[fab4]

x

Edited by fab4, 10 March 2015 - 12:57 PM.

[Advertisements]

Hi. My name is Brian, and I would be happy to look into your issue.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

OK, let's get started. I do see some malware that needs cleaned up. Please do the following.

 

Step#1 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]

 

:OTL
SRV:64bit: - [2013/06/23 06:41:30 | 000,348,672 | RHS- | M] () [Auto | Stopped] -- D:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV - [2015/02/10 17:39:03 | 000,081,408 | ---- | M] () [Auto | Running] -- D:\ProgramData\Qassa+\DFService.exe -- (DiscountfinderService)
MOD - [2014/09/10 21:17:28 | 000,098,304 | ---- | M] () -- D:\ProgramData\Qassa+\DFLib.dll
MOD - [2014/09/10 21:17:28 | 000,095,744 | ---- | M] () -- D:\ProgramData\Qassa+\DFwcf.dll
PRC - [2015/02/10 17:39:03 | 000,081,408 | ---- | M] () -- D:\ProgramData\Qassa+\DFService.exe
PRC - [2015/02/10 17:38:55 | 002,223,104 | ---- | M] () -- D:\ProgramData\Qassa+\Main.exe
FF - prefs.js..extensions.enabledAddons: discountfinder%40moneymillionaire.com:1.26.0.0
FF - HKLM\Software\MozillaPlugins\@MoneyMillionaire/npdf: D:\ProgramData\Qassa+\FFExtension20150307150322\plugins\npdf.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\ProgramData\Qassa+\FFExtension20150307150322 [2015/03/07 15:03:22 | 000,000,000 | -H-D | M]
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] D:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - Startup: D:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firemin.lnk =  File not found
[2015/03/07 15:02:32 | 000,033,334 | -H-- | M] () -- D:\Windows\SysNative\KMSServer.exe
[2015/03/07 15:02:31 | 000,087,094 | -H-- | M] () -- D:\Windows\SysNative\KMSWrapper.dll

 

:Commands
[EmptyTemp]

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#3 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

 

 

Items for your next post

1. OTL Fix log

2. AdwCleaner log

3. FRST and Addition logs

[BrianDrab]

Hi. My name is Brian, and I would be happy to look into your issue.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

OK, let's get started. I do see some malware that needs cleaned up. Please do the following.

 

Step#1 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]

 

:OTL
SRV:64bit: - [2013/06/23 06:41:30 | 000,348,672 | RHS- | M] () [Auto | Stopped] -- D:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV - [2015/02/10 17:39:03 | 000,081,408 | ---- | M] () [Auto | Running] -- D:\ProgramData\Qassa+\DFService.exe -- (DiscountfinderService)
MOD - [2014/09/10 21:17:28 | 000,098,304 | ---- | M] () -- D:\ProgramData\Qassa+\DFLib.dll
MOD - [2014/09/10 21:17:28 | 000,095,744 | ---- | M] () -- D:\ProgramData\Qassa+\DFwcf.dll
PRC - [2015/02/10 17:39:03 | 000,081,408 | ---- | M] () -- D:\ProgramData\Qassa+\DFService.exe
PRC - [2015/02/10 17:38:55 | 002,223,104 | ---- | M] () -- D:\ProgramData\Qassa+\Main.exe
FF - prefs.js..extensions.enabledAddons: discountfinder%40moneymillionaire.com:1.26.0.0
FF - HKLM\Software\MozillaPlugins\@MoneyMillionaire/npdf: D:\ProgramData\Qassa+\FFExtension20150307150322\plugins\npdf.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\ProgramData\Qassa+\FFExtension20150307150322 [2015/03/07 15:03:22 | 000,000,000 | -H-D | M]
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] D:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - Startup: D:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firemin.lnk =  File not found
[2015/03/07 15:02:32 | 000,033,334 | -H-- | M] () -- D:\Windows\SysNative\KMSServer.exe
[2015/03/07 15:02:31 | 000,087,094 | -H-- | M] () -- D:\Windows\SysNative\KMSWrapper.dll

 

:Commands
[EmptyTemp]

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#3 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

 

 

Items for your next post

1. OTL Fix log

2. AdwCleaner log

3. FRST and Addition logs

[fab4]

x

Edited by fab4, 10 March 2015 - 12:56 PM.

[BrianDrab]

Thanks for the information. Unfortunately it appears you are running on an illegal copy of Windows and possibly Office as well. Per our Terms of Use that you agreed to upon creating an account it states the following.

 

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

 

 

I'm sorry we can't help you further.

[BrianDrab]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.