1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cant bget rid of Surfvox ....

Discussion in 'Virus & Other Malware Removal' started by sma_, Feb 24, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. sma_

    sma_ Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    5
    Hi,


    I'm having problems getting rid of surfvox from my computer. I have been through the forums and installed adwcleaner, hitmanPro ( I already had spybot installed). Unfortunately everytime I reboot and rerun adwcleaner it comes up with a registry entry key it doesnt like HKLM\software\devicevm. It deletes it, reboots only to be back where I started. I have then run Chameleon which got a lot of my computer functionality back (can now open regedit, taskmanager which kept closing due to random spaces appearing in any typable box).


    My comp details are:


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
    Processor Count: 4
    RAM: 8183 Mb
    Graphics Card: NVIDIA GeForce GTX 285, -2048 Mb
    Hard Drives: C: Total - 953859 MB, Free - 730343 MB;
    Motherboard: ASUSTeK Computer INC., P7P55-M
    Antivirus: avast! Antivirus, Updated and Enabled


    I have downloaded and run ComboFix but this does not seem to be able to remove the \devicevm key either..


    Log report from that is:


    ComboFix 15-02-16.01 - Sam 24/02/2015 18:31:40.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8183.6351 [GMT 0:00]
    Running from: c:\users\Sam\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-01-24 to 2015-02-24 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\William\AppData\Local\temp
    2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Hannah L-T\AppData\Local\temp
    2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Guest.Sam-PC\AppData\Local\temp
    2015-02-24 18:49 . 2015-02-24 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-02-24 18:22 . 2015-02-24 18:22 -------- d-----w- C:\ApcTempReg
    2015-02-24 12:22 . 2015-02-24 17:30 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-24 12:22 . 2015-02-24 12:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-02-24 12:22 . 2015-02-24 12:22 -------- d-----w- c:\programdata\Malwarebytes
    2015-02-24 12:22 . 2014-11-21 06:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-02-24 12:22 . 2014-11-21 06:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-02-24 12:20 . 2015-02-24 15:15 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-23 22:00 . 2015-02-23 22:26 -------- d-----w- c:\program files\HitmanPro
    2015-02-23 21:58 . 2015-02-23 22:59 -------- d-----w- c:\programdata\HitmanPro
    2015-02-23 21:18 . 2015-02-24 18:20 -------- d-----w- C:\AdwCleaner
    2015-02-22 14:42 . 2015-02-22 14:42 -------- d-----w- c:\users\William\AppData\Local\Macromedia
    2015-02-21 22:57 . 2015-02-21 22:57 -------- d-----w- c:\users\Sam\AppData\Roaming\chportu
    2015-02-21 19:46 . 2015-02-21 19:46 -------- d-----w- c:\windows\SysWow64\vbox
    2015-02-21 19:46 . 2015-02-21 19:46 -------- d-----w- c:\windows\system32\vbox
    2015-02-21 14:54 . 2015-02-21 14:54 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2015-02-21 14:54 . 2015-02-21 14:54 43152 ----a-w- c:\windows\avastSS.scr
    2015-02-21 12:36 . 2015-02-21 12:36 -------- d-sh--w- c:\users\Hannah L-T\AppData\Local\EmieUserList
    2015-02-21 12:36 . 2015-02-21 12:36 -------- d-sh--w- c:\users\Hannah L-T\AppData\Local\EmieSiteList
    2015-02-21 12:36 . 2015-02-21 12:36 -------- d-sh--w- c:\users\Hannah L-T\AppData\Local\EmieBrowserModeList
    2015-02-21 03:20 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F38D36-31D2-4AB2-AA69-7722756F6828}\mpengine.dll
    2015-02-20 18:16 . 2015-02-20 18:17 -------- d-----w- c:\users\William\AppData\Local\Mozilla
    2015-02-12 12:24 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-02-12 12:23 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
    2015-02-12 12:23 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
    2015-02-12 12:23 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-12 12:23 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2015-02-12 12:23 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-12 12:23 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2015-02-12 12:19 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-02-12 12:19 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2015-02-12 12:19 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2015-02-12 12:18 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
    2015-02-12 12:18 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
    2015-02-12 12:18 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
    2015-02-12 12:18 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2015-02-12 12:18 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
    2015-02-04 13:22 . 2015-02-04 13:22 -------- d-----w- C:\Mozilla
    2015-01-31 09:28 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
    2015-01-31 09:28 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2015-01-31 09:28 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
    2015-01-31 09:28 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
    2015-01-31 09:28 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2015-01-31 09:28 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-23 18:57 . 2013-03-23 12:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-23 18:57 . 2013-03-23 12:17 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-21 14:55 . 2013-03-22 13:09 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2015-02-21 14:54 . 2013-12-20 20:18 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2015-02-21 14:54 . 2013-03-22 13:09 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2015-02-21 14:54 . 2013-03-22 13:09 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-02-21 14:54 . 2014-06-11 19:45 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-02-21 14:54 . 2013-03-22 13:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-02-21 14:54 . 2013-03-22 13:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-02-21 14:54 . 2013-03-22 13:09 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-02-12 12:27 . 2013-03-30 19:51 116773704 ----a-w- c:\windows\system32\MRT.exe
    2015-02-12 10:00 . 2014-12-15 14:13 535576 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
    2014-12-23 00:41 . 2013-03-04 00:02 298120 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-12 06:04 . 2014-12-12 06:04 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]
    "Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
    "TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-21 5227112]
    "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "RequireSignedAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "<NO NAME>"=
    .
    R2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 RapportCerberus_80128;RapportCerberus_80128;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [x]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-02-20 09:33 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 18:57]
    .
    2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 00:15]
    .
    2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 00:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-02-21 14:54 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-01-15 16:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-02-24 18:57:04
    ComboFix-quarantined-files.txt 2015-02-24 18:56
    ComboFix2.txt 2015-02-24 18:10
    .
    Pre-Run: 766,037,467,136 bytes free
    Post-Run: 765,931,171,840 bytes free
    .
    - - End Of File - - CE529E1A7415257E3EF0BB3758BED02D
    A36C5E4F47E84449FF07ED3517B43A31


    Help!
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome. :)

    Run Adcleaner and uninstall. Then download the latest AdwCleaner from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    [​IMG]
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    [​IMG]
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
     
  3. sma_

    sma_ Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    5
    Hi, thank you for getting back to me.

    # AdwCleaner v4.111 - Logfile created 24/02/2015 at 20:20:14
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Sam - SAM-PC
    # Running from : C:\Users\Sam\Desktop\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\DeviceVM

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v


    -\\ Google Chrome v40.0.2214.115

    [C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [944 bytes] - [24/02/2015 20:17:15]
    AdwCleaner[S0].txt - [876 bytes] - [24/02/2015 20:20:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [934 bytes] ##########
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  5. sma_

    sma_ Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    5
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
    Ran by Sam (administrator) on SAM-PC on 24-02-2015 20:33:46
    Running from C:\Users\Sam\Desktop
    Loaded Profiles: Sam (Available profiles: Sam & Hannah L-T & William & Guest)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Seems that that entry is part of ASUS ((DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe). It refers to the company that developed the Meta Data Export Service used in ASUS computers.

    Although there is a similar entry for a Browser Configuration Utility that is considered malware, AdwCleaner is unable to determine if the entry is malware or not. In your case I believe is a False Positive.

    All seems clean. How does the computer behaves?
     
  7. sma_

    sma_ Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    5
    everything seems to be ok.Thank you for looking through this and your advice- greatly appreciated!. Just need to uninstall combofix now :)
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    This remove the tools used during cleaning your machine

    1. Download Delfix from here
    2. Ensure Remove disinfection tools is ticked
      Also tick:
      • Create registry backup
      • Purge system restore
      [​IMG]
    3. Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
     
  9. sma_

    sma_ Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    5
    Hi, had already deleted combofix following it's guidance instructions..

    # DelFix v10.8 - Logfile created 24/02/2015 at 21:34:01
    # Updated 29/07/2014 by Xplode
    # Username : Sam - SAM-PC
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Combofix
    Deleted : C:\FRST
    Deleted : C:\ComboFix.txt
    Deleted : C:\Users\Sam\Desktop\FRST64.exe
    Deleted : C:\Users\Sam\Downloads\AdwCleaner.exe
    Deleted : C:\Users\Sam\Downloads\adwcleaner_4.111.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : HKLM\SOFTWARE\Swearware

    ~ Creating registry backup ... OK

    ~ Cleaning system restore ...


    New restore point created !

    ########## - EOF - ##########

    Thank you and have a nice day!
     
  10. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    You are welcome. :)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143727

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice