|
Post by bbcode3 on Oct 26, 2014 20:55:06 GMT -8
I'm not aware of me encrypting any photos. . Ever. What should I do?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 20:55:20 GMT -8
The Ransomware not you has or should have encrypted files to try and get you to pay the bad guys money to get your files back.
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by bbcode3 on Oct 26, 2014 22:11:31 GMT -8
You are correct I see after looking. My photos and some other things have been hijacked and a fee to get it back. What should I do with that?
Thank you for the script. Below is the text.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by Brandon at 2014-10-27 01:08:26 Run:1
Running from C:\Users\Brandon\Desktop
Loaded Profiles: Brandon & UpdatusUser (Available profiles: Brandon & Morgandy & Kammie Jo & UpdatusUser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
<!DOCTYPE HTML> <!--[if IE 7]><html class="ie7"><![endif]--><!--[if IE 8]><html class="ie8"><![endif]--><!--[if IE 9]><html class="ie9"><![endif]--><!--[if gt IE 9]><!--> <html> <!--<![endif]--> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <title>Oops, there was an error! | Malware Removal </title> <link rel="canonical" href="http://qmalwareremoval.freeforums.net/attachment/download/1726" /> <link rel="alternate" type="application/rss+xml" href="http://qmalwareremoval.freeforums.net/rss/public" /> <link rel="shortcut icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> <link rel="icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> <meta property="og:url" content="http://qmalwareremoval.freeforums.net/attachment/download/1726" /> <meta property="og:title" content="Oops, there was an error! | Malware Removal " /> <meta property="og:description" content="Visit our forum at: qmalwareremoval.freeforums.net" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@proboards" /> <meta name="twitter:app:id:iphone" content="307880732" /> <meta name="twitter:app:url:iphone" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> <meta name="twitter:app:id:ipad" content="307880732" /> <meta name="twitter:app:url:ipad" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> <meta name="twitter:app:id:googleplay" content="com.quoord.tapatalkpro.activity" /> <meta name="twitter:app:url:googleplay" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" />
<link rel="stylesheet" type="text/css" media="screen" href="http://d.storage.proboards.com/f/Default/forum_196.css" id="forum_style"> <link rel="stylesheet" type="text/css" media="print" href="http://d.storage.proboards.com/f/print.css"> <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script type="text/javascript" src="http://d.storage.proboards.com/f/forum_196.js"></script> <script type="text/javascript">proboards.data([['ad_free',0],['time_style',0],['military_time',0],['timezone',"guest"],['serverDate',1414390029000],['search-query-min',3],['search-query-max',50],['is_current_user_guest',"1"],['plugin_max_key_length',4000],['plugin_max_super_forum_key_length',32000],['login_url',"https://login.proboards.com/login/5448498/1"],['register_url',"https://login.proboards.com/register/5448498"]]);</script> <script type="text/javascript">proboards.plugin._plugins["pixeldepth_icon_to_name"] = { settings: {"images_users":[{"image_url":"","image_title":"","replace_name":"0","users":["1"]}],"images_groups":[{"image_url":"http://www.gettyicons.com/free-icons/141/ginux/png/24/antivirus_24.png","image_title":"","replace_name":"0","groups":["4"]}]} }; proboards.plugin._plugins["wormocodes_image_in_title"] = { settings: {"image_tags":[{"look_for":"#?","image_url":"http://storage.proboards.com/5448498/i/4BIqmtWkxUeWswvqmv_T.png","force_height":"23","force_width":"48","navigation_replace_text":"#?"},{"look_for":"[CLOSED]","image_url":"http://storage.proboards.com/5448498/i/sUOVZ3Gs6ICcCwf4r8tE.png","force_height":"23","force_width":"48","navigation_replace_text":""}]} };</script>
</head> <body> <div id="wrapper"> <header> <div id="banner-container" role="banner"> <h2 id="banner"> <a id="logo" href="/">Malware Removal </a> </h2> </div> <a id="navigation-skip" href="#content" accesskey="s" class="aria-hidden" title="Skip Navigation">Skip Navigation</a> <a href="#" accesskey="d" title="Open Menu" onclick="proboards.hotkeys.activate(Keys.d); return false;"></a> <div id="navigation-menu" class="ui-helper-clearfix"> <ul role="navigation"> <li> <a href="/"> Home </a> </li> <li> <a href="/help"> Help </a> </li> <li> <a href="/search"> Search </a> </li> </ul> <p id="welcome"> Welcome Guest. Please <a href="https://login.proboards.com/login/5448498/1">Login</a> or <a href="https://login.proboards.com/register/5448498">Register</a>. </p> </div> </header> <div id="navigation-tree"> <div class="nav-tree-wrapper"><ul id="nav-tree" class="ui-helper-clearfix" role="navigation"><li id="nav-tree-branch-0" class="nav-tree-branch ui-helper-clearfix"><div itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/" itemprop="url"><span itemprop="title">Malware Removal </span></a></div><span class="menu_arrow"><span></span></span></li></ul></div><div class="popup_html"> <ul id="nav-tree-menu-0" role="navigation"> <li class="nav-tree-cat-2"><a href="/#category-2"><span class="item-text">System Security</span><div class="clear"></div></a> <ul role="navigation"> <li class="nav-tree-board-2"><a