[richard87]

Hi, we have an HP Pavilion Slimline, with Windows 7 Home premium 64 Bit- service pack 1.

There are several users with a variety of tasking from school work to personal finance (currently not being conducted as a precaution).

 We employ Microsoft Security Essentials, Sophos Virus Removal Tool, and Super antispyware Free Edition.

We are attacked by:

Rogue:JS/FaceCall.D

Ransom:JS/FakeBsod.A

Trojan:win32/Skeeyah.Albit

Adware:win32/Salus

What must we do?????

Edited by richard87, 04 December 2015 - 01:22 PM.

[Advertisements]

Hi first I will need to look at the system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi first I will need to look at the system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[richard87]

Scans completed, data saved to desktop. Attaching has been problematic-where do I see if they load? I loaded each.

[Essexboy]

Please attach the files using the box below

[richard87]

It allowed it today... thanks. They are attached.

Attached Files

•  FRST.txt   60.32KB   200 downloads
•  Addition.txt   54.79KB   250 downloads
•  aswMBR.txt   8.32KB   157 downloads

[Essexboy]

Your system is badly infected, I would suggest that you replace MSES with a third party antivirus

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_984] => [X]
HKU\S-1-5-21-2886685577-3491965275-1731567388-1001\...\Run: [NinjaLoader] => "C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe" --startup
HKU\S-1-5-21-2886685577-3491965275-1731567388-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
AppInit_DLLs-x32: c:/progra~3/{c5052~1/193~1.1/lidi.dll => c:\ProgramData\{C5052DC6-9587-FC40-2401-8CC2F4835F4C}\1.9.3.1\lidi.dll [1010688 2015-03-28] ()
AppInit_DLLs-x32: _c:\progra~2\search~1\search~1\bin\vc32lo~1.dll => No File
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk [2015-09-30]
ShortcutTarget: bm.lnk -> C:\Users\Richard\AppData\Local\ylbivwytmelkbjl\ynbib2zwmf9kdtl.exe (No File)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-03-28]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:52451;https=127.0.0.1:52451
ProxyServer: [HKLM-x32] => http=127.0.0.1:52451;https=127.0.0.1:52451
AutoConfigURL: [HKLM] => http=127.0.0.1:52451;https=127.0.0.1:52451
Winsock: Catalog9 01 C:\Windows\SysWOW64\VCL.dll [335064 2015-03-20] (VC Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\VCL.dll [335064 2015-03-20] (VC Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\VCL.dll [335064 2015-03-20] (VC Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\VCL.dll [335064 2015-03-20] (VC Corporation)
Winsock: Catalog9 15 C:\Windows\SysWOW64\VCL.dll [335064 2015-03-20] (VC Corporation)
SearchScopes: HKLM -> {5BA6C7E2-AFE3-41EC-975F-544F10D02112} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {5BA6C7E2-AFE3-41EC-975F-544F10D02112} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2886685577-3491965275-1731567388-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M2160B98F-E93B-43FF-A5BA-271154A74ACC&SearchSource=58&CUI=&UM=8&UP=SPE1F4109D-EF34-4006-94F3-A2390386F4EC&q={searchTerms}&D=032815&SSPV=
SearchScopes: HKU\S-1-5-21-2886685577-3491965275-1731567388-1001 -> {6CDB4593-05A7-43F0-A3AA-080C95003B55} URL = hxxp://search.genieo.com/results.html?v=w3i20&wtag=W3i_IA,206,0_01,DefaultSearch,20140730,19432,0,IE11,&q={searchTerms}
Toolbar: HKU\S-1-5-21-2886685577-3491965275-1731567388-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF Plugin HKU\S-1-5-21-2886685577-3491965275-1731567388-1001: @seedonk.com/SeeVWidget;version=1.1.2.0 -> C:\Program Files\iSecurityPlusPlayer\\npseev.dll [2014-02-22] (Seedonk Inc)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha613\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1982\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha591\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4925\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home636\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2085\ff [not found]
