Jump to content

Naathim

Honorary Members
  • Posts

    1,944
  • Joined

  • Last visited

Everything posted by Naathim

  1. This shouldn't take so long, coupe of minutes approximately. Please reboot your machine and try once more. Tell me the results.
  2. Please update me about any other issues you may be facing Scan with Malwarebytes' Anti-Malware Please re-run Malwarebytes' Anti-Malware. First of all, select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the newest Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with ESET Online Scanner This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Please visit ESET Online Scanner website. Click there Run ESET Online Scanner. If using Internet Explorer: Accept the Terms of Use and click Start.Allow the running of add-on.If using Mozilla Firefox or Google Chrome: Download esetsmartinstaller_enu.exe that you'll be given link to.Double click esetsmartinstaller_enu.exe.Allow the Terms of Use and click Start.To perform the scan: Make sure that Enable detecion of potentially unwanted applications is checked.In the Advanced Settings dropdown menu:Make sure that Remove found threats is unchecked.Scan archives is checked.Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.Use custom proxy settings is unchecked.Click StartThe program will begin to download it's virus database. The speed may vary depending on your Internet connection.When completed, the program will begin to scan. This may take several hours. Please, be patient.Do not do anything on your machine as it may interrupt the scan.When the scan is done, click Finish.A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.Please include this logfile in your next reply. Don't forget to re-enable previously switched-off protection software!
  3. Looks good Scan with Malwarebytes' Anti-Malware Please re-run Malwarebytes' Anti-Malware. First of all, select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the newest Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with ESET Online Scanner This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Please visit ESET Online Scanner website. Click there Run ESET Online Scanner. If using Internet Explorer: Accept the Terms of Use and click Start.Allow the running of add-on.If using Mozilla Firefox or Google Chrome: Download esetsmartinstaller_enu.exe that you'll be given link to.Double click esetsmartinstaller_enu.exe.Allow the Terms of Use and click Start.To perform the scan: Make sure that Enable detecion of potentially unwanted applications is checked.In the Advanced Settings dropdown menu:Make sure that Remove found threats is unchecked.Scan archives is checked.Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.Use custom proxy settings is unchecked.Click StartThe program will begin to download it's virus database. The speed may vary depending on your Internet connection.When completed, the program will begin to scan. This may take several hours. Please, be patient.Do not do anything on your machine as it may interrupt the scan.When the scan is done, click Finish.A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.Please include this logfile in your next reply. Don't forget to re-enable previously switched-off protection software!
  4. OK, now let's take care about the other nasties and about your AV program. Tell me - you really think that AVG 2011 will protect you in the second half of 2014? I strongly recommend to change it. You also have Microsoft Security Essentials installed. You do realize that two AV may fight each other, cause slowness, conflicts or even block your machine? Fix with ComboFix Let's prepare a Script for ComboFix to mark some things for being deleted. Press the + R on your keyboard at the same time.A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.In the shown window paste in the following script: KillAll::Folder::c:\programdata\IrfuqApivhc:\users\savas.kyriakidis\AppData\Roaming\Puorfuc:\users\savas.kyriakidis\AppData\Local\browser_dirc:\users\savas.kyriakidis\AppData\Local\42a495c:\users\savas.kyriakidis\AppData\Roaming\42a495C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobileC:\Users\savas.kyriakidis\AppData\Local\UINoteworthyC:\Program Files\AVG\AVG10\ToolbarC:\Program Files\Common Files\AVG Secure SearchFile::C:\Windows\system32\jsllnzn.dllC:\Windows\System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5}C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dllC:\Windows\System32\Tasks\Time Trigger Test TaskC:\Windows\System32\Tasks\Security Center Update - 754758581Driver::AVG Security Toolbar ServicevToolbarUpdaterRegistry::[HKEY_USERS\S-1-5-21-3726736968-409882640-1958551794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UINoteworthy"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-[-HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Go to File menu and select Save as.Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.Name the file CFScript and select Save.Your CFScript.txt file should appear on your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Now drag your CFScript file and drop it onto the icon.This will start ComboFix. Let it run uninterrupted!A reboot may be needed during this run. Allow it.When finished, it shall produce a log for you at C:\ComboFix.txt and display it.Please include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Do not forget to turn on your previously switched-off protection software!
