|
Post by jobags on Oct 27, 2014 9:43:21 GMT -8
in pastebin.com
<script src="http://pastebin.com/embed_js.php?i=zsddCtY9"></script>
Did that work ?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 9:53:58 GMT -8
OK the link is screwed
Just take the normal address bad address for the page and copy then paste back here. Do not use the enbeded link
Quads
|
|
|
Post by jobags on Oct 27, 2014 10:36:45 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 22:28:01 GMT -8
You still have not done it right
Quads
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 27, 2014 22:50:59 GMT -8
It is ok for now; I found your files. I will walk you through the next time and include directions for the other sites also.
|
|
|
Post by jobags on Oct 28, 2014 0:48:46 GMT -8
What is the next step ?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 28, 2014 12:44:47 GMT -8
Sorry for the wait; we are kind of busy here.
The next step:
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
|
|
|
Post by jobags on Oct 28, 2014 14:44:07 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 Ran by Joe at 2014-10-28 18:34:26 Run:1 Running from C:\Users\Joe\Desktop Loaded Profile: Joe (Available profiles: Joe) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-4233458567-514251200-2730280977-1000\...\MountPoints2: {52184bb1-342e-11e2-80b5-00266c414442} - F:\TL_Bootstrap.exe HKU\S-1-5-21-4233458567-514251200-2730280977-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! SearchScopes: HKLM-x32 - DefaultScope {6E66B647-1285-4BE5-B8E6-BEA021BF61E9} URL = FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultSearchURL: Default -> search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN30997964111632928&ctid=CT3298566&UM=2&UP=SPF27390C5-C68B-4FC5-A59C-73A52136BD88&SSPV= CHR DefaultSuggestURL: Default -> suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Joe\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-05-13] CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Joe\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-05-13] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] 2014-10-25 05:08 - 2014-10-25 05:08 - 00000000 ____D () C:\Program Files (x86)\System Optimizer Pro 2014-10-24 12:34 - 2014-10-24 12:34 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-24 12:31 - 2014-10-24 12:31 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Joe\Downloads\SpyHunter-Installer.exe C:\Users\Public\dcmsvcsetup.exe C:\Users\Joe\AppData\Local\Temp\ose00000.exe C:\Users\Joe\AppData\Local\Temp\SymcPCCUInstaller.exe CustomCLSID: HKU\S-1-5-21-4233458567-514251200-2730280977-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? Task: {1B9C510D-6807-46A7-9BFD-ECF6B82AE5FE} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION C:\Program Files (x86)\System Optimizer Pro Task: {32ADAFE3-7841-49FD-8F0D-BE8ED42826C2} - \ProgramUpdateCheck No Task File <==== ATTENTION Task: {BC3680D9-9D84-475A-8D06-77ED383C2FDE} - \ProgramRefresh-ATFST No Task File <==== ATTENTION AlternateDataStreams: C:\Users\Ali\IMG_3097 - Copy.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Ali\IMG_3103 - Copy.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Ali\P1030443.JPG:Roxio EMC Stream Reboot: end
*****************
Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKU\S-1-5-21-4233458567-514251200-2730280977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52184bb1-342e-11e2-80b5-00266c414442}" => Key deleted successfully. "HKCR\CLSID\{52184bb1-342e-11e2-80b5-00266c414442}" => Key not found. "HKU\S-1-5-21-4233458567-514251200-2730280977-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-4233458567-514251200-2730280977-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. Chrome DefaultSearchKeyword deleted successfully. Chrome DefaultSearchURL deleted successfully. Chrome DefaultSuggestURL deleted successfully. C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found. C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found. "HKCU\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => Key deleted successfully. C:\Users\Joe\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => Key deleted successfully. "C:\Users\Joe\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx" => File/Directory not found. esgiguard => Service deleted successfully. MSICDSetup => Service deleted successfully. C:\Program Files (x86)\System Optimizer Pro => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\Joe\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Public\dcmsvcsetup.exe => Moved