href="http://qmalwareremoval.freeforums.net/board/2/malware-removal-protected"><span class="item-text">Malware Removal (Protected)</span><div class="clear"></div></a></li> <li class="nav-tree-board-6"><a href="http://qmalwareremoval.freeforums.net/board/6/security-software"><span class="item-text">Security Software</span><div class="clear"></div></a></li> </ul> </li> <li class="nav-tree-cat-3"><a href="/#category-3"><span class="item-text">Windows and Software Problems (not due to infection)</span><div class="clear"></div></a> <ul role="navigation"> <li class="nav-tree-board-3"><a href="http://qmalwareremoval.freeforums.net/board/3/windows"><span class="item-text">Windows</span><div class="clear"></div></a></li> <li class="nav-tree-board-4"><a href="http://qmalwareremoval.freeforums.net/board/4/third-party-software"><span class="item-text">Third Party Software </span><div class="clear"></div></a></li> </ul> </li> <li class="nav-tree-cat-1"><a href="/#category-1"><span class="item-text">General</span><div class="clear"></div></a> <ul role="navigation"> <li class="nav-tree-board-1"><a href="http://qmalwareremoval.freeforums.net/board/1/general-board"><span class="item-text">General Board</span><div class="clear"></div></a></li> <li class="nav-tree-board-7"><a href="http://qmalwareremoval.freeforums.net/board/7/penthouse-play-pen"><span class="item-text">Penthouse Play Pen</span><div class="clear"></div></a></li> </ul> </li> </ul></div><script type="text/javascript"> var offset = ($.browser.msie && parseInt($.browser.version) == 8) ? '3 -1' : '3 0'; $('#nav-tree-menu-0') .addClass('nav-tree-menu') .menu({ position: { my: 'left top', at: 'left bottom', offset: offset, of: $('#nav-tree-branch-0'), collision: 'flipfit' }, button: $('#nav-tree-branch-0'), showDelay: 400, show: function() { var self = $(this); // Make sure all other menus are closed $('.popup_html > ul').not(self).menu('hide'); $(document).on('mousemove', function(e) { var elem = $(e.target); if(elem.parents('#nav-tree, .popup_html').length == 0 && !elem.is('#nav-tree, .popup_html') && !$('#nav-tree-menu-0').data('hotkey-open')) { self.menu('hide'); $(document).unbind('mousemove'); } }); } }); </script> </div> <div id="top-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> <script type="text/javascript"> oz_api = 'valuation'; oz_site = '7781/12408'; oz_zone = '135274'; oz_ad_slot_size = '728x90'; </script> <script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> <script type="text/javascript"> $(document).ready(function() { $('#top-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); var f = $('#top-ad-banner iframe'); var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=ATF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.0194915914371485&uid=0'; if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { u = u + '&rtp=' + rp_valuation.estimate.tier; } f.attr('src', u); }); </script> </div> <script type="text/javascript"> $(window).load(function() { var topAd = $('#top-ad-banner'); if (topAd.prop('scrollHeight') < 90) { topAd.css('height', 'auto').html( '<b>Please consider supporting this website by disabling your ad-blocker.<br />' + 'This website does not use audio ads, popups, or other annoyances. Thank you!</b>' ); $("head").append('<style type="text/css">#top-ad-banner { display: block !important; }</style>'); } }); </script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/Dox5kMQpamIWhhKOo03B.js" data-plugin="2" data-component="3"></script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/IcEbexbhe_w0Gho77dWK.js" data-plugin="7" data-component="10"></script> <div id="content" role="main"> <div class="container error"> <div class="title-bar"> <h2>Oops, there was an error!</h2> </div> <div class="content pad-all cap-bottom auto-overflow"> Guests do not have access to download attachments. Please log in and try again. </div> </div> </div> <script type="text/javascript" src="http://ads.pro-market.net/ads/scripts/site-131222.js"></script><script type="text/javascript"> (function() { var nstrack = document.createElement("script"), el_nstrack = document.getElementsByTagName("script")[0]; nstrack.async = true; nstrack.src = "http://track.netshelter.net/async/js/sites/proboards.com-async.js"; el_nstrack.parentNode.insertBefore(nstrack, el_nstrack); })(); </script><div style="margin-bottom: 2px; text-align: center;"><a href="https://www.proboards.com/store/add_cart/ad_free/50000/qmalwareremoval.freeforums.net/1">Click here to remove banner ads from this forum.</a></div> <div id="bottom-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> <script type="text/javascript"> oz_api = 'valuation'; oz_site = '7781/12408'; oz_zone = '135276'; oz_ad_slot_size = '728x90'; </script> <script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> <script type="text/javascript"> $(document).ready(function() { $('#bottom-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); var f = $('#bottom-ad-banner iframe'); var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=BTF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.277119734738761&uid=0'; if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { u = u + '&rtp=' + rp_valuation.estimate.tier; } f.attr('src', u); }); </script> </div> <footer role="contentinfo"> <p class="footer-text"> This Forum Hosted For FREE By <a href="http://www.proboards.com/" target="_blank">ProBoards</a><br /> Get Your Own <a href="http://www.proboards.com/" target="_blank">Free Message Boards & Free Forums</a>! </p> <div class="footer-links"> <a href="http://www.proboards.com/tos" accesskey="8">Terms of Service</a> | <a href="http://www.proboards.com/privacy">Privacy Policy</a> | <a href="http://www.proboards.com/privacy#enhanced">Notice</a> | <a href="http://www.viglink.com/policies/ftc" target="_blank">FTC Disclosure</a> | <a href="http://www.proboards.com/report-abuse" accesskey="7">Report Abuse</a> | <a href="http://www.proboards.com/mobile-forum-app">Mobile</a> | <a href="http://www.proboards.com/ads"><b>Advertise Here</b></a> </div> </footer> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-3734504-3']); _gaq.push(['_setDomainName', 'none']); _gaq.push(['_setAllowLinker', true]); _gaq.push(['_trackPageview']);
(function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <script type="text/javascript"> var vglnk; $(document).ready(function() { vglnk = { api_url: '//api.viglink.com/api', key: 'bbb516d91daee20498798694a42dd559' }; var vglnkSrc = ('https:' == document.location.protocol ? vglnk.api_url : '//cdn.viglink.com/api') + '/vglnk.js'; // VigLink ProBoards Convert Code (using above key) var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src = vglnkSrc; document.body.appendChild(s); }); </script>
</div> </body> </html>
*****************
<!DOCTYPE HTML> => Error: No automatic fix found for this entry.
<!--[if IE 7]><html class="ie7"><![endif]--><!--[if IE 8]><html class="ie8"><![endif]--><!--[if IE 9]><html class="ie9"><![endif]--><!--[if gt IE 9]><!--> <html> <!--<![endif]--> => Error: No automatic fix found for this entry.
<head> => Error: No automatic fix found for this entry.
<meta http-equiv="content-type" content="text/html; charset=UTF-8" /> => Error: No automatic fix found for this entry.
<title>Oops, there was an error! | Malware Removal </title> => Error: No automatic fix found for this entry.
<link rel="canonical" href="http://qmalwareremoval.freeforums.net/attachment/download/1726" /> => Error: No automatic fix found for this entry.
<link rel="alternate" type="application/rss+xml" href="http://qmalwareremoval.freeforums.net/rss/public" /> => Error: No automatic fix found for this entry.
<link rel="shortcut icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> => Error: No automatic fix found for this entry.
<link rel="icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> => Error: No automatic fix found for this entry.
<meta property="og:url" content="http://qmalwareremoval.freeforums.net/attachment/download/1726" /> => Error: No automatic fix found for this entry.
<meta property="og:title" content="Oops, there was an error! | Malware Removal " /> => Error: No automatic fix found for this entry.
<meta property="og:description" content="Visit our forum at: qmalwareremoval.freeforums.net" /> => Error: No automatic fix found for this entry.
<meta name="twitter:card" content="summary" /> => Error: No automatic fix found for this entry.
<meta name="twitter:site" content="@proboards" /> => Error: No automatic fix found for this entry.
<meta name="twitter:app:id:iphone" content="307880732" /> => Error: No automatic fix found for this entry.
<meta name="twitter:app:url:iphone" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> => Error: No automatic fix found for this entry.
<meta name="twitter:app:id:ipad" content="307880732" /> => Error: No automatic fix found for this entry.
<meta name="twitter:app:url:ipad" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> => Error: No automatic fix found for this entry.
<meta name="twitter:app:id:googleplay" content="com.quoord.tapatalkpro.activity" /> => Error: No automatic fix found for this entry.
<meta name="twitter:app:url:googleplay" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> => Error: No automatic fix found for this entry.
<link rel="stylesheet" type="text/css" media="screen" href="http://d.storage.proboards.com/f/Default/forum_196.css" id="forum_style"> => Error: No automatic fix found for this entry.
<link rel="stylesheet" type="text/css" media="print" href="http://d.storage.proboards.com/f/print.css"> => Error: No automatic fix found for this entry.
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> => Error: No automatic fix found for this entry.
<script type="text/javascript" src="http://d.storage.proboards.com/f/forum_196.js"></script> => Error: No automatic fix found for this entry.
<script type="text/javascript">proboards.data([['ad_free',0],['time_style',0],['military_time',0],['timezone',"guest"],['serverDate',1414390029000],['search-query-min',3],['search-query-max',50],['is_current_user_guest',"1"],['plugin_max_key_length',4000],['plugin_max_super_forum_key_length',32000],['login_url',"https://login.proboards.com/login/5448498/1"],['register_url',"https://login.proboards.com/register/5448498"]]);</script> => Error: No automatic fix found for this entry.
<script type="text/javascript">proboards.plugin._plugins["pixeldepth_icon_to_name"] = { => Error: No automatic fix found for this entry.
settings: {"images_users":[{"image_url":"","image_title":"","replace_name":"0","users":["1"]}],"images_groups":[{"image_url":"http://www.gettyicons.com/free-icons/141/ginux/png/24/antivirus_24.png","image_title":"","replace_name":"0","groups":["4"]}]} => Error: No automatic fix found for this entry.
