" - "(function(){try{if(window.location.href.indexOf(\"pjC6qHCHpdn4rTY8qHa6rdY6q
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2637 Bytes] - [30/08/2016 09:50:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2710 Bytes] ##########

File : AdwCleaner[S1]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 09:58:25
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Key Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "extensions.LthWAkrCkuOEgpNs.scode" - "(function(){try{if(window.location.href.indexOf(\"pjC6qHCHpdn4rTY8qHa6rdY6q
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - zapmeta.co.in
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - dts.search.ask.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - cain-abel.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - recboot.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - google.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3012 Bytes] - [30/08/2016 09:58:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3085 Bytes] ##########

File : AdwCleaner[S2]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 10:05:05
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Key Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - google.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - recboot.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - cain-abel.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - zapmeta.co.in
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - dts.search.ask.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3094 Bytes] - [30/08/2016 10:05:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3167 Bytes] ##########

File : AdwCleaner[S3]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 10:25:36
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Downloads\images\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - google.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - recboot.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - cain-abel.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - zapmeta.co.in
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - dts.search.ask.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [2670 Bytes] - [30/08/2016 10:06:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3246 Bytes] - [30/08/2016 10:05:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [2133 Bytes] - [30/08/2016 10:25:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2206 Bytes] ##########

File : AdwCleaner[S4]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 12:45:21
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Desktop\safe\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Key Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - google.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - recboot.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - cain-abel.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - zapmeta.co.in
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - dts.search.ask.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [2670 Bytes] - [30/08/2016 10:06:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1851 Bytes] - [30/08/2016 10:25:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3246 Bytes] - [30/08/2016 10:05:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [2285 Bytes] - [30/08/2016 10:25:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [3063 Bytes] - [30/08/2016 12:45:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3136 Bytes] ##########

File : AdwCleaner[S5]
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 13:22:48
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : user1 - USER
# Running from : C:\Users\user1\Desktop\safe\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://yourtv.link
Key Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Firefox pref Found: [C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js] - "browser.startup.homepage" - "hxxp://yourtv.link"
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - recboot.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - cain-abel.en.softonic.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - zapmeta.co.in
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - dts.search.ask.com
Chrome pref Found: [C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Web data] - google.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2281 Bytes] - [30/08/2016 09:51:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [2473 Bytes] - [30/08/2016 09:58:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [2670 Bytes] - [30/08/2016 10:06:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1851 Bytes] - [30/08/2016 10:25:47]
C:\AdwCleaner\AdwCleaner[C5].txt - [2789 Bytes] - [30/08/2016 12:45:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [2789 Bytes] - [30/08/2016 09:50:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [3164 Bytes] - [30/08/2016 09:58:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3246 Bytes] - [30/08/2016 10:05:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [2285 Bytes] - [30/08/2016 10:25:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [3215 Bytes] - [30/08/2016 12:45:21]
C:\AdwCleaner\AdwCleaner[S5].txt - [3369 Bytes] - [30/08/2016 13:22:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [3442 Bytes] ##########
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 1st, 2016, 3:35 am

MBAM log
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 8/30/2016
Scan Time: 11:35 AM
Logfile: mbam scan log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.30.03
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: user1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390240
Time Elapsed: 1 hr, 2 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [53e81e3374266fc7d260a5ecfb0842be],

Registry Values: 1
PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.google.com/cse?cx=partner-pu ... 9189802438[53e81e3374266fc7d260a5ecfb0842be]A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.linkQuarantinedF, %4, %5

Registry Data: 1
PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://yourtv.link, Good: (http://www.google.com), Bad: (http://yourtv.link),Replaced,[043784cd55456fc70a8644339f65ce32]

Folders: 0
(No malicious items detected)

Files: 3
Trojan.FakeAlert, C:\ProgramData\Google\Google Chrome.exe, Quarantined, [88b31d347228d165a543aa54788a2dd3],
Trojan.Agent, C:\ProgramData\Mozilla\Mozilla Firefox.exe, Quarantined, [76c5b8992377c175ca58c643fb089f61],
PUP.Optional.YourTV, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://yourtv.link), Replaced,[0a31ef62e7b3cc6a3a725649689caa56]

Physical Sectors: 0
(No malicious items detected)


(end)


Thank you capnkrunch

I haven't noticed much changes in the computer lately . Since I installed Malwarebytes it blocks most of the stuff. Google Chrome keeps crashing all the time , so I am basically working on Internet Explorer now . When I first started Internet Explorer it prompted me to make yourtv.link as my homepage but I declined .
I cant tell you how grateful I am to you for giving me your time .
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby capnkrunch » September 1st, 2016, 5:25 pm

Hello TS1997 :)

Cracked/Illegal Software Warning
There is evidence of cracked or otherwise illegal software on your PC. In addition to being illegal, using cracks or keygens is a surefire way to get yourself infected.

