Jump to content

LiquidTension

Honorary Members
  • Posts

    4,182
  • Joined

  • Last visited

Posts posted by LiquidTension

  1. It's no problem at all, Wilson. 

    We're nearly done.

     

    Please delete this file: C:\Users\Admin\Downloads\cbsidlm-cbsi145-USB20_Driverzip-ORG-163914.exe    

     

    ​Let me know if there are any outstanding issues after completing the following. 

     

    STEP 1
    YARWD1t.png TDSSKiller Fix

    • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Change parameters. Ensure a checkmark is placed next to:
      • Loaded Modules
      • Detect TDLFS file system
      • Verify file digital signatures
    • ​Click Start Scan. Do not use the computer during the scan.
    • Upon completion, select Delete for the following items:
      \Device\Harddisk0\DR0 ( TDSS File System )
    • Click Continue and close the window. 
    • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
       

    STEP 2
    CXrghb6.png Update Outdated Software

    Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

    STEP 3
    EtQetiM.png Remove Outdated Software

    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the following programmes, right-click and click Uninstall one at a time.
    • Note: The programmes below may not be present. If this is the case, please skip to the next step.
      • Adobe Shockwave Player 12.0
      • Java 7 Update 65
    • Follow the prompts, and reboot if necessary.
       

    STEP 4
    zANS9oB.png Disable Java in Your Browser
    Due to frequent exploits we recommend you disable Java in your browser.
    For information on Java vulnerabilities, please read the following article (point #7).

    • Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
    • Click on the Java Control Panel. Once opened, click the Security tab.
    • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
    • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
    • Click OK in the Java Plug-in confirmation window.
    • Restart your browser(s) for changes to take effect.
    • More information can be found here and here.
       

    STEP 5
    oxliOQk.png Security Check

    • Please download SecurityCheck and save the file to your Desktop.
    • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    • A log (checkup.txt) will automatically open on your Desktop.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 6
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • TDSSKiller log (attached!)
    • checkup.txt
    • How is your computer performing? Are there any outstanding issues?
  2. Hi Wilson, 
     
    Please provide an update on your computer after completing the steps below. 
     
    STEP 1
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      start2014-10-30 15:43 - 2014-11-05 13:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Odics2014-10-30 15:43 - 2014-11-05 12:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\IdsoftC:\Users\Admin\AppData\LocalLow\Sun\sezovopqwirvC:\Users\Admin\AppData\LocalLow\Unity\LzsnbjjxEmptyTemp:end
    • Click FileSave As and type fixlist.txt as the File Name
    • Important: The file must be saved in the same location as FRST64.exe. 

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
       

    STEP 2
    YARWD1t.png TDSSKiller Scan

    • Please download TDSSKiller and save the file to your Desktop.
    • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Change parameters. Place a checkmark next to:
      • Loaded Modules
      • Detect TDLFS file system
      • Verify file digital signatures
    • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
    • ​Click Start Scan. Do not use the computer during the scan.
    • If objects are found, change the action to skip.
    • Click Continue and close the window.
    • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
       

    STEP 3
    GzlsbnV.png ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme. 
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Hide advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
    • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 4
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Fixlog.txt
    • TDSSKiller log (attached!)
    • ESET Online Scan log
    • Update on computer
  3. Hi Marc, 
     
    ESET not finding anything is very good. 
     
    ----------------
     
    Update Java (watch out for "Optional Offers" or bundled software) to reduce the risk of reinfection. 
    Ensure the following programmes are not installed.

    • J2SE Runtime Environment 5.0
    • Java 6 Update 23 (64-bit) 
       

    Now for the good news!
     
    All Clean!
    Congratulations, your computer appears clean!  :)
    I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
     
    My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
     
     
    STEP 1
    9SN2ePL.png ComboFix Uninstall

    • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
      ComboFix /Uninstall
    • Click OK.
    • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
       

    STEP 2
    AFZxnZc.jpg DelFix

    • Please download DelFix and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
      • Activate UAC
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore
      • Reset system settings
    • Click the Run button.

    -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
     
    ======================================================
     
    I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

    The following programmes come highly recommended in the security community.

    • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), preventing your files from being encrypted.
    • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
    • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

    -- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
     
    ======================================================
     
    Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
     
    Thank you for using Malwarebytes.
     