FF HKU\S-1-5-21-2886685577-3491965275-1731567388-1001\...\Firefox\Extensions: [{BCB405DC-08DC-8A3D-93BE-6D905202D18E}] - C:\Program Files (x86)\BlockAndSurfS\174.xpi => not found
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
S2 lybupepu; C:\Users\Richard\AppData\Roaming\DF69C330-1427531256-11DF-AC14-6C58A2FD8E57\nsi8EDB.tmp [X]
R1 ymjim2z2mhnkbdl; C:\Windows\System32\drivers\ymjim2z2mhnkbdl.sys [59736 2015-10-03] (NetFilterSDK.com)
S1 dyoseyun; \??\C:\Windows\system32\drivers\dyoseyun.sys [X]
S1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
2015-11-29 09:40 - 2015-11-29 09:40 - 00000000 ____D C:\Program Files (x86)\Smwyyntm1ndi1zdz
2015-11-25 12:03 - 2015-11-25 12:03 - 00009108 _____ C:\Windows\srtpoq.xml
2015-12-04 15:51 - 2015-08-15 06:15 - 00000344 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-12-04 15:51 - 2013-04-17 18:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-04 12:44 - 2015-08-15 17:44 - 00000344 _____ C:\Windows\Tasks\Superclean.job
2015-12-04 09:54 - 2015-03-28 07:40 - 00001060 _____ C:\Windows\Tasks\Crossbrowse.job
2015-04-09 00:33 - 2015-04-09 00:33 - 0000088 _____ () C:\Users\Richard\AppData\Local\f204b550fb96d1fff15ba82d2ae9bba5
2014-06-18 10:25 - 2014-06-18 10:25 - 0068609 _____ () C:\Users\Richard\AppData\Local\fhbnarpo
Task: {118F8EC8-5D31-4B9A-A573-32AE38DD3D87} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{30dc51f2-5327-74d4-30dc-c51f253247c9}\hqghumeaylnlf.exe [2014-08-15] (Super PC Tools Ltd) <==== ATTENTION
Task: {11C3F97B-B475-4282-9082-FF9105EB287D} - \BlockAndSurf_wd -> No File <==== ATTENTION
Task: {2F34A17A-93BF-46C9-A9E1-E5DE5AA23E3D} - System32\Tasks\DoctorPC_Start => C:\Program Files (x86)\Doctor PC\DoctorPC.exe <==== ATTENTION
Task: {35D6244C-7F70-4300-889E-FBC356142B9E} - \Maintenance Service-ykrit2ztmejkltl -> No File <==== ATTENTION
Task: {3DC7F7A6-474C-4BEF-8965-ACFBFCE79D6A} - \BlockAndSurf Update -> No File <==== ATTENTION
Task: {42BAEFAD-D26E-4811-AFC9-F840939C32C5} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {4B40CA73-2744-492B-BCF1-5ED9A7A3156C} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {4C8A9718-B80C-46CD-A4DC-DC325E53A48D} - System32\Tasks\{539310BF-8728-448A-972E-75E79942B36A} => pcalua.exe -a "C:\Users\Richard\Downloads\wlsetup-web (2).exe" -d C:\Users\Richard\Downloads
Task: {59C58373-EC63-4497-BA42-1BD85BBD8BC9} - System32\Tasks\PCSpeedClean_Popup => C:\Program Files (x86)\PC Speed Clean\Splash.exe
Task: {6271C7D7-8ABF-48E6-90AA-3029E689FD0A} - \Speedial -> No File <==== ATTENTION
Task: {6A275349-C825-445D-B741-4FBCB7E037AB} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {8D62B1E7-371B-44EE-972F-0EA72492EDA0} - \AmiUpdXp -> No File <==== ATTENTION
Task: {93973FC6-B84D-49FF-B7E9-7F3F7ECC7CCE} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {94997EE2-8569-47CC-BCD6-F90341EFF7BC} - System32\Tasks\DoctorPC_Popup => C:\Program Files (x86)\Doctor PC\Splash.exe <==== ATTENTION
Task: {9C8F7278-D4A1-4FA4-86B5-FE4E2FFD8F62} - System32\Tasks\{61318F9D-EAA6-4A96-BE54-21C899926B38} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {A53B0883-473F-48B6-A7E2-CA8C1C5A7166} - \PastaQuotes -> No File <==== ATTENTION
Task: {A6A6A4A9-06E9-42B2-A2B2-B880E5F34216} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-03-28] () <==== ATTENTION
