Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Removal [Closed]


  • This topic is locked This topic is locked

#16
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

FIRST >>>>

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CreateRestorePoint:
CloseProcesses:
C:\wajam_validate.exe
C:\Downloads\google-chrome.exe
C:\Downloads\Software\Chrome.exe
C:\temp\ScorpionSaver.msi
C:\Users\Rebekah\AppData\Local\Temp\tbMixi.dll
C:\Users\Rebekah\AppData\Local\Temp\712113.Uninstall\uninstaller.exe
C:\Users\Rebekah\AppData\Local\Temp\758710.Uninstall\uninstaller.exe
C:\Users\Rebekah\Desktop\Computer Stuff\asc-setup.exe
C:\Users\Rebekah\Desktop\Computer Stuff\Software\Adobe Indesign CS4\disable_activation.cmd
C:\Users\Rebekah\Desktop\Computer Stuff\Software\Adobe Photoshop CS4 Extended\keygen.exe
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
C:\Windows\Installer\acec98.msi
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[2].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[1].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[2].exe
C:\Windows\Temp\tmp8C76.tmp
[-HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}]
[-HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}]
[-HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.5]
REG: reg delete "HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher"
[-HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork]
C:\Program Files (x86)\Common Files\Config
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R44ARLE.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R45BBC7.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R6DTCSR.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R6T54Z6.crdownload
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RMTBYO3.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R3S6JEY.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RUFHDD6.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RXBNHOP.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RC9OB12.exe
C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RDO97LZ.exe
C:\Downloads\google-chrome.exe
C:\temp\ScorpionSaver.msi
C:\Windows\Temp\tmp8C76.tmp
C:\Windows\Installer\acec98.msi
C:\Users\Rebekah\Desktop\Computer Stuff\Software\Adobe Photoshop CS4 Extended\keygen.exe
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\chromepreferences
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
RemoveProxy:
Reboot:
end

 


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

SECOND >>>>

 

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or later, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.

     

     

  • Please make a note of the amount of space cleaned by TFC (this will be noted at the end of the report screen).
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

 

 

Information to Reply with >>>>

  • The Fixlog.txt log file text.

     

     

  • Did the TFC program run?  Any problems?  What is the total amount cleaned by TFC?

     

     

  • How is your system running now?

 

 


  • 0

Advertisements


#17
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
My internet is on the fritz so I cannot get online. I will run the script and get the app downloaded and ran.
  • 0

#18
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP