Jump to content

darrrn

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Argus, After uninstalling and reinstalling Chrome, the adware problems have disappeared =) Thanks so much! Are there any further steps necessary?
  2. Hi Argus, Thanks for replying. I've done as you asked and I've posted the zoek results below. I've also removed any programs and files that might potentially come into conflict with your piracy policy. I've uploaded the new FRST logs as well. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Darren on Wed 06/05/2015 at 14:13:41.13.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Darren\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 6/5/2015 2:15:13 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfullyC:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfullyC:\Program Files\stinger deleted successfullyC:\PROGRA~3\Office2013 deleted successfullyC:\Users\Darren\AppData\Roaming\DarkEnd deleted successfullyC:\Users\Darren\AppData\Roaming\EncryptStick deleted successfullyC:\Users\Darren\AppData\Local\THQ deleted successfullyC:\Users\Darren\AppData\Local\Victim of Xen - Saves deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2697254024-2847734117-2183424244-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not foundC:\PROGRA~3\11860153545491001866 deletedC:\windows\sysWoW64\config\systemprofile\.android deletedC:\PROGRA~2\COMMON~1\Wondershare deletedC:\install.exe deletedC:\found.000 deletedC:\found.001 deletedC:\found.002 deletedC:\found.003 deletedC:\Users\Darren\AppData\Roaming\appdataFr3.bin deletedC:\Users\Darren\AppData\Roaming\TickTocklog.txt deletedC:\Users\Darren\AppData\Roaming\AlawarEntertainment deletedC:\PROGRA~3\eBay deletedC:\PROGRA~3\Package Cache deletedC:\Users\Darren\AppData\Local\Wondershare deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\windows\SysNative\GroupPolicy\Machine deletedC:\windows\SysNative\GroupPolicy\User deletedC:\windows\SysNative\GroupPolicy\GPT.INI deletedC:\windows\Syswow64\GroupPolicy\gpt.ini deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [22/04/2015 10:13 AM] ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.135 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsfheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[24/03/2015 12:28 PM] Bookmark Manager - Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjikChrome Hotword Shared Module - Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences"homepage": " ==== Chromium Fix ====================== C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfullyC:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfullyC:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfullyC:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfullyC:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfullyC:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{A8CFF54C-D737-48F9-BDE3-7B2B74CC0E2F}" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"{A8CFF54C-D737-48F9-BDE3-7B2B74CC0E2F} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2697254024-2847734117-2183424244-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_USERS\S-1-5-21-2697254024-2847734117-2183424244-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_USERS\S-1-5-21-2697254024-2847734117-2183424244-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_USERS\S-1-5-21-2697254024-2847734117-2183424244-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_USERS\S-1-5-21-2697254024-2847734117-2183424244-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A8CFF54C-D737-48F9-BDE3-7B2B74CC0E2F} deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{635d10d7-ea76-41f7-b4ba-bc06c85c565e} deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9b44451-cd1f-4eb9-a1d1-756f170afd43} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A8CFF54C-D737-48F9-BDE3-7B2B74CC0E2F} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8CFF54C-D737-48F9-BDE3-7B2B74CC0E2F} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Darren\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Darren\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Darren\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Darren\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=303 folders=76 291772165 bytes) ==== Empty Temp Folders ====================== C:\Users\Darren\AppData\Local\Temp will be emptied at rebootC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptiedC:\Users\Darren\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Wed 06/05/2015 at 14:37:20.42 ====================== FRST.txt Addition.txt
  3. Hi! My chrome browser was recently infected with malware, which posts ads by Enormousales. I've tried the conventional means of removing it but have been unable to. I've attached the FRST logs here and would really appreciate any help regarding this. Thanks so much! FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.