  5. You told me that you have ran AdwCleaner. Please navigate to the C:\AdwCleaner directory and search there for any logfiles. They should be called AdwCleaner[R*] and AdwCleaner[s*]. Post them here, but do this directly in your post, do not attach.
  6. My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following: Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Let's start and enjoy the fight! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-Malware Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed. First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply.
  7. My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following: Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Let's start and enjoy the fight! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-Malware Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed. First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with ZOEK Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one) Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script: createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Please include its content in your next reply. Don't forget to re-enable your switched-off protection software!
  8. Good morning from Poland! Here are once again, for yur convenience instructions for aswMBR and how to update java. Updated Java is crucial, as it is the most exploited thing nowadays. Scan with aswMBR Please download aswMBR by Avast! & Gmer and save it to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on the icon and select Run as Administrator to start the tool.Allow virtualisation if offered.If you are prompted to download the latest anti-virus definitions from avast!, click No.Select Scan.Upon completion, you will see Scan finished successfully. Click Save log.Do NOT click Fix or FixMBR! A file (MBR.dat) will be created on your desktop. Do NOT click or delete it! Copy the contents of the logfile ans paste in into your next reply. Do not forget to re-enable your previously switched-off protection software Update outdated software Staying always updated is crucial, not only for your operating system, but also for any third-party installed software. Your logs clearly indicate that some of your software needs updating. Updating Java manually Click the Start buttonClick Control PanelDouble click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.Click the Update tabClick Update NowAllow any updates to be downloaded and installed.If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.From Control panel also please remove any older versions of Java - do not leave them installed!.Please remember to keep software up-to-date.
  9. It's not only "poweliks" that indicates this infection. However, part 2 of my plan: Fix with Junkware Removal Tool Please download JRT by Thisisu and save the file to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool.Follow the prompts and let this process run uninterrupted.This scan can take a while, depending on your System specs.Upon completion, a log (JRT.txt) will open on your desktop.Please include the contents of that file in your reply. Do not forget to re-enable your previously switched off protection software! Please also manually reboot your machine after this procedure. Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your desktop. Right-click on icon and select Run as Administrator to start the tool.Follow the prompts and click Scan.When finished, please click Clean.Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.Please include the contents of that file in your reply.
  10. Looks like FRST did the work, but I'd ike to run CF once more for a confirmation. Delete your version of ComboFix and obtain a new one before running the scan. Scan with ComboFix This is a very powerful tool that should be used only if advised by Malware Analyst. Do not run ComboFix on your own! Referring to this instruction, please download ComboFix by sUBs and save it to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here. Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Don't forget to re-enable your previously switched-off protection software!
  11. Let's amend script a little. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Press the + R on your keyboard at the same time. Type Notepad and click OK. Copy the entire content of the codebox below and paste into the Notepad document: start(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exeHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [MusicGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [TouchMemo] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ReceiverRadio] => C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer <===== ATTENTIONHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\MountPoints2: {f9991fca-e68e-11de-88b6-806e6f6e6963} - D:\setup.exeC:\Users\joeheff-\AppData\Local\ReceiverRadioToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No FileS3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]C:\Users\joeheff-\AppData\LocalLow\ModulatorModelC:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exeTask: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONc:\program files (x86)\common files\sparktrustC:\Program Files (x86)\SparkTrust2014-08-21 15:40 - 2014-08-24 21:31 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E570000002014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version32014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration32014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce2014-08-21 16:13 - 2014-08-21 16:14 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolderTask: {3B6C40C2-3FE4-4760-86C5-E251FFE0C80A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUnsTask: {19A34EF9-B027-401C-B6BA-E08C6E041945} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {7E1D956B-41DF-43BD-9DCD-EA738AE698CF} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {F0B47D45-D96A-46E6-A4F0-B54D06C11F7B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONendClick File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please include it in your reply. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool. Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply.
  12. Uninstall some programs We need to uninstall some programs. Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.Search there for each entry mentioned below, right-click the entry and click Uninstall one at a timeThe list of programs to uninstall: SparkTrust PC Cleaner PlusAfter completing uninstalls, please manually reboot your machine! Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Press the + R on your keyboard at the same time. Type Notepad and click OK. Copy the entire content of the codebox below and paste into the Notepad document: start(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exe(Google Inc.) C:\Users\joeheff-\AppData\LocalLow\ModulatorModel\SysutilSync\browser.exeHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [MusicGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [TouchMemo] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadget] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]HKU\S-1-5-21-438747998-725200510-3016165972-1001\...\Run: [ReceiverRadio] => C:\Windows\system32\rundll32.exe "C:\Users\joeheff-\AppData\Local\ReceiverRadio\ReceiverRadio.dll",DllRegisterServer <===== ATTENTIONHKU\S-1-5-21-438747998-725200510-3016165972-1001\...\MountPoints2: {f9991fca-e68e-11de-88b6-806e6f6e6963} - D:\setup.exeC:\Users\joeheff-\AppData\Local\ReceiverRadioToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No FileS3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]C:\Users\joeheff-\AppData\LocalLow\ModulatorModelC:\Users\joeheff-\g2ax_customer_downloadhelper_win32_x86.exeTask: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONTask: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTIONc:\program files (x86)\common files\sparktrustC:\Program Files (x86)\SparkTrust2014-08-21 15:40 - 2014-08-24 21:31 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job2014-08-21 15:40 - 2014-08-21 16:08 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job2014-08-21 15:40 - 2014-08-21 15:40 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E570000002014-08-21 15:40 - 2014-08-21 15:40 - 00003250 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version32014-08-21 15:40 - 2014-08-21 15:40 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration32014-08-21 15:40 - 2014-08-21 15:40 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce2014-08-21 16:13 - 2014-08-21 16:14 - 00000000 ___RD () C:\Users\joeheff-\My SpeedyBackup SyncFolderEmptyTemp:Task: {3B6C40C2-3FE4-4760-86C5-E251FFE0C80A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUnsTask: {19A34EF9-B027-401C-B6BA-E08C6E041945} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {7E1D956B-41DF-43BD-9DCD-EA738AE698CF} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTIONTask: {F0B47D45-D96A-46E6-A4F0-B54D06C11F7B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_56039E4A-2973-11E4-90EF-534E57000000 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTIONendClick File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please include it in your reply. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool. Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply.
  13. It's the second time you're not going with the rules here. I wonder if you really pay attention to what I post to you. However, until these policies will be obeyed, no assistance will be provided. Regards, Naat
  14. Please read once more the guidelines I've included in my first post.
  15. Call me Naat, no sir. I'm just a folk here, like many others FRST needs to be instructed what to remove - that's why we're preparing a file called fixlist prior to running a fix. That file contains specific instructions. What I meant is that the FRST software needs to be in the same location, preferably your desktop. It should look like here: No. Please read my instructions with more focus and be more thorough. I said: There are no silly questions here
  16. Still no joy I wonder if it's not a new modification. Anyway we need to kill Poweliks prior to other baddies, so I'm gonna focus on it now. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Press the + R on your keyboard at the same time. Type Notepad and click OK. Copy the entire content of the codebox below and paste into the Notepad document: startHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?endClick File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please include it in your reply. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool. Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply.
  17. OK, since TwinHeadedEagle left I will try to help you My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following: Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Let's start and enjoy the fight! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-Malware Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed. First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with Farbar Recovery Scan Tool Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other. Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run. When the tool opens click Yes to disclaimer.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply.
  18. Aaah, I suppose you'd like to hear a little explanation Hosts: That command will reset your Hosts file to a fresh version, as your is quite old (2009) and outdated. Task: C:\Windows\Tasks\AutoKMS.job => ? This is only a task file which is orphaned - leads to nowhere. I've added this one to tidy up. AlternateDataStreams: C:\ProgramData\TEMP:5547042D AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0 AlternateDataStreams: C:\ProgramData\TEMP:ADE16379 AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4 These are alternate data streams. You canread about them here. They do not seem legit and I am removing them because they may hide really anything. Also they are attached to temporary locations, which causes me to suspect them. EmptyTemp: This commands simply empties the temporary files to keep your machine tidy. I am not here to mess with anything important to your machine, I am here to clean it
  19. ComboFix failed to delete the infection, probably due to SpyBot working in the background. I recommend to uninstall it, as this program is too weak for today security expectations. Also delete your version of ComboFix (simply move it to your Recycle Bin) and obtain a fresh one from provided link before the next scan. SpyBot S&D Warning MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products). My advice is to get rid of this program. To do so: Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.Search for SpyBot, right-click the entry and click Uninstall.Please do it, cause it may hinder the removals. Scan with ComboFix This is a very powerful tool that should be used only if advised by Malware Analyst. Do not run ComboFix on your own! Referring to this instruction, please download ComboFix by sUBs and save it to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here. Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Don't forget to re-enable your previously switched-off protection software!
  20. I don't fully understand. I have instructed FRST to remove them on a purpose
  21. User is being helped by me at another forum. https://forum.avast.com/index.php?topic=153870.msg1118849#msg1118849 Please don;t start multiple threads. It confuses helpers and wastes our time, while there are multiple people working with your issue. It may also cause interference in our scans and so. I'm asking this thread to be closed.
  22. It is not an infection. It is a program that is considered undesirable or unwanted and far from calling it an infection. Most of these are just apps that are bundled with another installators. In my closing speech there will be a tool provided that should protect you from most of these, however you should always stay focused when installing any new software (especially wneh downloading not from the official vendor's site). Your passwords should be perfectly safe, but I will ask you to do some more scans to be sure if there isn't anything more lurking here Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Press the + R on your keyboard at the same time. Type Notepad and click OK. Copy the entire content of the codebox below and paste into the Notepad document: startHKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\MountPoints2: {254a8ba5-6d27-11e1-88a1-806e6f6e6963} - E:\DistinguishOS.exeFF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.135\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.23.9\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.129\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.145\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.123\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.153\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.115\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.7\psuser.dll No FileHosts:Task: C:\Windows\Tasks\AutoKMS.job => ?AlternateDataStreams: C:\ProgramData\TEMP:5547042DAlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0AlternateDataStreams: C:\ProgramData\TEMP:ADE16379AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4EmptyTemp:endClick File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run. Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please include it in your reply. Scan with aswMBR Please download aswMBR by Avast! & Gmer and save it to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on the icon and select Run as Administrator to start the tool.Allow virtualisation if offered.If you are prompted to download the latest anti-virus definitions from avast!, click No.Select Scan.Upon completion, you will see Scan finished successfully. Click Save log.Do NOT click Fix or FixMBR! A file (MBR.dat) will be created on your desktop. Do NOT click or delete it! Copy the contents of the logfile ans paste in into your next reply. Do not forget to re-enable your previously switched-off protection software Scan with Security Check Please download Security Check by Screen317 and save it to your desktop. Right-click on icon and select Run as Administrator to start the tool.Follow onscreen instructions inside the black box. This scan won't take long.Soon a notepad document called checkup.txt will open automaticaly.Please include the content of that document.
  23. I know, but it also can make confusion. The purpose for scanning was to get other people, who will be researching logs, that the file was previously scanned and it is safe What are the current issues you are facing?
  24. Scan with VirusTotal Please go to VirusTotal. Click Choose File and locate the following file: C:\Windows\system32\Drivers\sfi.dat Click Scan it!.If you receive the following notification: File already analysed click Reanalyse.Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.