}; => Error: No automatic fix found for this entry.
proboards.plugin._plugins["wormocodes_image_in_title"] = { => Error: No automatic fix found for this entry.
settings: {"image_tags":[{"look_for":"#?","image_url":"http://storage.proboards.com/5448498/i/4BIqmtWkxUeWswvqmv_T.png","force_height":"23","force_width":"48","navigation_replace_text":"#?"},{"look_for":"[CLOSED]","image_url":"http://storage.proboards.com/5448498/i/sUOVZ3Gs6ICcCwf4r8tE.png","force_height":"23","force_width":"48","navigation_replace_text":""}]} => Error: No automatic fix found for this entry.
};</script> => Error: No automatic fix found for this entry.
</head> => Error: No automatic fix found for this entry.
<body> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<div id="wrapper"> => Error: No automatic fix found for this entry.
<header> => Error: No automatic fix found for this entry.
<div id="banner-container" role="banner"> => Error: No automatic fix found for this entry.
<h2 id="banner"> => Error: No automatic fix found for this entry.
<a id="logo" href="/">Malware Removal </a> => Error: No automatic fix found for this entry.
</h2> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<a id="navigation-skip" href="#content" accesskey="s" class="aria-hidden" title="Skip Navigation">Skip Navigation</a> => Error: No automatic fix found for this entry.
<a href="#" accesskey="d" title="Open Menu" onclick="proboards.hotkeys.activate(Keys.d); return false;"></a> => Error: No automatic fix found for this entry.
<div id="navigation-menu" class="ui-helper-clearfix"> => Error: No automatic fix found for this entry.
<ul role="navigation"> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<li> => Error: No automatic fix found for this entry.
<a href="/"> => Error: No automatic fix found for this entry.
Home => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</a> => Error: No automatic fix found for this entry.
</li> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<li> => Error: No automatic fix found for this entry.
<a href="/help"> => Error: No automatic fix found for this entry.
Help => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</a> => Error: No automatic fix found for this entry.
</li> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<li> => Error: No automatic fix found for this entry.
<a href="/search"> => Error: No automatic fix found for this entry.
Search => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</a> => Error: No automatic fix found for this entry.
</li> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</ul> => Error: No automatic fix found for this entry.
<p id="welcome"> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
Welcome Guest. => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
Please <a href="https://login.proboards.com/login/5448498/1">Login</a> or <a href="https://login.proboards.com/register/5448498">Register</a>. => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</p> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</header> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<div id="navigation-tree"> => Error: No automatic fix found for this entry.
<div class="nav-tree-wrapper"><ul id="nav-tree" class="ui-helper-clearfix" role="navigation"><li id="nav-tree-branch-0" class="nav-tree-branch ui-helper-clearfix"><div itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/" itemprop="url"><span itemprop="title">Malware Removal </span></a></div><span class="menu_arrow"><span></span></span></li></ul></div><div class="popup_html"> => Error: No automatic fix found for this entry.
<ul id="nav-tree-menu-0" role="navigation"> => Error: No automatic fix found for this entry.
<li class="nav-tree-cat-2"><a href="/#category-2"><span class="item-text">System Security</span><div class="clear"></div></a> => Error: No automatic fix found for this entry.
<ul role="navigation"> => Error: No automatic fix found for this entry.
<li class="nav-tree-board-2"><a href="http://qmalwareremoval.freeforums.net/board/2/malware-removal-protected"><span class="item-text">Malware Removal (Protected)</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.
<li class="nav-tree-board-6"><a href="http://qmalwareremoval.freeforums.net/board/6/security-software"><span class="item-text">Security Software</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.
</ul> => Error: No automatic fix found for this entry.
</li> => Error: No automatic fix found for this entry.
<li class="nav-tree-cat-3"><a href="/#category-3"><span class="item-text">Windows and Software Problems (not due to infection)</span><div class="clear"></div></a> => Error: No automatic fix found for this entry.
<ul role="navigation"> => Error: No automatic fix found for this entry.
<li class="nav-tree-board-3"><a href="http://qmalwareremoval.freeforums.net/board/3/windows"><span class="item-text">Windows</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.
<li class="nav-tree-board-4"><a href="http://qmalwareremoval.freeforums.net/board/4/third-party-software"><span class="item-text">Third Party Software </span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.
</ul> => Error: No automatic fix found for this entry.
</li> => Error: No automatic fix found for this entry.
<li class="nav-tree-cat-1"><a href="/#category-1"><span class="item-text">General</span><div class="clear"></div></a> => Error: No automatic fix found for this entry.
<ul role="navigation"> => Error: No automatic fix found for this entry.
<li class="nav-tree-board-1"><a href="http://qmalwareremoval.freeforums.net/board/1/general-board"><span class="item-text">General Board</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.
<li class="nav-tree-board-7"><a href="http://qmalwareremoval.freeforums.net/board/7/penthouse-play-pen"><span class="item-text">Penthouse Play Pen</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.
</ul> => Error: No automatic fix found for this entry.
</li> => Error: No automatic fix found for this entry.
</ul></div><script type="text/javascript"> => Error: No automatic fix found for this entry.
var offset = ($.browser.msie && parseInt($.browser.version) == 8) ? '3 -1' : '3 0'; => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
$('#nav-tree-menu-0') => Error: No automatic fix found for this entry.
.addClass('nav-tree-menu') => Error: No automatic fix found for this entry.
.menu({ => Error: No automatic fix found for this entry.
position: { => Error: No automatic fix found for this entry.
my: 'left top', => Error: No automatic fix found for this entry.
at: 'left bottom', => Error: No automatic fix found for this entry.
offset: offset, => Error: No automatic fix found for this entry.
of: $('#nav-tree-branch-0'), => Error: No automatic fix found for this entry.
collision: 'flipfit' => Error: No automatic fix found for this entry.
}, => Error: No automatic fix found for this entry.
button: $('#nav-tree-branch-0'), => Error: No automatic fix found for this entry.
showDelay: 400, => Error: No automatic fix found for this entry.
show: function() { => Error: No automatic fix found for this entry.
var self = $(this); => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
// Make sure all other menus are closed => Error: No automatic fix found for this entry.
$('.popup_html > ul').not(self).menu('hide'); => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
$(document).on('mousemove', function(e) { => Error: No automatic fix found for this entry.
var elem = $(e.target); => Error: No automatic fix found for this entry.
if(elem.parents('#nav-tree, .popup_html').length == 0 && !elem.is('#nav-tree, .popup_html') && !$('#nav-tree-menu-0').data('hotkey-open')) { => Error: No automatic fix found for this entry.
self.menu('hide'); => Error: No automatic fix found for this entry.
$(document).unbind('mousemove'); => Error: No automatic fix found for this entry.
} => Error: No automatic fix found for this entry.
}); => Error: No automatic fix found for this entry.
} => Error: No automatic fix found for this entry.
}); => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<div id="top-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
oz_api = 'valuation'; => Error: No automatic fix found for this entry.
oz_site = '7781/12408'; => Error: No automatic fix found for this entry.
oz_zone = '135274'; => Error: No automatic fix found for this entry.
oz_ad_slot_size = '728x90'; => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
<script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
$(document).ready(function() { => Error: No automatic fix found for this entry.
$('#top-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); => Error: No automatic fix found for this entry.
var f = $('#top-ad-banner iframe'); => Error: No automatic fix found for this entry.
var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=ATF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.0194915914371485&uid=0'; => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { => Error: No automatic fix found for this entry.
u = u + '&rtp=' + rp_valuation.estimate.tier; => Error: No automatic fix found for this entry.
} => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
f.attr('src', u); => Error: No automatic fix found for this entry.
}); => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
$(window).load(function() { => Error: No automatic fix found for this entry.
var topAd = $('#top-ad-banner'); => Error: No automatic fix found for this entry.
if (topAd.prop('scrollHeight') < 90) { => Error: No automatic fix found for this entry.
topAd.css('height', 'auto').html( => Error: No automatic fix found for this entry.
'<b>Please consider supporting this website by disabling your ad-blocker.<br />' + => Error: No automatic fix found for this entry.
'This website does not use audio ads, popups, or other annoyances. Thank you!</b>' => Error: No automatic fix found for this entry.
); => Error: No automatic fix found for this entry.
$("head").append('<style type="text/css">#top-ad-banner { display: block !important; }</style>'); => Error: No automatic fix found for this entry.
} => Error: No automatic fix found for this entry.
}); => Error: No automatic fix found for this entry.
</script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/Dox5kMQpamIWhhKOo03B.js" data-plugin="2" data-component="3"></script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/IcEbexbhe_w0Gho77dWK.js" data-plugin="7" data-component="10"></script> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<div id="content" role="main"> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<div class="container error"> => Error: No automatic fix found for this entry.
<div class="title-bar"> => Error: No automatic fix found for this entry.
<h2>Oops, there was an error!</h2> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div class="content pad-all cap-bottom auto-overflow"> => Error: No automatic fix found for this entry.
Guests do not have access to download attachments. Please log in and try again. => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<script type="text/javascript" src="http://ads.pro-market.net/ads/scripts/site-131222.js"></script><script type="text/javascript"> => Error: No automatic fix found for this entry.
(function() { => Error: No automatic fix found for this entry.
var nstrack = document.createElement("script"), el_nstrack = document.getElementsByTagName("script")[0]; nstrack.async = true; => Error: No automatic fix found for this entry.
nstrack.src = "http://track.netshelter.net/async/js/sites/proboards.com-async.js"; => Error: No automatic fix found for this entry.
el_nstrack.parentNode.insertBefore(nstrack, el_nstrack); => Error: No automatic fix found for this entry.
})(); => Error: No automatic fix found for this entry.
</script><div style="margin-bottom: 2px; text-align: center;"><a href="https://www.proboards.com/store/add_cart/ad_free/50000/qmalwareremoval.freeforums.net/1">Click here to remove banner ads from this forum.</a></div> => Error: No automatic fix found for this entry.