Task: {AE14D34D-628A-4FAD-9613-6541D8C39992} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {B07975E1-A137-47CE-A863-7543B6C752DE} - System32\Tasks\Security Center Update - 530065233 => C:\Users\Richard\AppData\Roaming\Waacok\fukup.exe <==== ATTENTION
Task: {B447D177-A9A5-4022-AE36-BFEE64A68625} - System32\Tasks\GlobalUpdate-ymziy2zxmgtkbtl => C:\Users\Richard\AppData\Roaming\ymziy2zxmgtkbtl\ymziy2zxmgtkbtl.exe [2015-03-27] () <==== ATTENTION
Task: {B571647D-6D4F-43F8-8F34-479CF17836DF} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {C462602C-A238-4172-B1CF-EF1BD75986CF} - System32\Tasks\Superclean => c:\programdata\{91afdf15-6bd3-e737-91af-fdf156bd7c55}\hqghumeaylnlf.exe [2014-08-15] (Super PC Tools Ltd) <==== ATTENTION
Task: {CC98602C-749F-4B65-8968-D514C13CDF01} - System32\Tasks\Security Center Update - 3123074696 => C:\Users\Richard\AppData\Roaming\Tisyugop\ypiwoc.exe <==== ATTENTION
Task: {D4B8A5F9-FC15-4D65-A0CE-7DA3577A6982} - System32\Tasks\Digital Sites => C:\Users\Richard\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EAADA86C-5BAF-4569-897C-FB3CFA9B197A} - System32\Tasks\DNSATLANTIC => C:\Program Files (x86)\DNS Unlocker\dnsatlantic.exe [2015-09-02] ()
Task: {F345AFF1-C824-456E-878A-506DF75EDA69} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {F9C5B488-573B-4EEC-8DCB-8DC72F1BE0E3} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {FCA46F4E-7F60-4A61-B40A-91E731F59AFB} - \Desk 365 RunAsStdUser -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{30dc51f2-5327-74d4-30dc-c51f253247c9}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Richard\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{91afdf15-6bd3-e737-91af-fdf156bd7c55}\hqghumeaylnlf.exe <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=hp_softwarestore&pf=cndt&locale=en_us&bd=all&c=101 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=3 <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=3 <==== ATTENTION
AlternateDataStreams: C:\Users\Richard\Documents\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Richard\Documents\Image (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Richard\Documents\Image (3).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Richard\Documents\Image (3).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Richard\Documents\Image (3).jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Richard\Documents\Image (3).jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Richard\Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Richard\Documents\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Richard\Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Richard\Documents\Welcome Scan.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
c:\ProgramData\{C5052DC6-9587-FC40-2401-8CC2F4835F4C}
C:\Program Files (x86)\Ninja Loader
C:\Program Files (x86)\Itibiti Soft Phone
C:\Program Files (x86)\Crossbrowse
C:\Program Files (x86)\BlockAndSurfS
C:\Windows\System32\drivers\ymjim2z2mhnkbdl.sys
C:\Windows\system32\drivers\dyoseyun.sys
C:\Windows\system32\drivers\mwiynzm4ndy1yjz.sys
C:\Users\Richard\msndata.dat
c:\programdata\{30dc51f2-5327-74d4-30dc-c51f253247c9}
C:\Program Files (x86)\Doctor PC
C:\Program Files (x86)\Pro PC Cleaner
C:\Program Files (x86)\PC Speed Clean
C:\PROGRA~2\SearchProtect
C:\Users\Richard\AppData\Roaming\Waacok
C:\Users\Richard\AppData\Roaming\DIGITA~1
C:\Users\Richard\AppData\Roaming\Tisyugop
c:\programdata\{91afdf15-6bd3-e737-91af-fdf156bd7c55}
C:\Users\Richard\AppData\Local\DF69C330-1427531348-11DF-AC14-6C58A2FD8E57
C:\Users\Richard\AppData\Local\nodo
C:\Users\Richard\AppData\Roaming\ymziy2zxmgtkbtl
C:\Users\Richard\Downloads\adobe_flash_setup (3).exe
C:\Users\Richard\Downloads\Unconfirmed 18166.crdownload
C:\Users\Richard\Downloads\Unconfirmed 210238.crdownload
