Jump to content

Recommended Posts

Welcome to the forum.....What a mess!!!!

Before we begin, please create a new system restore point and.......

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ==================================

    Please uninstall all of these programs if possible.

    You can use Revo Uninstaller Free to ease the process if needed:

    Please download and install Revo Uninstaller Free

    http://www.revouninstaller.com/start_freeware_download.html

    Double click Revo Uninstaller to run it.

    From the list of programs double click on The Program to remove

    When prompted if you want to uninstall click Yes.

    Be sure the Moderate option is selected then click Next.

    The program will run, If prompted again click Yes

    when the built-in uninstaller is finished click on Next.

    Once the program has searched for leftovers click Next.

    Check/tick the bolded items only on the list then click Delete

    when prompted click on Yes and then on next.

    put a check on any folders that are found and select delete

    when prompted select yes then on next

    Once done click Finish.

    7-zip v9.20

    bauyfast

    cHieuAp4all

    Codec Pack Packages

    ddailyprize

    Dealply

    DealPly (remove only)

    Delta Chrome Toolbar

    Delta toolbar

    DNS Unlocker version 1.4

    dolllArsaiver

    faastsaler

    Hearthstone Stream Browser

    HQCinema Pro 2.1V28.02

    iLivid

    lloWraatee

    MyPC Backup

    noIcenufReie

    ofeferdeal

    oiffersale

    omniboxes uninstall

    OverTask

    quiCCkshop

    raoCCketdeala

    Remote Desktop Access

    shopshop

    Super Optimizer v3.2

    Update for Codec Pack

    =============================================

    Next:

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ==========================

    Lets check for any adware/spyware now:

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program that may have been targeted by mistake.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please Update and run a Threat Scan (Malwarebytes)

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    To download, install and run Malwarebytes:

    https://www.malwarebytes.org/mwb-download/<---download from here

    http://www.tomsguide.com/us/malwarebytes-how-to,news-18841.html<---guide

    MrC

fixlist.txt

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

========================

CHR dev: Chrome dev build detected! <======= ATTENTION

Google Chrome has been compromised!
The malware has modified your Google Chrome to the development version which makes you vulnerable to future infection. We need to uninstall Google Chrome and then download/re-install a new version.

https://support.google.com/chrome/answer/95319?hl=en<---uninstall
https://support.google.com/chrome/answer/95346?hl=en<---download and install

Let me know how it is.....MrC

fixlist.txt

Link to post
Share on other sites
  • 3 weeks later...

Hi,

 

Having followed your instructions, I ran Opera, Chrome and Firefox.  Opera and seem okay but Firefox still dogged by all sorts of rubbish.

 

Fixlog.txt content:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Daddy (2015-10-31 12:41:06) Run:2
Running from C:\Users\Daddy\Desktop\Malwarebytes
Loaded Profiles: Daddy (Available Profiles: Daddy & Sam & Nellie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\ProgramData\Internet Helper Anti-phishing
HKLM-x32\...\Run: [internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)
SearchScopes: HKU\S-1-5-21-3623026587-3860720058-271737125-1001 -> {FDF1F1B1-5BD8-4234-BB21-BF6253A2DD58} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_09&param1=1&param2=f%253D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyByB0DtB0DzytCyCyBtCtN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyEtBzzzyzztByCtG0CtD0FyDtG0CtB0A0CtG0DtAyBzztGyB0B0DtCtA0C0B0CyEtD0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DtC0AyCzy0BtG0E0F0D0EtGyEyEyByBtG0A0Bzy0EtG0DzyyE0CyD0AyDyEtA0D0CyD2Q%26cr%3D790217884%26a%3Dwny_wnzp_15_09%26os%3DWindows 7 Home Premium&p={searchTerms}
FF Extension: Summer Sports - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\cy7hpxr5.default\Extensions\BJ35iqJ@gmail.com [2015-05-27]
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1425140025&from=obw&uid=WDCXWD1001FAES-75W7A0_WD-WCATR541459314593
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1425140025&from=obw&uid=WDCXWD1001FAES-75W7A0_WD-WCATR541459314593"
CHR Extension: (ciajakjjdopefddbfcjpiabklfjjdmjn) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn [2015-04-01]
CHR Extension: (kikeacjcceacohckgiajooneiabebfjj) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-03-04]
CHR Extension: (Summer Sports) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb [2015-05-27]
CHR Extension: (ciajakjjdopefddbfcjpiabklfjjdmjn) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn [2015-04-01]
CHR Extension: (kikeacjcceacohckgiajooneiabebfjj) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-03-04]
CHR Extension: (Summer Sports) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb [2015-05-27]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S1 xxqcbaox; \??\C:\Windows\system32\drivers\xxqcbaox.sys [X]
C:\Windows\system32\drivers\xxqcbaox.sys
C:\Users\Daddy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6c19z.dll
C:\Users\Daddy\AppData\Local\Temp\GURF91D.exe
C:\Users\Daddy\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File


*****************

Restore point was successfully created.
C:\ProgramData\Internet Helper Anti-phishing => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Internet Helper Anti-phishing => value removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDF1F1B1-5BD8-4234-BB21-BF6253A2DD58}" => key removed successfully
HKCR\CLSID\{FDF1F1B1-5BD8-4234-BB21-BF6253A2DD58} => key not found.
C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\cy7hpxr5.default\Extensions\BJ35iqJ@gmail.com => moved successfully
C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\cy7hpxr5.default\Extensions\BJ35iqJ@gmail.com => path removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeacjcceacohckgiajooneiabebfjj => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciajakjjdopefddbfcjpiabklfjjdmjn => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kikeacjcceacohckgiajooneiabebfjj => moved successfully
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb => moved successfully
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service stopped successfully.
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => service removed successfully
xxqcbaox => service not found.
"C:\Windows\system32\drivers\xxqcbaox.sys" => not found.
"C:\Users\Daddy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6c19z.dll" => not found.
C:\Users\Daddy\AppData\Local\Temp\GURF91D.exe => moved successfully
C:\Users\Daddy\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3623026587-3860720058-271737125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully

==== End of Fixlog 12:42:00 ====

Link to post
Share on other sites
  • 6 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.