successfully. C:\Users\Joe\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Joe\AppData\Local\Temp\SymcPCCUInstaller.exe => Moved successfully. "HKU\S-1-5-21-4233458567-514251200-2730280977-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B9C510D-6807-46A7-9BFD-ECF6B82AE5FE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B9C510D-6807-46A7-9BFD-ECF6B82AE5FE}" => Key deleted successfully. C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperFastPC_AutorunOnStartup" => Key deleted successfully. "C:\Program Files (x86)\System Optimizer Pro" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32ADAFE3-7841-49FD-8F0D-BE8ED42826C2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32ADAFE3-7841-49FD-8F0D-BE8ED42826C2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC3680D9-9D84-475A-8D06-77ED383C2FDE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC3680D9-9D84-475A-8D06-77ED383C2FDE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => Key deleted successfully. C:\Users\Ali\IMG_3097 - Copy.jpg => ":Roxio EMC Stream" ADS removed successfully. C:\Users\Ali\IMG_3103 - Copy.jpg => ":Roxio EMC Stream" ADS removed successfully. C:\Users\Ali\P1030443.JPG => ":Roxio EMC Stream" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog ====
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 29, 2014 6:35:53 GMT -8
How is your system running now? Read carefullyDownload Adwcleaner from here to your desktop and run a scan. You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning). It will create a log after it is finished scanning. If not (or if it just asks for you to uncheck what you don't wanted deleted), there is a Report button in the middle of the main window; click that and it will make the log file. Once the report file is made, you can leave AdwCleaner running (but don't delete anything yet) or you can close it down (we can always get a fresh scan done before the deletions). ONE SCAN ONLY, PLEASEAttach or paste the log back here for review and further instructions. Thanks.
|
|
|
Post by jobags on Oct 29, 2014 7:31:13 GMT -8
# AdwCleaner v4.002 - Report created 29/10/2014 at 11:27:37 # Updated 27/10/2014 by Xplode # Database : 2014-10-26.6 # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Joe - JOE-PC # Running from : C:\Users\Joe\Downloads\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\PC Drivers HeadQuarters Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective Folder Found : C:\ProgramData\PC Drivers HeadQuarters Folder Found : C:\ProgramData\WeCareReminder Folder Found : C:\Users\Joe\AppData\Local\Conduit Folder Found : C:\Users\Joe\AppData\Local\FileTypeAssistant Folder Found : C:\Users\Joe\AppData\Local\Temp\pccustubinstaller Folder Found : C:\Users\Joe\AppData\Local\visi_coupon Folder Found : C:\Users\Joe\AppData\LocalLow\Conduit Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\0yy3pbig.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Folder Found : C:\Users\Joe\AppData\Roaming\pccustubinstaller
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\Smartbar Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\FileTypeAssistant Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\pc optimizer pro Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\Cr_Installer Key Found : [x64] HKCU\Software\FileTypeAssistant Key Found : [x64] HKCU\Software\pc optimizer pro Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B65B5CE-1CB5-4ECD-B369-2A02F614E6A5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{10E0BF94-AB2A-4FC0-86F6-AA117ABFA54C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{130DDF47-335B-4A3B-809C-6A27561D247C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{521E3668-62B3-49E2-B5C2-B82B6D2DDBEF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{676E475C-3B97-492B-9541-B853D1DF05F9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{819342BD-C4A5-425A-B7C7-A4CB08EF846A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9DA4B4BB-5C18-4AAB-803B-6BBBB0A2AAC0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A17F8466-5402-4A46-9635-AB3DB292A88C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2D37F-8025-4DED-BE8F-9477FD9F11EC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D912D2DF-4651-4DF6-8752-5C0E338038C1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DA076F67-EBC4-434C-9044-C9FB413CE566} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298566 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [5546 octets] - [29/10/2014 11:27:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5606 octets] ##########
|
|