<div id="bottom-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
oz_api = 'valuation'; => Error: No automatic fix found for this entry.
oz_site = '7781/12408'; => Error: No automatic fix found for this entry.
oz_zone = '135276'; => Error: No automatic fix found for this entry.
oz_ad_slot_size = '728x90'; => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
<script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
$(document).ready(function() { => Error: No automatic fix found for this entry.
$('#bottom-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); => Error: No automatic fix found for this entry.
var f = $('#bottom-ad-banner iframe'); => Error: No automatic fix found for this entry.
var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=BTF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.277119734738761&uid=0'; => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { => Error: No automatic fix found for this entry.
u = u + '&rtp=' + rp_valuation.estimate.tier; => Error: No automatic fix found for this entry.
} => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
f.attr('src', u); => Error: No automatic fix found for this entry.
}); => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
<footer role="contentinfo"> => Error: No automatic fix found for this entry.
<p class="footer-text"> => Error: No automatic fix found for this entry.
This Forum Hosted For FREE By <a href="http://www.proboards.com/" target="_blank">ProBoards</a><br /> => Error: No automatic fix found for this entry.
Get Your Own <a href="http://www.proboards.com/" target="_blank">Free Message Boards & Free Forums</a>! => Error: No automatic fix found for this entry.
</p> => Error: No automatic fix found for this entry.
<div class="footer-links"> => Error: No automatic fix found for this entry.
<a href="http://www.proboards.com/tos" accesskey="8">Terms of Service</a> | => Error: No automatic fix found for this entry.
<a href="http://www.proboards.com/privacy">Privacy Policy</a> | => Error: No automatic fix found for this entry.
<a href="http://www.proboards.com/privacy#enhanced">Notice</a> | => Error: No automatic fix found for this entry.
<a href="http://www.viglink.com/policies/ftc" target="_blank">FTC Disclosure</a> | => Error: No automatic fix found for this entry.
<a href="http://www.proboards.com/report-abuse" accesskey="7">Report Abuse</a> | => Error: No automatic fix found for this entry.
<a href="http://www.proboards.com/mobile-forum-app">Mobile</a> => Error: No automatic fix found for this entry.
| <a href="http://www.proboards.com/ads"><b>Advertise Here</b></a> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</footer> => Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
var _gaq = _gaq || []; => Error: No automatic fix found for this entry.
_gaq.push(['_setAccount', 'UA-3734504-3']); => Error: No automatic fix found for this entry.
_gaq.push(['_setDomainName', 'none']); => Error: No automatic fix found for this entry.
_gaq.push(['_setAllowLinker', true]); => Error: No automatic fix found for this entry.
_gaq.push(['_trackPageview']); => Error: No automatic fix found for this entry.
(function() { => Error: No automatic fix found for this entry.
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; => Error: No automatic fix found for this entry.
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; => Error: No automatic fix found for this entry.
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); => Error: No automatic fix found for this entry.
})(); => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
var vglnk; => Error: No automatic fix found for this entry.
$(document).ready(function() { => Error: No automatic fix found for this entry.
vglnk = { => Error: No automatic fix found for this entry.
api_url: '//api.viglink.com/api', key: 'bbb516d91daee20498798694a42dd559' => Error: No automatic fix found for this entry.
}; => Error: No automatic fix found for this entry.
var vglnkSrc = ('https:' == document.location.protocol ? vglnk.api_url : '//cdn.viglink.com/api') + '/vglnk.js'; => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
// VigLink ProBoards Convert Code (using above key) => Error: No automatic fix found for this entry.
var s = document.createElement('script'); => Error: No automatic fix found for this entry.
s.type = 'text/javascript'; s.async = true; s.src = vglnkSrc; => Error: No automatic fix found for this entry.
document.body.appendChild(s); => Error: No automatic fix found for this entry.
}); => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
</body> => Error: No automatic fix found for this entry.
</html> => Error: No automatic fix found for this entry.
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 22:14:56 GMT -8
You have not done as instructed correctly for downloading the fixlist.txt you have downloaded it as htm(l) with html code format inside in .txt format
Quads
|
|
|
Post by bbcode3 on Oct 26, 2014 22:39:53 GMT -8
I am very sorry. I believe I did it right this time.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014 Ran by Brandon at 2014-10-27 01:28:21 Run:2 Running from C:\Users\Brandon\Desktop Loaded Profiles: Brandon & UpdatusUser (Available profiles: Brandon & Morgandy & Kammie Jo & UpdatusUser) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2046384403-2357638149-873898192-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm029YYus&ptb=7A9AAF44-3266-4CDE-8235-5F655C2267EA&ind=2011042110&ptnrS=CDxdm029YYus&si=17747&n=77de113e&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 SearchScopes: HKCU - {7F5B6B31-E3C2-4E7A-A6C2-D5E336934773} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=021FC6A1-84DA-4848-8104-01EE576C9B77&apn_sauid=5031A73F-A7C1-4762-AE91-CD0F6B688917 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0C0B0FtCyC0D0ByE0B0FyEtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtAtCzzzz0AyE0BtG0BtByDtAtG0A0EtDtBtGtA0Dzz0AtGtB0BzztCzz0F0Dzy0E0DtDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0BtDyEzytCtGtB0AyCyEtGyD0ByBtDtG0AyD0E0BtGtBtB0E0C0FyE0B0FtDyD0AyB2Q&cr=1989031545&ir= BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File C:\Program Files (x86)\Ask.com Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File FF user.js: detected! => C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\user.js FF SearchPlugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\Astromenda.xml FF SearchPlugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\CouponAlert_2p.xml S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",SVC c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll c:\Program Files (x86)\Optimizer Pro R1 {fef7f75c-f985-4250-96f9-8183cd04238b}Gw64; C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys [61080 2014-08-19] (StdLib) S3 WinDriver6; system32\DRIVERS\Windrvr6.sys [X C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys 2014-10-26 20:33 - 2014-10-26 20:33 - 00000739 _____ () C:\Users\Brandon\Desktop\DelFix.txt 2014-10-26 20:32 - 2014-10-26 20:32 - 00070656 _____ () C:\Windows\system32\uescg.dll 2014-10-26 20:32 - 2014-10-26 20:32 - 00000000 _____ () C:\Windows\system32\rqxphc.dll 2014-10-25 05:16 - 2014-10-25 16:06 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp 2014-10-25 02:56 - 2014-10-25 02:56 - 00173175 _____ () C:\Users\Brandon\Desktop\scan 2 Shortcut.txt 2014-10-25 02:56 - 2014-10-25 02:56 - 00097782 _____ () C:\Users\Brandon\Desktop\scan 2 FRST.txt 2014-10-25 02:56 - 2014-10-25 02:56 - 00047238 _____ () C:\Users\Brandon\Desktop\scan 2 Addition.txt 2014-10-25 02:48 - 2014-10-25 02:48 - 00079543 _____ () C:\Users\Brandon\Desktop\scan 1 FRST.txt 2014-10-25 02:48 - 2014-10-25 02:48 - 00046398 _____ () C:\Users\Brandon\Desktop\scan 1 Addition.txt 2014-10-23 22:26 - 2014-10-23 22:26 - 00008518 _____ () C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-10-23 22:26 - 2014-10-23 22:26 - 00008518 _____ () C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.HTML 2014-10-23 22:26 - 2014-10-23 22:26 - 00004200 _____ () C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-10-23 22:26 - 2014-10-23 22:26 - 00004200 _____ () C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.TXT 2014-10-23 22:26 - 2014-10-23 22:26 - 00000274 _____ () C:\Users\Brandon\AppData\Roaming\INSTALL_TOR.URL 2014-10-23 22:26 - 2014-10-23 22:26 - 00000274 _____ () C:\Users\Brandon\AppData\INSTALL_TOR.URL 2014-10-23 22:15 - 2014-10-23 22:15 - 00008518 _____ () C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-10-23 22:15 - 2014-10-23 22:15 - 00004200 _____ () C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-10-23 22:15 - 2014-10-23 22:15 - 00000274 _____ () C:\Users\Brandon\AppData\Local\INSTALL_TOR.URL 2014-10-23 22:07 - 2014-10-23 22:07 - 00008518 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-10-23 22:07 - 2014-10-23 22:07 - 00004200 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-10-23 22:07 - 2014-10-23 22:07 - 00000274 _____ () C:\ProgramData\INSTALL_TOR.URL 2014-09-27 14:19 - 2014-09-27 14:19 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Astromenda C:\Users\Brandon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwmb5b.dll C:\Users\Brandon\AppData\Local\Temp\ERUNT.exe C:\Users\Brandon\AppData\Local\Temp\ose00000.exe C:\Users\Brandon\AppData\Local\Temp\_is24FE.exe C:\Users\Brandon\AppData\Local\Temp\_is255C.exe C:\Users\Brandon\AppData\Local\Temp\_is3769.exe CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {0FDE7062-A578-4038-831E-F6A45C68933D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION Task: {3CFA0540-BD30-48D4-917C-F551E5F2CA3F} - System32\Tasks\{F753DDFC-F311-BBB0-D742-35C4EF8DD97E} => C:\Windows\system32\uescg.dll [2014-10-26] () Task: {95B789D4-D6A8-499E-8F96-2BB32BA4CC61} - System32\Tasks\thpm1537528073495612640 => \\.\globalroot\Device\HarddiskVolume2\Users\Brandon\AppData\Local\Temp\thpm1537528073495612640.tmp <==== ATTENTION Task: {E6EA9F8C-7677-4011-8253-8A49A762ADD0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION C:\Program Files (x86)\MyPC Backup Task: {EECF8C67-5CC6-4919-A237-23BBFBE70F77} - System32\Tasks\WSE_Astromenda => C:\Users\Brandon\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-19] () Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Brandon\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:054203E4 AlternateDataStreams: C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!! (1).eml:OECustomProperty AlternateDataStreams: C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!!.eml:OECustomProperty AlternateDataStreams: C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt\tqmgxtcusbs.exe C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt end *****************
