|
Post by choltz on Feb 13, 2014 9:40:06 GMT -8
Attachment DeletedSee attached. The path in this screen is: naaaefjdlbejbglenfklnkfdapdfohp;http://mediaply.net/mediaplayer/update/updateMediaPlayerV1alpha448.xml
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 13, 2014 9:46:44 GMT -8
Please download SystemLook from the link below and save it to your Desktop. jpshortstuff.247fixes.com/SystemLook.html the 64 bit version Disable Norton for say 30 mins or more as this took take some time with the amount of search items Start Systemlookv64Copy the content of the following below inside the codebox into the main textfield: (don't forget the : in front of :regfind) :regfind naaaefjdlbejbglenfklnkfdhapdfohp
Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply (attach to message). Note: The log can also be found on your Desktop entitled SystemLook.txt Quads
|
|
|
Post by choltz on Feb 13, 2014 12:05:12 GMT -8
Attachment DeletedHere is the SystemLook log. Looks like it didn't find any more of the virus path....?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 13, 2014 12:48:49 GMT -8
Hmmmm still has to be there somewhere for it to show in Google
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 13, 2014 13:06:01 GMT -8
OK found systemlook for whatever reason does not find that key even if it is there
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST64 that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
Restart your System and allow it to boot in Normal Mode (or are you not able to??)
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by choltz on Feb 13, 2014 14:52:27 GMT -8
Attachment DeletedHere is the Fixlog. I ran FRST per your instructions. Looks like it didn't see the file.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 13, 2014 15:22:16 GMT -8
Hmmmmm newer versions of chrome
Try this attached fixlist to use with FRST to search known keys it can user and folders.
Quads
|
|
|
Post by choltz on Feb 14, 2014 6:54:25 GMT -8
Attachment DeletedHere is the Fixlog from running FRST with the new script in your last post. Just let me say I am so very impressed with your work and appreciate the time/effort you are putting in to helping me with this!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 8:18:15 GMT -8
I infected my system with something very close to a variant of what you have is your one, to go about find it.
There is is in logs
Number 35378EAC-683F-11D2-A89A-00C04FBBCFA2, Registry.pol and inside gpt.ini (but gpt.ini is legit have to work out how to clean that one.)
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 14, 2014 8:45:32 GMT -8
Start Systemlookv64
Copy the content of the following below inside the codebox into the main textfield: (don't forget the : in front of :regfind)
:regfind VideoPlayerV3beta MediaPlayerV1alpha 35378EAC-683F-11D2-A89A-00C04FBBCFA2
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply (attach to message).
Note: The log can also be found on your Desktop entitled SystemLook.txt
Quads
|
|