Per forum policy. I cannot offer further help as long as this software is present on your system. The following FRST fix will remove what I see and I would like you to delete anything that I've missed. Keep in mind that if I discover evidence of additional cracker/illegal software on your PC later this topic will be closed and no further help provided.

I cant tell you how grateful I am to you for giving me your time .

You're welcome :).

So I ran the rkill and jrt applications again and here are the logs :

Do not run scans unless I tell you to. It turned out OK this time but running scans that I have not requested you to or running them more than once can damage your computer.

Let's keep going.

Step one...

There are some non-default Windows settings that disable taskbar and Action Center notifications:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0

Are you aware of these and did you set them yourself?

Step two...

FRST Fix
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    2016-08-29 11:50 - 2016-08-29 11:50 - 00000000 ____D C:\Users\user1\AppData\LocalLow\uTorrent
    FF Extension: (PrriiceeMINus) - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\i@8zc.edu [2015-05-08] [not signed]
    FF Extension: (bestadblocker) - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\jV4@rlT.org [2015-05-08] [not signed]
    FF Homepage: hxxp://yourtv.link
    HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yourtv.link
    SearchScopes: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
    SearchScopes: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\...\MountPoints2: {5726bac4-e755-11e4-8256-84349778df91} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\...\MountPoints2: {d08be517-e4be-11e4-8253-84349778df91} - "E:\Setup.exe"
    FirewallRules: [{AFE7992B-54FF-4C81-9752-F704ED8AF369}] => (Allow) C:\Users\user1\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{3B83FC26-900B-431B-8573-A3F6B9D0BF6E}] => (Allow) C:\Users\user1\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E0E0AF2A-0E98-42CB-890B-0CDC9E033F59}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{2EA8C557-8E89-4B1C-87D4-805C5E67F60B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{C9B8840B-6363-4ACE-885C-F621A51E188D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{A4DD1005-4B18-41DB-9071-572B8814FA47}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{A6C83FFC-4C39-4A20-8C93-250DACED736E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{404673C5-97BC-410F-8D2E-FFAA2C308F62}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{AA188EAA-8B7B-49BB-91ED-B6D0D1165468}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{F4CC5EB0-2887-4FF5-B654-CE3162C77697}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{B2D6FF32-D3AE-4E95-B0FC-089D83DEA5DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{8E19B543-6E28-4BC5-B6A4-71D4ECDDF6FF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [TCP Query User{6156623F-B848-44BC-BDB4-25C1BDD81CAC}C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe
    FirewallRules: [UDP Query User{371D843C-1889-4AE4-AAD8-9AA5A68D20C6}C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe
    FirewallRules: [TCP Query User{BFCFD8F0-DB35-4023-BB52-225CA85B4B71}C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe
    FirewallRules: [UDP Query User{46E46873-E8C6-4573-A6AC-251858136F47}C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe
    
    C:\Program Files (x86)\Dll-Files.com Fixer
    C:\users\user1\desktop\new folder\123141dish0ned
    C:\users\user1\desktop\games\new folder\123141dish0ned
    C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js
    
    Folder: C:\ProgramData\google
    C:\ProgramData\google\google chrome.exe
    Folder: C:\ProgramData\Mozilla
    C:\ProgramData\Mozilla\Mozilla Firefox.exe
    Folder: C:\ProgramData\cu
    File: C:\ProgramData\cu\cu.exe
    File: C:\users\user1\downloads\images\crack.exe
    CMD: dir "C:\users\user1\desktop\new folder"
    CMD: dir "C:\users\user1\desktop\games"
    CMD: dir "C:\users\user1\desktop\games\new folder"
    
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step three...

FRST - Search Registry
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Right click FRST64.exe and select Run as administrator.
  • Copy and paste the following into the Search box:
    roboot;WEBAPP;yourtv;zapmeta;recboot;cain-abel;b872f64c-82a2-92bc-b872-2f64c82ad932;0633EE93-D776-472F-A0FF-E1416B8B2E3A;cu.exe
  • Click Search Registry. The scan can take 10 minutes or more to complete.
  • You will get a popup telling you when the search has completed. Click OK.
  • This will open a file SearchReg.txt. Please copy and paste the contents in your reply.
    Search.txt can also be found in the same folder FRST was run from.

Step four...