    Safe Surfing. :)    
    Adam (LiquidTension).

  4. Hi Kat, 

     

    I'm glad to hear the Service Pack installed without issue. 

    At some point I suggest you run a defrag if you do not have a SSD (Solid State Drive). Instructions here.

     

    Now for the good news!

     
    All Clean!
    Congratulations, your computer appears clean! :)
    I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
     
    My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
     
     
    STEP 1
    9SN2ePL.png ComboFix Uninstall

    • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
      ComboFix /Uninstall
    • Click OK.
    • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
       

    STEP 2
    AFZxnZc.jpg DelFix

    • Please download DelFix and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
      • Activate UAC
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore
      • Reset system settings
    • Click the Run button.

    -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
     
    ======================================================
     
    I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

    The following programmes come highly recommended in the security community.

    • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), preventing your files from being encrypted.
    • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
    • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

    -- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
     
    ======================================================
     
    Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
     
    Thank you for using Malwarebytes.
     
    Safe Surfing. :)    
    Adam (LiquidTension).

  5. Strange. 

    Lets try it a different way. 

     

    MgeHyNE.png Batch File

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      @echo offdir C:\Users\Admin\AppData /s > "%userprofile%\desktop\dirlook.txt"del %0
    • Click Format. Ensure Wordwrap is unchecked
    • Click FileSave As and name the file batchfile.bat
    • Select All Files as the Save as type.
    • Save the file to your Desktop
    • Locate batchfile.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
    • Once the black Command Prompt disappears, attach dirlook.txt (found on your Desktop) to your next post.
  6. Great! :)
     
    Now for the good news!
     
    All Clean!
    Congratulations, your computer appears clean! :)
    I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
     
    My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
     
    AFZxnZc.jpg DelFix

    • Please download DelFix and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
      • Activate UAC
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore
      • Reset system settings
    • Click the Run button.

    -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
     
    ======================================================
     
    I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

    The following programmes come highly recommended in the security community.

    • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), preventing your files from being encrypted.
    • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
    • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

    -- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
     
    ======================================================
     
    Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
     
    Thank you for using Malwarebytes.
     
    Safe Surfing. :)    
    Adam (LiquidTension).

  7. Very good, Ted. 

     

    We need to update your vulnerable software to reduce the risk of reinfection. 

     

    STEP 1
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      startC:\Users\Ted Weiss\Downloads\cbsidlm-tr1_14-Free_FLAC_to_MP3_Converter-SEO-75206134.exeC:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlcEmptyTemp:end
    • Click FileSave As and type fixlist.txt as the File Name
    • Important: The file must be saved in the same location as FRST64.exe. 

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
       

    STEP 2
    CXrghb6.png Update Outdated Software

    Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

    STEP 3
    EtQetiM.png Remove Outdated Software

    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the following programmes, right-click and click Uninstall one at a time.
    • Note: The programmes below may not be present. If this is the case, please skip to the next step.
      • Adobe Reader 9.4.6
      • Adobe Shockwave Player 11.5
    • Follow the prompts, and reboot if necessary.
       

    STEP 4
    oxliOQk.png Security Check

    • Please download SecurityCheck and save the file to your Desktop.
    • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    • A log (checkup.txt) will automatically open on your Desktop.
    • Copy the contents of the log and paste in your next reply.
       

    ======================================================
     
    STEP 3
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Fixlog.txt
    • How is your computer performing? Are there any outstanding issues?
  8. Hello, 
     
    Those logs look very good. 
    Please provide an update on your computer after completing the instructions below. 
     
    GzlsbnV.png ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme. 
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Hide advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
    • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
  9. Good job, Tina. 
    Please do the following. 
     
    STEP 1
    b8zkrsY.png Browser Reset
     
    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

    Proceed with the reset once done.

    STEP 2
    BY4dvz9.png AdwCleaner

    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Follow the prompts. 
    • Click Scan
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
    • Follow the prompts and allow your computer to reboot
    • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
     

    STEP 3
    E3feWj5.png Junkware Removal Tool (JRT)

    • Please download Junkware Removal Tool and save the file to your Desktop.
    • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Follow the prompts and allow the scan to run uninterrupted. 
    • Upon completion, a log (JRT.txt) will open on your desktop.
    • Re-enable your anti-virus software.
    • Copy the contents of JRT.txt and paste in your next reply.
       

