|
Post by justcuzz on Jul 20, 2014 0:42:42 GMT -8
ya. it's a mess
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 20, 2014 1:07:35 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by justcuzz on Jul 20, 2014 1:48:04 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 20, 2014 1:53:58 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Just close Adwcleaner down (not cleaning anything) if I have logged off and gone to bed Quads
|
|
|
Post by justcuzz on Jul 20, 2014 2:18:07 GMT -8
# AdwCleaner v3.216 - Report created 20/07/2014 at 06:03:59 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : TheSon - NEXUS # Running from : C:\Users\TheSon\Downloads\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
[#] Service Deleted : globalUpdate [#] Service Deleted : globalUpdatem [#] Service Deleted : vToolbarUpdater18.1.7
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Users\TheSon\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\TheSon\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\TheSon\AppData\Local\Temp\focusbase Folder Deleted : C:\Users\TheSon\AppData\Local\Temp\OCS Folder Deleted : C:\Users\TheSon\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\TheSon\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\TheSon\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0058362.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544834462} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832262} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835562} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836662} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\OCS Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\GlobalUpdate Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\TheSon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3308837&octid=EB_ORIGINAL_CTID&ISID=M3808C38E-A5F0-4D09-9842-004EF69F2A64&SearchSource=58&CUI=&UM=5&UP=SPE4F8E7DE-41A5-477D-AF62-BF56D94AA7AA&q={searchTerms}&SSPV= Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MA3E5C78D-C60D-4AC0-986A-6AD2142141AA&SearchSource=58&CUI=&UM=2&UP=SP0E1BC7DD-4622-4EA4-A62D-FBC8FBD54B5A&q={searchTerms}&SSPV= Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=89e4a23c-79e3-0c33-6d87-7df8dea6ae14&searchtype=ds&q={searchTerms}&installDate=07/01/2014 Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0A0EtBtBtD0ByDyD0F0FtCzzyCyB0A0FtN0D0Tzu0SzytDtCtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0FtAzz0F0FyEtGtBzyyEzztG0EyB0EzztGyDyEyEyDtGtByDyB0C0BtCyBtByDyDtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyByE0Azz0EtA0DtG0A0FyBzztGyC0D0FyBtGyE0B0AyBtGyEyE0CtA0DtC0A0ByB0Azy0F2Q&cr=109513674&ir= Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb Deleted [Extension] : obciceimmggglbmelaidpjlmodcebijb
*************************
AdwCleaner[R0].txt - [8392 octets] - [20/07/2014 05:58:27] AdwCleaner[S0].txt - [9273 octets] - [20/07/2014 06:03:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9333 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 20, 2014 10:06:31 GMT -8
You are on your own, I did not say to act on the first scan. Files are still on your system but you can deal with it. You went on your own.
Good Luck
Quads
|
|