FRST Shortcut Scan
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Right click FRST64.exe and select Run as administrator.
  • Under Optional Scan check Shortcut.txt.
  • Click Scan and wait as the scan completes.
  • Once the scan finishes, two files will open, FRST.txt and Shortcut.txt. Post Shortcut.txt only.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Answers to my questions
  • Fixlog.txt
  • SearchReg.txt
  • Shortcut.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 3rd, 2016, 3:19 am

Sorry about that I will remove any I find and I completely understand the forum policy that you would close the topic If you find any more of the illegal software . I have searched the whole computer and deleted two of the software that I did find . Please tell me If WinRar is also a cracked/Illegal software and I will remove it too . If you find anymore its not my willingness to keep them on the computer it is just that maybe I overlooked them . Before coming to this forum I never really understood how serious the piracy matter is, I just went with the flow like all my friends were doing , now that I read about it more and searched it up on google too I totally understand it .
Yeah and I am sorry about the scan thing too , wont scan again unless you tell me to . :oops:

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0

I have no idea about this plus I don't do such typical stuff on the computer , 99% chance that it is not a setting enforced by me.
Sorry for making you wait a day for the reply I was really busy the other day .
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 3rd, 2016, 3:28 am

Contents of Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by user1 (03-09-2016 12:51:07) Run:1
Running from C:\Users\user1\Desktop
Loaded Profiles: user1 (Available Profiles: user1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

2016-08-29 11:50 - 2016-08-29 11:50 - 00000000 ____D C:\Users\user1\AppData\LocalLow\uTorrent
FF Extension: (PrriiceeMINus) - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\i@8zc.edu [2015-05-08] [not signed]
FF Extension: (bestadblocker) - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\jV4@rlT.org [2015-05-08] [not signed]
FF Homepage: hxxp://yourtv.link
HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yourtv.link
SearchScopes: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
SearchScopes: HKU\S-1-5-21-3268202683-2675470380-2750706328-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\...\MountPoints2: {5726bac4-e755-11e4-8256-84349778df91} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\...\MountPoints2: {d08be517-e4be-11e4-8253-84349778df91} - "E:\Setup.exe"
FirewallRules: [{AFE7992B-54FF-4C81-9752-F704ED8AF369}] => (Allow) C:\Users\user1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B83FC26-900B-431B-8573-A3F6B9D0BF6E}] => (Allow) C:\Users\user1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E0E0AF2A-0E98-42CB-890B-0CDC9E033F59}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2EA8C557-8E89-4B1C-87D4-805C5E67F60B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C9B8840B-6363-4ACE-885C-F621A51E188D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A4DD1005-4B18-41DB-9071-572B8814FA47}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A6C83FFC-4C39-4A20-8C93-250DACED736E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{404673C5-97BC-410F-8D2E-FFAA2C308F62}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AA188EAA-8B7B-49BB-91ED-B6D0D1165468}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F4CC5EB0-2887-4FF5-B654-CE3162C77697}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B2D6FF32-D3AE-4E95-B0FC-089D83DEA5DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8E19B543-6E28-4BC5-B6A4-71D4ECDDF6FF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{6156623F-B848-44BC-BDB4-25C1BDD81CAC}C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{371D843C-1889-4AE4-AAD8-9AA5A68D20C6}C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{BFCFD8F0-DB35-4023-BB52-225CA85B4B71}C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{46E46873-E8C6-4573-A6AC-251858136F47}C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe

C:\Program Files (x86)\Dll-Files.com Fixer
C:\users\user1\desktop\new folder\123141dish0ned
C:\users\user1\desktop\games\new folder\123141dish0ned
C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js

Folder: C:\ProgramData\google
C:\ProgramData\google\google chrome.exe
Folder: C:\ProgramData\Mozilla
C:\ProgramData\Mozilla\Mozilla Firefox.exe
Folder: C:\ProgramData\cu
File: C:\ProgramData\cu\cu.exe
File: C:\users\user1\downloads\images\crack.exe
CMD: dir "C:\users\user1\desktop\new folder"
CMD: dir "C:\users\user1\desktop\games"
CMD: dir "C:\users\user1\desktop\games\new folder"

