Cant bget rid of Surfvox ....

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sma_

Thread Starter
Joined
Feb 24, 2015
Messages
5
Hi,


I'm having problems getting rid of surfvox from my computer. I have been through the forums and installed adwcleaner, hitmanPro ( I already had spybot installed). Unfortunately everytime I reboot and rerun adwcleaner it comes up with a registry entry key it doesnt like HKLM\software\devicevm. It deletes it, reboots only to be back where I started. I have then run Chameleon which got a lot of my computer functionality back (can now open regedit, taskmanager which kept closing due to random spaces appearing in any typable box).


My comp details are:


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 8183 Mb
Graphics Card: NVIDIA GeForce GTX 285, -2048 Mb
Hard Drives: C: Total - 953859 MB, Free - 730343 MB;
Motherboard: ASUSTeK Computer INC., P7P55-M
Antivirus: avast! Antivirus, Updated and Enabled


I have downloaded and run ComboFix but this does not seem to be able to remove the \devicevm key either..


Log report from that is:


ComboFix 15-02-16.01 - Sam 24/02/2015 18:31:40.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8183.6351 [GMT 0:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-01-24 to 2015-02-24 )))))))))))))))))))))))))))))))
.
.
2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\William\AppData\Local\temp
2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Hannah L-T\AppData\Local\temp
2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Guest.Sam-PC\AppData\Local\temp
2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-24 18:22 . 2015-02-24 18:22 -------- d-----w- C:\ApcTempReg
2015-02-24 12:22 . 2015-02-24 17:30 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-24 12:22 . 2015-02-24 12:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-24 12:22 . 2015-02-24 12:22 -------- d-----w- c:\programdata\Malwarebytes
2015-02-24 12:22 . 2014-11-21 06:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-24 12:22 . 2014-11-21 06:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 12:20 . 2015-02-24 15:15 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-23 22:00 . 2015-02-23 22:26 -------- d-----w- c:\program files\HitmanPro
2015-02-23 21:58 . 2015-02-23 22:59 -------- d-----w- c:\programdata\HitmanPro
2015-02-23 21:18 . 2015-02-24 18:20 -------- d-----w- C:\AdwCleaner
2015-02-22 14:42 . 2015-02-22 14:42 -------- d-----w- c:\users\William\AppData\Local\Macromedia
2015-02-21 22:57 . 2015-02-21 22:57 -------- d-----w- c:\users\Sam\AppData\Roaming\chportu
2015-02-21 19:46 . 2015-02-21 19:46 -------- d-----w- c:\windows\SysWow64\vbox
2015-02-21 19:46 . 2015-02-21 19:46 -------- d-----w- c:\windows\system32\vbox
2015-02-21 14:54 . 2015-02-21 14:54 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-21 14:54 . 2015-02-21 14:54 43152 ----a-w- c:\windows\avastSS.scr
2015-02-21 12:36 . 2015-02-21 12:36 -------- d-sh--w- c:\users\Hannah L-T\AppData\Local\EmieUserList
2015-02-21 12:36 . 2015-02-21 12:36 -------- d-sh--w- c:\users\Hannah L-T\AppData\Local\EmieSiteList
2015-02-21 12:36 . 2015-02-21 12:36 -------- d-sh--w- c:\users\Hannah L-T\AppData\Local\EmieBrowserModeList
2015-02-21 03:20 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F38D36-31D2-4AB2-AA69-7722756F6828}\mpengine.dll
2015-02-20 18:16 . 2015-02-20 18:17 -------- d-----w- c:\users\William\AppData\Local\Mozilla
2015-02-12 12:24 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-02-12 12:23 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-12 12:23 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-12 12:23 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 12:23 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-12 12:23 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 12:23 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-12 12:19 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-12 12:19 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-12 12:19 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-12 12:18 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-12 12:18 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-12 12:18 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-12 12:18 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-12 12:18 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-04 13:22 . 2015-02-04 13:22 -------- d-----w- C:\Mozilla
2015-01-31 09:28 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-31 09:28 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-31 09:28 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-31 09:28 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-31 09:28 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-31 09:28 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-23 18:57 . 2013-03-23 12:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-23 18:57 . 2013-03-23 12:17 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-21 14:55 . 2013-03-22 13:09 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-21 14:54 . 2013-12-20 20:18 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2015-02-21 14:54 . 2013-03-22 13:09 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-02-21 14:54 . 2013-03-22 13:09 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-21 14:54 . 2014-06-11 19:45 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-21 14:54 . 2013-03-22 13:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-21 14:54 . 2013-03-22 13:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-21 14:54 . 2013-03-22 13:09 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-02-12 12:27 . 2013-03-30 19:51 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-12 10:00 . 2014-12-15 14:13 535576 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2014-12-23 00:41 . 2013-03-04 00:02 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-12 06:04 . 2014-12-12 06:04 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-21 5227112]
"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"<NO NAME>"=
.
R2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 RapportCerberus_80128;RapportCerberus_80128;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 09:33 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 18:57]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 00:15]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 00:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-21 14:54 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-24 18:57:04
ComboFix-quarantined-files.txt 2015-02-24 18:56
ComboFix2.txt 2015-02-24 18:10
.
Pre-Run: 766,037,467,136 bytes free
Post-Run: 765,931,171,840 bytes free
.
- - End Of File - - CE529E1A7415257E3EF0BB3758BED02D
A36C5E4F47E84449FF07ED3517B43A31


Help!
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Welcome. :)

Run Adcleaner and uninstall. Then download the latest AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
 

sma_

Thread Starter
Joined
Feb 24, 2015
Messages
5
Hi, thank you for getting back to me.

# AdwCleaner v4.111 - Logfile created 24/02/2015 at 20:20:14
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Sam - SAM-PC
# Running from : C:\Users\Sam\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\DeviceVM

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.115

[C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [944 bytes] - [24/02/2015 20:17:15]
AdwCleaner[S0].txt - [876 bytes] - [24/02/2015 20:20:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [934 bytes] ##########
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
 

sma_

Thread Starter
Joined
Feb 24, 2015
Messages
5
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Sam (administrator) on SAM-PC on 24-02-2015 20:33:46
Running from C:\Users\Sam\Desktop
Loaded Profiles: Sam (Available profiles: Sam & Hannah L-T & William & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Seems that that entry is part of ASUS ((DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe). It refers to the company that developed the Meta Data Export Service used in ASUS computers.

Although there is a similar entry for a Browser Configuration Utility that is considered malware, AdwCleaner is unable to determine if the entry is malware or not. In your case I believe is a False Positive.

All seems clean. How does the computer behaves?
 

sma_

Thread Starter
Joined
Feb 24, 2015
Messages
5
everything seems to be ok.Thank you for looking through this and your advice- greatly appreciated!. Just need to uninstall combofix now :)
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
This remove the tools used during cleaning your machine

  1. Download Delfix from here
  2. Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore

  3. Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 

sma_

Thread Starter
Joined
Feb 24, 2015
Messages
5
Hi, had already deleted combofix following it's guidance instructions..

# DelFix v10.8 - Logfile created 24/02/2015 at 21:34:01
# Updated 29/07/2014 by Xplode
# Username : Sam - SAM-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Sam\Desktop\FRST64.exe
Deleted : C:\Users\Sam\Downloads\AdwCleaner.exe
Deleted : C:\Users\Sam\Downloads\adwcleaner_4.111.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : HKLM\SOFTWARE\Swearware

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########

Thank you and have a nice day!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top