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found. "HKU\S-1-5-21-2046384403-2357638149-873898192-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-2046384403-2357638149-873898192-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F5B6B31-E3C2-4E7A-A6C2-D5E336934773}" => Key deleted successfully. "HKCR\CLSID\{7F5B6B31-E3C2-4E7A-A6C2-D5E336934773}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully. "HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully. "HKCR\CLSID\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully. "C:\Program Files (x86)\Ask.com" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value deleted successfully. "HKCR\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully. "HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. "HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => value deleted successfully. "HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} => value deleted successfully. "HKCR\CLSID\{37153479-1976-43C3-A1EE-557513977B64}" => Key not found. "HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3" => Key deleted successfully. C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll not found. C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\user.js => Moved successfully. C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\askcom.xml => Moved successfully. C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\Astromenda.xml => Moved successfully. C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\CouponAlert_2p.xml => Moved successfully. 70e6ca8c => Service deleted successfully. "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll" => File/Directory not found. "c:\Program Files (x86)\Optimizer Pro" => File/Directory not found. {fef7f75c-f985-4250-96f9-8183cd04238b}Gw64 => Service stopped successfully. {fef7f75c-f985-4250-96f9-8183cd04238b}Gw64 => Service deleted successfully. WinDriver6 => Service deleted successfully. C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys => Moved successfully. C:\Users\Brandon\Desktop\DelFix.txt => Moved successfully. C:\Windows\system32\uescg.dll => Moved successfully. Could not move "C:\Windows\system32\rqxphc.dll" => Scheduled to move on reboot. C:\ProgramData\wrnhoah.tmp => Moved successfully. C:\Users\Brandon\Desktop\scan 2 Shortcut.txt => Moved successfully. C:\Users\Brandon\Desktop\scan 2 FRST.txt => Moved successfully. C:\Users\Brandon\Desktop\scan 2 Addition.txt => Moved successfully. C:\Users\Brandon\Desktop\scan 1 FRST.txt => Moved successfully. C:\Users\Brandon\Desktop\scan 1 Addition.txt => Moved successfully. C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Brandon\AppData\Roaming\INSTALL_TOR.URL => Moved successfully. C:\Users\Brandon\AppData\INSTALL_TOR.URL => Moved successfully. C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Brandon\AppData\Local\INSTALL_TOR.URL => Moved successfully. C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\ProgramData\INSTALL_TOR.URL => Moved successfully. C:\Users\Brandon\AppData\Local\Astromenda => Moved successfully. "C:\Users\Brandon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwmb5b.dll" => File/Directory not found. C:\Users\Brandon\AppData\Local\Temp\ERUNT.exe => Moved successfully. C:\Users\Brandon\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Brandon\AppData\Local\Temp\_is24FE.exe => Moved successfully. C:\Users\Brandon\AppData\Local\Temp\_is255C.exe => Moved successfully. C:\Users\Brandon\AppData\Local\Temp\_is3769.exe => Moved successfully. "HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully. "HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. "HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully. "HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FDE7062-A578-4038-831E-F6A45C68933D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FDE7062-A578-4038-831E-F6A45C68933D}" => Key deleted successfully. C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CFA0540-BD30-48D4-917C-F551E5F2CA3F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFA0540-BD30-48D4-917C-F551E5F2CA3F}" => Key deleted successfully. C:\Windows\System32\Tasks\{F753DDFC-F311-BBB0-D742-35C4EF8DD97E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F753DDFC-F311-BBB0-D742-35C4EF8DD97E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95B789D4-D6A8-499E-8F96-2BB32BA4CC61}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B789D4-D6A8-499E-8F96-2BB32BA4CC61}" => Key deleted successfully. C:\Windows\System32\Tasks\thpm1537528073495612640 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\thpm1537528073495612640" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6EA9F8C-7677-4011-8253-8A49A762ADD0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6EA9F8C-7677-4011-8253-8A49A762ADD0}" => Key deleted successfully. C:\Windows\System32\Tasks\LaunchSignup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully. "C:\Program Files (x86)\MyPC Backup" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EECF8C67-5CC6-4919-A237-23BBFBE70F77}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EECF8C67-5CC6-4919-A237-23BBFBE70F77}" => Key deleted successfully. C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully. C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully. C:\ProgramData\TEMP => ":054203E4" ADS removed successfully. C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!! (1).eml => ":OECustomProperty" ADS removed successfully. C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!!.eml => ":OECustomProperty" ADS removed successfully. C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully. C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully. "C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt\tqmgxtcusbs.exe" => File/Directory not found. C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-27 01:32:53)<=
C:\Windows\system32\rqxphc.dll => Is moved successfully.
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 26, 2014 23:01:04 GMT -8
The last step was to just take items and break malware apart, some go into quarantine
Now though in Normal Mode the system should be running a lot better and dllhost.exe should quieten down.
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 0:04:21 GMT -8
We are not finished yet, I am just stating that the running Malware should at least be broken and the system (PC acting more normally)
Any files encrypted by the ransomware that has at some run to some extent on your system are gone, doesn't matter if it is 1 file or 1,000 files. They can not be reversed by anyone except the bad guys.
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 9:49:17 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 18:11:45 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|