dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 28, 2014 12:02:42 GMT -8
It is best to have the tools on the desktop; we clean up the tools later so as to leave the system uncluttered when finished but it is hard to find the tools everywhere. Also some tools run with relative paths from the desktop.
Right now, Poweliks is broken and removed but we need to check for any of its "friends" that it brought along "for the ride" so to speak. Read carefullyDownload Adwcleaner from here to your desktop and run a scan. You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning). It will create a log after it is finished scanning. If not (or if it just asks for you to uncheck what you don't wanted deleted), there is a Report button in the middle of the main window; click that and it will make the log file. Once the report file is made, you can leave AdwCleaner running (but don't delete anything yet) or you can close it down (we can always get a fresh scan done before the deletions). ONE SCAN ONLY, PLEASEAttach or paste the log back here for review and further instructions. Thanks.
|
|
|
Post by gailjr on Nov 28, 2014 14:51:23 GMT -8
# AdwCleaner v4.102 - Report created 28/11/2014 at 17:03:23 # Updated 23/11/2014 by Xplode # Database : 2014-11-27.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Gil Jr - GILJR-PC # Running from : C:\Users\Gil Jr\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\FlvPlayer
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
*************************
AdwCleaner[R0].txt - [2033 octets] - [28/11/2014 17:03:23]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2093 octets] ##########
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 28, 2014 18:02:06 GMT -8
FIRSTPlease run AdwCleaner again (if you don't have it running from the last scan) and a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done). b) Make sure in your case all the items under each TAB are ticked / checked then. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted. d) It should create a new log afterwards (with S0 in the name). e) Please attach or copy the log into your reply here. SECONDMalwarebytes' Anti-MalwarePlease download the latest version of Malwarebytes' Anti-Malware from HereDouble Click on the mbam-setup.exe file to install the application. Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link Once the program has loaded and updated, select " Scan Now >>" to start the scan. The scan may take some time to finish, so please be patient. If any malware is found, you will be presented with a screen like the one below. Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop). After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that. Please attach the report file to a post here; I will review the file and script what needs to be removed.
|
|
|
Post by gailjr on Nov 28, 2014 18:37:35 GMT -8
here is first log after adw scan
# AdwCleaner v4.102 - Report created 28/11/2014 at 21:30:41 # Updated 23/11/2014 by Xplode # Database : 2014-11-27.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Gil Jr - GILJR-PC # Running from : C:\Users\Gil Jr\Desktop\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\FlvPlayer
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
*************************
AdwCleaner[R0].txt - [2189 octets] - [28/11/2014 17:03:23] AdwCleaner[S0].txt - [2130 octets] - [28/11/2014 21:30:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2190 octets] ##########
going to do part 2 now.
|
|
|
Post by gailjr on Nov 28, 2014 19:06:28 GMT -8
|
|
|
Post by gailjr on Nov 28, 2014 19:07:33 GMT -8
my Norton also noted a Powerclik file when the computer restarted.
I will be going to sleep soon and catch up with you tomorrow.
Thank you for all your help.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 28, 2014 19:43:44 GMT -8
Powerclik or Powelik?
|
|
|
Post by gailjr on Nov 29, 2014 4:45:21 GMT -8
I went into my security log and it said Poweliks!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 29, 2014 11:08:47 GMT -8
Read Slowly and all of it.If you still have a Addition.txt log file on your desktop, please delete it now. Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator". The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Select Additional.txt in the Optional Scans section of FRST64. Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or filedropper.com to upload the file and then post the download link here in your reply post.
|
|
|
Post by gailjr on Nov 29, 2014 15:16:03 GMT -8
there is not a .txt document that says addition only this one FRST.txt
|
|