    STEP 4
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
       

    ======================================================

    STEP 5
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Did your browsers reset OK?
    • AdwCleaner[s0].txt
    • JRT.txt
    • FRST.txt
    • Addition.txt
  10. Hello Rob1987, welcome to Malwarebytes' Malware Removal forum!
     
    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
     
    General P2P/Piracy Notice: 
     

    If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
    Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

     
    ======================================================
     
    Please read through the points below to ensure this process moves as quickly and efficiently as possible.

    • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
    • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
    • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
    • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
    • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
       

    ======================================================
     
    STEP 1
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      startHKU\S-1-5-21-2594571719-4226981117-547971859-1001\...\MountPoints2: {db0d3b7e-e5f2-11df-be42-806e6f6e6963} - E:\SETUP.EXEHKU\S-1-5-21-2594571719-4226981117-547971859-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2594571719-4226981117-547971859-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No FileBHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File2014-11-08 02:05 - 2014-11-08 02:05 - 00000000 ____D () C:\ProgramData\Windows Genuine AdvantageC:\ProgramData\4477985.padC:\ProgramData\frbbvzjj.bxxC:\ProgramData\frbbvzjj.fvvC:\Users\Home\AppData\Local\Temp\399408923.exeC:\Users\Home\AppData\Local\Temp\400026234.exeC:\Users\Home\AppData\Local\Temp\uninstall.exeC:\Users\Home\AppData\Local\Temp\_is7545.exeCustomCLSID: HKU\S-1-5-21-2594571719-4226981117-547971859-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?AlternateDataStreams: C:\ProgramData\Temp:52DBE86FCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
    • Click FileSave As and type fixlist.txt as the File Name.
    • Important: The file must be saved in the same location as FRST64.exe.

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
       

    STEP 2
    GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

    • Open Malwarebytes Anti-Malware and click Update Now.
    • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
    • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs and double-click the Scan Log.
    • Click Copy to Clipboard and paste the log in your next reply. 
       

    STEP 3
    9SN2ePL.png ComboFix

    • Note: Please read through these instructions before running ComboFix. 
    • Please download ComboFix and save the file to your Desktop. << Important!
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Follow the prompts. 
       
    • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
    • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
    • Re-enable your anti-virus software.
       

    Important Notes:

    • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
    • Do NOT use your computer whilst ComboFix is running.
    • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
       
    • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
    • ComboFix will disconnect your machine from the Internet as soon as it starts.
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
       

    STEP 4
    YARWD1t.png TDSSKiller Scan

    • Please download TDSSKiller and save the file to your Desktop.
    • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Change parameters. Place a checkmark next to:
      • Loaded Modules
      • Detect TDLFS file system
      • Verify file digital signatures
    • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
    • ​Click Start Scan. Do not use the computer during the scan.
    • If objects are found, change the action to skip.
    • Click Continue and close the window.
    • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
       

    ======================================================
     
    STEP 5
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Fixlog.txt
    • MBAM log
    • ComboFix.txt
    • TDSSKiller log (attached!)
  11. Hello dhm24, welcome to Malwarebytes' Malware Removal forum!
     
    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that. :)
     
    General P2P/Piracy Notice: 
     

    If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
    Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

     
    ======================================================
     
    Please read through the points below to ensure this process moves as quickly and efficiently as possible.

    • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
    • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
    • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
    • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
    • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
       

    ======================================================

     

    Please consider the following suggestion, and proceed with the instructions below. 
     

    goGMWSt.gifSpybot S&D No Longer Recommended

    ------------------------------

    MVPS.org is no longer recommending Spybot S&D due to poor testing results (scroll down and read under Freeware Antispyware Products).

    I would advise uninstalling Spybot S&D. The presence of this programme can make the cleaning of your computer more difficult. You can uninstall the programme by:

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for Spybot, right-click the entry and click Uninstall.
    Please inform me of your decision.

     
    STEP 1
    EtQetiM.png Uninstall Software

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the following programmes, right-click and click Uninstall.
    • Note: Ensure you decline offers of additional software if applicable.
      • Coupon Printer for Windows 
    • Follow the prompts.
    • Reboot if necessary.
       