C:\Users\Richard\Downloads\Unconfirmed 220205.crdownload
C:\Users\Richard\Downloads\Unconfirmed 24367.crdownload
C:\Users\Richard\Downloads\Unconfirmed 254061.crdownload
C:\Users\Richard\Downloads\Unconfirmed 277020.crdownload
C:\Users\Richard\Downloads\Unconfirmed 288303.crdownload
C:\Users\Richard\Downloads\Unconfirmed 288532.crdownload
C:\Users\Richard\Downloads\Unconfirmed 331091.crdownload
C:\Users\Richard\Downloads\Unconfirmed 334489.crdownload
C:\Users\Richard\Downloads\Unconfirmed 397685.crdownload
C:\Users\Richard\Downloads\Unconfirmed 408070.crdownload
C:\Users\Richard\Downloads\Unconfirmed 50190.crdownload
C:\Users\Richard\Downloads\Unconfirmed 522965.crdownload
C:\Users\Richard\Downloads\Unconfirmed 546520.crdownload
C:\Users\Richard\Downloads\Unconfirmed 550194.crdownload
C:\Users\Richard\Downloads\Unconfirmed 575663.crdownload
C:\Users\Richard\Downloads\Unconfirmed 623527.crdownload
C:\Users\Richard\Downloads\Unconfirmed 646891.crdownload
C:\Users\Richard\Downloads\Unconfirmed 652241.crdownload
C:\Users\Richard\Downloads\Unconfirmed 684841.crdownload
C:\Users\Richard\Downloads\Unconfirmed 699378.crdownload
C:\Users\Richard\Downloads\Unconfirmed 723495.crdownload
C:\Users\Richard\Downloads\Unconfirmed 727265.crdownload
C:\Users\Richard\Downloads\Unconfirmed 73621.crdownload
C:\Users\Richard\Downloads\Unconfirmed 749854.crdownload
C:\Users\Richard\Downloads\Unconfirmed 757543.crdownload
C:\Users\Richard\Downloads\Unconfirmed 778627.crdownload
C:\Users\Richard\Downloads\Unconfirmed 785725.crdownload
C:\Users\Richard\Downloads\Unconfirmed 786388.crdownload
C:\Users\Richard\Downloads\Unconfirmed 805191.crdownload
C:\Users\Richard\Downloads\Unconfirmed 814859.crdownload
C:\Users\Richard\Downloads\Unconfirmed 819570.crdownload
C:\Users\Richard\Downloads\Unconfirmed 824611.crdownload
C:\Users\Richard\Downloads\Unconfirmed 82776.crdownload
C:\Users\Richard\Downloads\Unconfirmed 844074.crdownload
C:\Users\Richard\Downloads\Unconfirmed 863728.crdownload
C:\Users\Richard\Downloads\Unconfirmed 908841.crdownload
C:\Users\Richard\Downloads\Unconfirmed 91023.crdownload
C:\Users\Richard\Downloads\Unconfirmed 927290.crdownload
C:\Users\Richard\Downloads\Unconfirmed 927478.crdownload
C:\Users\Richard\Downloads\Unconfirmed 956331.crdownload
C:\Users\Richard\Downloads\Unconfirmed 958330.crdownload
C:\Users\Richard\Downloads\Unconfirmed 959059.crdownload
C:\Users\Richard\Downloads\Unconfirmed 863728.crdownload
C:\Program Files (x86)\DNS Unlocker
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[richard87]

I'm almost there, but it will not allow to put in same place or join them (FRST64 and fixlist), how do I do this? They are both pinned to my taskbar.

Edited by richard87, 05 December 2015 - 02:08 PM.

[Essexboy]

OK the FRST programme must be on the desktop along with the fixlist.txt


Run FRST and press Fix
On completion a log will be generated please post that

Attached is a copy of the fixlist
 fixlist.txt   15.2KB   185 downloads

[richard87]

Most everything seems to be working well except for Google Chrome; it is sluggish. I also keep logging on (it says I am, but then not able to respond on my link because it deosn't recognize me as signed in. So here is the report. Thanks, and let me know if have to do more.

Attached Files

•  AdwCleanerC2.txt   27.85KB   175 downloads

[Essexboy]

Did you re-install Chrome as directed ?

Please download Malwarebytes Anti-Malware to your desktop

• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
  • Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
• Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:



1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.