Another Victim of Ad playing Trojan?

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Let me know how it is, MrC

[wireless_one]

here are the results!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014 02

Ran by Kevin Barlay at 2014-01-16 08:45:16 Run:1

Running from C:\Users\Kevin Barlay\Desktop\cleanup2

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

C:\Windows\system32\zkahe.clj

C:\Windows\system32\ynwbri.zum

C:\Windows\system32\udajgdh.egk

C:\Windows\system32\mcirn.jsk

C:\Windows\system32\sxnaff.ccj

C:\Windows\system32\zpcztzl.gaw

C:\Windows\system32\rjzq.lkt

C:\Windows\system32\qcsfkt.mxj

C:\Windows\system32\dknbis.kyz

C:\Windows\system32\hipa.wjn

C:\Windows\system32\Drivers\zh-TW

C:\Windows\system32\Drivers\zh-CN

C:\Windows\system32\Drivers\tr-TR

C:\Windows\system32\Drivers\th-TH

C:\Windows\system32\Drivers\sv-SE

C:\Windows\system32\Drivers\ru-RU

C:\Windows\system32\Drivers\ro-RO

C:\Windows\system32\Drivers\pt-PT

C:\Windows\system32\Drivers\pt-BR

C:\Windows\system32\Drivers\pl-PL

C:\Windows\system32\Drivers\nl-NL

C:\Windows\system32\Drivers\nb-NO

C:\Windows\system32\Drivers\ko-KR

C:\Windows\system32\Drivers\ja-JP

C:\Windows\system32\Drivers\it-IT

C:\Windows\system32\Drivers\hu-HU

C:\Windows\system32\Drivers\he-IL

C:\Windows\system32\Drivers\fr-FR

C:\Windows\system32\Drivers\fi-FI

C:\Windows\system32\Drivers\el-GR

C:\Windows\system32\Drivers\de-DE

C:\Windows\system32\Drivers\ar-SA

C:\Windows\system32\zh-TW

C:\Windows\system32\zh-CN

C:\Windows\system32\tr-TR

C:\Windows\system32\th-TH

C:\Windows\system32\sv-SE

C:\Windows\system32\ru-RU

C:\Windows\system32\ro-RO

C:\Windows\system32\pt-PT

C:\Windows\system32\pt-BR

C:\Windows\system32\pl-PL

C:\Windows\system32\nl-NL

C:\Windows\system32\nb-NO

C:\Windows\system32\ja-JP

C:\Windows\system32\it-IT

C:\Windows\system32\hu-HU

C:\Windows\system32\he-IL

C:\Windows\system32\fr-FR

C:\Windows\system32\fi-FI

C:\Windows\system32\el-GR

C:\Windows\system32\de-DE

C:\Windows\system32\ar-SA

 

*****************

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.

HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.

C:\Windows\system32\zkahe.clj => Moved successfully.

C:\Windows\system32\ynwbri.zum => Moved successfully.

C:\Windows\system32\udajgdh.egk => Moved successfully.

C:\Windows\system32\mcirn.jsk => Moved successfully.

C:\Windows\system32\sxnaff.ccj => Moved successfully.

C:\Windows\system32\zpcztzl.gaw => Moved successfully.

C:\Windows\system32\rjzq.lkt => Moved successfully.

Could not move "C:\Windows\system32\qcsfkt.mxj" => Scheduled to move on reboot.

C:\Windows\system32\dknbis.kyz => Moved successfully.

C:\Windows\system32\hipa.wjn => Moved successfully.

C:\Windows\system32\Drivers\zh-TW => Moved successfully.

C:\Windows\system32\Drivers\zh-CN => Moved successfully.

C:\Windows\system32\Drivers\tr-TR => Moved successfully.

C:\Windows\system32\Drivers\th-TH => Moved successfully.

C:\Windows\system32\Drivers\sv-SE => Moved successfully.

C:\Windows\system32\Drivers\ru-RU => Moved successfully.

C:\Windows\system32\Drivers\ro-RO => Moved successfully.

C:\Windows\system32\Drivers\pt-PT => Moved successfully.

C:\Windows\system32\Drivers\pt-BR => Moved successfully.

C:\Windows\system32\Drivers\pl-PL => Moved successfully.

C:\Windows\system32\Drivers\nl-NL => Moved successfully.

C:\Windows\system32\Drivers\nb-NO => Moved successfully.

C:\Windows\system32\Drivers\ko-KR => Moved successfully.

C:\Windows\system32\Drivers\ja-JP => Moved successfully.

C:\Windows\system32\Drivers\it-IT => Moved successfully.

C:\Windows\system32\Drivers\hu-HU => Moved successfully.

C:\Windows\system32\Drivers\he-IL => Moved successfully.

C:\Windows\system32\Drivers\fr-FR => Moved successfully.

C:\Windows\system32\Drivers\fi-FI => Moved successfully.

C:\Windows\system32\Drivers\el-GR => Moved successfully.

C:\Windows\system32\Drivers\de-DE => Moved successfully.

C:\Windows\system32\Drivers\ar-SA => Moved successfully.

C:\Windows\system32\zh-TW => Moved successfully.

C:\Windows\system32\zh-CN => Moved successfully.

C:\Windows\system32\tr-TR => Moved successfully.

C:\Windows\system32\th-TH => Moved successfully.

C:\Windows\system32\sv-SE => Moved successfully.

C:\Windows\system32\ru-RU => Moved successfully.

C:\Windows\system32\ro-RO => Moved successfully.

C:\Windows\system32\pt-PT => Moved successfully.

C:\Windows\system32\pt-BR => Moved successfully.

C:\Windows\system32\pl-PL => Moved successfully.

C:\Windows\system32\nl-NL => Moved successfully.

C:\Windows\system32\nb-NO => Moved successfully.

C:\Windows\system32\ja-JP => Moved successfully.

C:\Windows\system32\it-IT => Moved successfully.

C:\Windows\system32\hu-HU => Moved successfully.

C:\Windows\system32\he-IL => Moved successfully.

C:\Windows\system32\fr-FR => Moved successfully.

C:\Windows\system32\fi-FI => Moved successfully.

C:\Windows\system32\el-GR => Moved successfully.

C:\Windows\system32\de-DE => Moved successfully.

C:\Windows\system32\ar-SA => Moved successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-16 08:50:39)<=

 

C:\Windows\system32\qcsfkt.mxj => Is moved successfully.

 

==== End of Fixlog ====

[MrCharlie]

OK...how is it??? MrC

[wireless_one]

so far so good, but I have purposely not opened IE for fear of unleashing the Kracken again . . . looks like the last task was to fix that but will wait for confirmation.

[MrCharlie]

Give it a try, use it for a day and get back to me, MrC

[wireless_one]

thanks for the help . . .will let you know . . .

[wireless_one]

all seems good!  I updated IE to IE11 and ran it a couple of times . . . .

[MrCharlie]

OK...Take Care MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.