    STEP 2
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      startHKLM-x32\...\Run: [] => [X]HKU\S-1-5-18\...\RunOnce: [{90150000-00A1-0439-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90150000-0016-0439-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90150000-0018-0439-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90150000-001B-0439-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90150000-012B-0439-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90150000-00BA-0439-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90150000-001A-0439-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:HProxyServer: http=127.0.0.1:49171;https=127.0.0.1:49171SearchScopes: HKLM - DefaultScope {C73C2370-213D-47C6-9A9A-A3542D907956} URL = http://www.bing.com/...IE9TR&pc=MDDSJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM - {C73C2370-213D-47C6-9A9A-A3542D907956} URL = http://www.bing.com/...IE9TR&pc=MDDSJSSearchScopes: HKLM-x32 - DefaultScope {C73C2370-213D-47C6-9A9A-A3542D907956} URL = http://www.bing.com/...IE9TR&pc=MDDSJSSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 - {C73C2370-213D-47C6-9A9A-A3542D907956} URL = http://www.bing.com/...IE9TR&pc=MDDSJSSearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =SearchScopes: HKCU - {C73C2370-213D-47C6-9A9A-A3542D907956} URL =SearchScopes: HKCU - {FC949C7C-4A0D-4396-8333-579A54BB6DA3} URL = https://search.yahoo...p={SearchTerms}FF SearchEngineOrder.1: Secure SearchFF Keyword.URL: https://search.yahoo...550D20131024&p=FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)FF SearchPlugin: C:\Users\Parmesh\AppData\Roaming\Mozilla\Firefox\Profiles\5dpvzlky.default\searchplugins\trovi-search-1.xmlFF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M09CFA02A-5B16-4CBC-9848-EA00418D9DE7&SearchSource=55&CUI=&UM=6&UP=SPB6EE7D0C-6C5D-4B1A-9DA7-FA96A7BD6C2B&SSPV=CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M09CFA02A-5B16-4CBC-9848-EA00418D9DE7&SearchSource=55&CUI=&UM=6&UP=SPB6EE7D0C-6C5D-4B1A-9DA7-FA96A7BD6C2B&SSPV="S2 0015011414253287mcinstcleanup; C:\Windows\TEMP\001501~1.EXE -cleanup -nolog [X]2014-11-08 14:37 - 2014-11-08 14:37 - 00880272 _____ (Google Inc.) C:\Users\Parmesh\Downloads\ChromeSetup(1).exe2014-11-08 14:06 - 2014-11-08 14:06 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup2014-11-08 14:06 - 2014-11-08 14:06 - 00000000 ____D () C:\Users\Parmesh\AppData\Roaming\DriverFinderTask: {F3ADC4C5-7868-4CDA-9AED-571BB82D84E9} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTIONC:\Program Files (x86)\MyPC BackupCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
    • Click FileSave As and type fixlist.txt as the File Name
    • Important: The file must be saved in the same location as FRST64.exe. 

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
       

    STEP 3
    BY4dvz9.png AdwCleaner

    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts. 
    • Click Scan
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
    • Follow the prompts and allow your computer to reboot
    • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
     
     
    STEP 4
    E3feWj5.png Junkware Removal Tool (JRT)

    • Please download Junkware Removal Tool and save the file to your Desktop.
    • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click JRT.exe and select Run as administrator to run the programme.
    • Follow the prompts and allow the scan to run uninterrupted. 
    • Upon completion, a log (JRT.txt) will open on your desktop.
    • Re-enable your anti-virus software.
    • Copy the contents of JRT.txt and paste in your next reply.
       

    STEP 5
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

    • Right-Click FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

     
    ======================================================
     
    STEP 6
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Did you uninstall Spybot?
    • Did the programme uninstall OK?
    • Fixlog.txt
    • AdwCleaner[s0].txt
    • JRT.txt
    • FRST.txt
    • Addition.txt
  12. Hi Adam, thank you for your continued assistance.

    It's my pleasure, Kat. :)

     

    Most of what ESET detected are files we've already quarantined, and so are not a threat. 

     

    We now need to update your vulnerable software to reduce the risk of reinfection. 

     

    STEP 1

    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.

      startC:\Users\Kathryn\AppData\Local\AgworksC:\Users\Kathryn\AppData\Local\YSPackC:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dllC:\Users\Kathryn\AppData\Roaming\Mozilla\Firefox\Profiles\gnuq7cib.default-1373174393507\extensions\{9C3BAE2B-4D25-2032-9C52-287A96DC3C3D}C:\Users\Kathryn\Downloads\ccsetup402.exeC:\Users\Kathryn\Downloads\ccsetup403.exeC:\Users\Kathryn\Downloads\Shockwave_Installer_Slim(1).exeC:\Users\Kathryn\Downloads\Shockwave_Installer_Slim.exeC:\WINDOWS\System32\Adobe\Shockwave 12\gt.exeC:\WINDOWS\SysWOW64\Adobe\Shockwave 12\gt.exeEmptyTemp:end
    • Click FileSave As and type fixlist.txt as the File Name
    • Important: The file must be saved in the same location as FRST64.exe. 

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

       

    STEP 2

    CXrghb6.png Update Outdated Software

    Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

    • iTeOzi7.png Adobe Air
    • jfMhRM5.png Adobe Flash Player (uncheck the "Optional Offer")
    • 3bWY3LP.png Adobe Shockwave Player
    • j8JVMVP.jpg Java (watch out for "Optional Offers" or bundled software)
    • u9DsAVv.png Follow these instructions to check for and download the latest Windows Updates.
    • ehzOq95.png I recommend installing the latest version of Internet Explorer for added security. The latest version IE can be installed via Windows Update.

       

    STEP 3

    EtQetiM.png Remove Outdated Software

    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the following programmes, right-click and click Uninstall one at a time.
    • Note: The programmes below may not be present. If this is the case, please skip to the next step.
      • Adobe Shockwave Player 12.0
      • Java 7 Update 71
      • JavaFX 2.1.1
    • Follow the prompts, and reboot if necessary.

       

    STEP 4

    zANS9oB.png Disable Java in Your Browser

    Due to frequent exploits we recommend you disable Java in your browser.

    For information on Java vulnerabilities, please read the following article (point #7).

    • Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
    • Click on the Java Control Panel. Once opened, click the Security tab.
    • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
    • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
    • Click OK in the Java Plug-in confirmation window.
    • Restart your browser(s) for changes to take effect.
    • More information can be found here and here.

       

    STEP 5

    oxliOQk.png Security Check

    • Please download SecurityCheck and save the file to your Desktop.
    • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    • A log (checkup.txt) will automatically open on your Desktop.
    • Copy the contents of the log and paste in your next reply.

       

    ======================================================

     

    STEP 6

    pfNZP4A.png Logs

    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Fixlog.txt
    • checkup.txt
    • How is your computer performing? Are there any outstanding issues?
  13. Hello Wilson, 
     
    Those logs are looking much better.
    But the Script did not complete. 
     
    Please run this. There's more than likely malware hiding in your AppData folder, and we need to find it. Allow this to run for as long as it needs. 
     
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      startFolder: C:\Users\Admin\AppDataend
    • Click FileSave As and type fixlist.txt as the File Name
    • Important: The file must be saved in the same location as FRST64.exe. 

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. This log will be very large. Ensure you attach the file in your next reply.
  14. Hi Jerry, 
     
    Please work your way through the following. Let me know how your PC is performing afterwards. 
     
    STEP 1
    b8zkrsY.png Browser Reset
     
    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

    Proceed with the reset once done.

    STEP 2
    xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Reset Download Settings

    • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type inetcpl.cpl and click OK.
    • Click Security
    • Click Custom level....
    • Click Reset
    • Click OK.
    • In the Security tab, click Reset all zones to default level.
       

    STEP 3
    BY4dvz9.png AdwCleaner

    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Follow the prompts. 
    • Click Scan
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
    • Follow the prompts and allow your computer to reboot
    • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
     

    STEP 4
    E3feWj5.png Junkware Removal Tool (JRT)

    • Please download Junkware Removal Tool and save the file to your Desktop.
    • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Follow the prompts and allow the scan to run uninterrupted. 
    • Upon completion, a log (JRT.txt) will open on your desktop.
    • Re-enable your anti-virus software.
    • Copy the contents of JRT.txt and paste in your next reply.
       

    STEP 5
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

    • (!) Switch profile to Powell Family II, and then back to Optiplex-755 just as you did before. 
    • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
       

    ======================================================

    STEP 6
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Did your browsers reset OK? 
    • Did you reset your download settings?
    • AdwCleaner[s0].txt
    • JRT.txt
    • FRST.txt
    • Addition.txt
  15. Hello, 
     
    This is a leftover from RogueKiller, and is associated with Poweliks:

    HKU\S-1-5-21-740854939-596749143-33656547-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!

    It's important Poweliks is completely removed from the system.
     
    Please work your way through the following.

    STEP 1
    6JO0hXH.png Revo Uninstaller

    • Please download and install Revo Uninstaller Free.
    • Double-click Revo Uninstaller to run the programme. 
    • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
      • Coupon Printer for Windows
      • Game Booster 3
      • MyFreeCodec
      • Pando Media Booster 
    • Double-click the programme. 
    • When prompted if you want to uninstall click Yes.
    • Ensure the Moderate option is selected and click Next.
    • The programme uninstaller will run. If prompted again click Yes.
    • Work your way through the uninstaller, ensuring you read each page thoroughly.
    • Note: Ensure you decline offers of additional software if applicable. 
    • Once the built-in uninstaller is finished click Next.
    • Once the programme has searched for leftovers click Next.
    • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
    • When prompted click Yes, followed by Next.
    • Click Select all, followed by Delete.
    • When prompted click Yes, followed by Next.
    • Once done click Finish.
       

    STEP 2
    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      startHKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-740854939-596749143-33656547-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!CHR HKU\S-1-5-21-740854939-596749143-33656547-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbclURLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No FileHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM - {4D021B5E-94AC-4CD7-A431-73D1FD7744BD} URL = SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =SearchScopes: HKCU - {4D021B5E-94AC-4CD7-A431-73D1FD7744BD} URL = http://search.condui...4517046259&UM=2SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}SearchScopes: HKCU - {F63B837C-EBDD-4BDA-9439-FA5D2BB93167} URL = http://www.search.as...archTerms}&psv=BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No FileToolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No FileWinsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()FF SelectedSearchEngine: Yahoo! (Avast)FF DefaultSearchEngine: Yahoo! (Avast)FF DefaultSearchUrl: https://search.yahoo.com/yhs/searchFF SearchEngineOrder.1: Yahoo! (Avast)FF Keyword.URL: https://search.yahoo.com/yhs/searchFF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin HKU\S-1-5-21-740854939-596749143-33656547-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF SearchPlugin: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\9f1iknzs.default\searchplugins\yahoo-avast.xmlCHR HomePage: Default -> https://www.yahoo.co...t&type=avastbclCHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileC:\Program Files (x86)\Pando NetworksCHR Extension: (McAfee Security Scan+) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-23]CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Bill\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx []S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]C:\Users\Bill\AppData\Local\Temp\dllnt_dump.dllTask: {405F6C1F-060D-4E73-8D1E-CCE54B8BB521} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTIONTask: {EE16559A-9A22-4CCA-B643-C1C6A243F351} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTIONTask: {F93A3EFE-7D76-44AF-B6A2-37C65EFAE482} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTIONreg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /fC:\Program Files (x86)\Ask.comCMD: type C:\Combofix.txtFolder: C:\32788R22FWJFWCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
    • Click FileSave As and type fixlist.txt as the File Name
    • Important: The file must be saved in the same location as FRST64.exe. 

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

    • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
       

    STEP 3
    b8zkrsY.png Browser Reset
     
    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

    Proceed with the reset once done. Internet Explorer must be reset, even if you do not use the browser.

    STEP 4
    BY4dvz9.png AdwCleaner

    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Follow the prompts. 
    • Click Scan
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
    • Follow the prompts and allow your computer to reboot
    • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
     

    STEP 5
    E3feWj5.png Junkware Removal Tool (JRT)

    • Please download Junkware Removal Tool and save the file to your Desktop.
    • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
    • Follow the prompts and allow the scan to run uninterrupted. 
    • Upon completion, a log (JRT.txt) will open on your desktop.
    • Re-enable your anti-virus software.
    • Copy the contents of JRT.txt and paste in your next reply.
       

    ======================================================

    STEP 6
    pfNZP4A.png Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

    • Did the programmes uninstall OK?
    • Fixlog.txt
    • Did your browsers reset OK?
    • AdwCleaner[s0].txt
    • JRT.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.