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
"C:\Users\user1\AppData\LocalLow\uTorrent" => not found.
C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\i@8zc.edu => not found.
FF Extension: (PrriiceeMINus) - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\i@8zc.edu [2015-05-08] [not signed] => not found
C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\jV4@rlT.org => not found.
FF Extension: (bestadblocker) - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\Extensions\jV4@rlT.org [2015-05-08] [not signed] => not found
FF Homepage: hxxp://yourtv.link => not found
HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5726bac4-e755-11e4-8256-84349778df91}" => key removed successfully
HKCR\CLSID\{5726bac4-e755-11e4-8256-84349778df91} => key not found.
"HKU\S-1-5-21-3268202683-2675470380-2750706328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d08be517-e4be-11e4-8253-84349778df91}" => key removed successfully
HKCR\CLSID\{d08be517-e4be-11e4-8253-84349778df91} => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFE7992B-54FF-4C81-9752-F704ED8AF369} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B83FC26-900B-431B-8573-A3F6B9D0BF6E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0E0AF2A-0E98-42CB-890B-0CDC9E033F59} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EA8C557-8E89-4B1C-87D4-805C5E67F60B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9B8840B-6363-4ACE-885C-F621A51E188D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4DD1005-4B18-41DB-9071-572B8814FA47} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6C83FFC-4C39-4A20-8C93-250DACED736E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{404673C5-97BC-410F-8D2E-FFAA2C308F62} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA188EAA-8B7B-49BB-91ED-B6D0D1165468} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4CC5EB0-2887-4FF5-B654-CE3162C77697} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2D6FF32-D3AE-4E95-B0FC-089D83DEA5DE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E19B543-6E28-4BC5-B6A4-71D4ECDDF6FF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6156623F-B848-44BC-BDB4-25C1BDD81CAC}C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{371D843C-1889-4AE4-AAD8-9AA5A68D20C6}C:\users\user1\desktop\games\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BFCFD8F0-DB35-4023-BB52-225CA85B4B71}C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{46E46873-E8C6-4573-A6AC-251858136F47}C:\users\user1\desktop\new folder\123141dish0ned\dishonored\binaries\win32\dishonored.exe => value removed successfully
"C:\Program Files (x86)\Dll-Files.com Fixer" => not found.
"C:\users\user1\desktop\new folder\123141dish0ned" => not found.
"C:\users\user1\desktop\games\new folder\123141dish0ned" => not found.
"C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\ej07sng5.default\prefs.js" => not found.

========================= Folder: C:\ProgramData\google ========================

2016-09-02 11:56 - 2016-05-28 16:32 - 5305963 ___SH () C:\ProgramData\google\Google Chrome.exe
2015-04-17 13:29 - 2015-04-17 13:30 - 0000000 ____D () C:\ProgramData\google\Chrome Remote Desktop
2015-04-17 13:30 - 2015-04-17 13:30 - 0001970 _____ () C:\ProgramData\google\Chrome Remote Desktop\host.json
2015-04-17 13:30 - 2015-04-17 13:30 - 0000129 _____ () C:\ProgramData\google\Chrome Remote Desktop\host_unprivileged.json

====== End of Folder: ======

C:\ProgramData\google\google chrome.exe => moved successfully

========================= Folder: C:\ProgramData\Mozilla ========================

2016-08-31 07:48 - 2016-05-28 16:32 - 4167555 ___SH () C:\ProgramData\Mozilla\Mozilla Firefox.exe
2015-04-16 10:41 - 2016-08-30 14:37 - 0000000 ____D () C:\ProgramData\Mozilla\logs
2015-04-16 10:41 - 2015-04-16 10:41 - 0000164 _____ () C:\ProgramData\Mozilla\logs\maintenanceservice-install.log
2016-08-30 14:37 - 2016-08-30 14:37 - 0000067 _____ () C:\ProgramData\Mozilla\logs\maintenanceservice-uninstall.log

====== End of Folder: ======

C:\ProgramData\Mozilla\Mozilla Firefox.exe => moved successfully

========================= Folder: C:\ProgramData\cu ========================

2016-05-30 12:20 - 2016-05-28 16:33 - 184515319 ___SH () C:\ProgramData\cu\cu.exe

====== End of Folder: ======


========================= File: C:\ProgramData\cu\cu.exe ========================

File not signed
MD5:
Creation and modification date: 2016-05-30 12:20 - 2016-05-28 16:33
Size: 184515319
Attributes: --ASH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\users\user1\downloads\images\crack.exe ========================

"C:\users\user1\downloads\images\crack.exe" => not found.
====== End of File: ======


========= dir "C:\users\user1\desktop\new folder" =========

Volume in drive C has no label.
Volume Serial Number is BEBB-1D29

Directory of C:\users\user1\desktop

File Not Found

========= End of CMD: =========


========= dir "C:\users\user1\desktop\games" =========

Volume in drive C has no label.
Volume Serial Number is BEBB-1D29

Directory of C:\users\user1\desktop

File Not Found

========= End of CMD: =========


========= dir "C:\users\user1\desktop\games\new folder" =========

The system cannot find the file specified.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35822593 B
Java, Flash, Steam htmlcache => 1668 B
Windows/system/drivers => 114125814 B
Edge => 0 B
Chrome => 70744689 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 6170 B
NetworkService => 23949658 B
user1 => 525637012 B

RecycleBin => 0 B
EmptyTemp: => 742.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:52:28 ====
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 3rd, 2016, 3:34 am

SearchReg.txt was too long to fit in so I had to upload it.
You do not have the required permissions to view the files attached to this post.
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware