Edit :Do you still require assistance ?
Hi, there does appear to be a pile of junk there... So lets get at it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer Open
notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
AppInit_DLLs-x32: C:\ProgramData\caMyciloP\Lightfan.dll => No File
HKU\S-1-5-21-1537208253-64187462-945491437-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfHNs45WU3GnskdALPoTR4x0JhQMQTiwGhV99P4O8VQzr9T1q01OcbF_qnOUp9iPLrlPEe_ldm-jmDTRJzYyaw2OWVJd2rrfjAsBa3Aq9rzHfqAhSu99f6WRlejOSU3zzXfKNnc50qRsum0ELFMeCLVuZfXeq53M,&q={searchTerms}
HKU\S-1-5-21-1537208253-64187462-945491437-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfHNs45WU3GnskdALPoTR4x0JhQMQTiwGhV99P4O8VQzr9T1q01OcbF_qnOUp9iPLrlPEe_ldm-jmDTRJzYyaw2OWVJd2rrfjAsBa3Aq9rzHfqAhSu99f6WRlejOSU3zzXfKNnc50qRsum0ELFMeCLVuZfXeq53M,&q={searchTerms}
HKU\S-1-5-21-1537208253-64187462-945491437-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfHNs45WU3GnskdALPoTR4x0JhQMQTiwGhV99P4O8VQzr9T1q01OcbF_qnOUp9iPLrlPEe_ldm-jmDTRJzYyaw2OWVJd2rrfjAsBa3Aq9rzHfqAhSu99f6WRlejOSU3zzXfKNnc50qRsum0ELFMeCLVuZfXeq53M,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfHNs45WU3GnskdALPoTR4x0JhQMQTiwGhV99P4O8VQzr9T1q01OcbF_qnOUp9iPLrlPEe_ldm-jmDTRJzYyaw2OWVJd2rrfjAsBa3Aq9rzHfqAhSu99f6WRlejOSU3zzXfKNnc50qRsum0ELFMeCLVuZfXeq53M,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537208253-64187462-945491437-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfHNs45WU3GnskdALPoTR4x0JhQMQTiwGhV99P4O8VQzr9T1q01OcbF_qnOUp9iPLrlPEe_ldm-jmDTRJzYyaw2OWVJd2rrfjAsBa3Aq9rzHfqAhSu99f6WRlejOSU3zzXfKNnc50qRsum0ELFMeCLVuZfXeq53M,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537208253-64187462-945491437-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfHNs45WU3GnskdALPoTR4x0JhQMQTiwGhV99P4O8VQzr9T1q01OcbF_qnOUp9iPLrlPEe_ldm-jmDTRJzYyaw2OWVJd2rrfjAsBa3Aq9rzHfqAhSu99f6WRlejOSU3zzXfKNnc50qRsum0ELFMeCLVuZfXeq53M,&q={searchTerms}
FF NewTab: C:\\ProgramData\\caMyciloPs\\ff.NT
FF DefaultSearchEngine.US: findit
FF Homepage: C:\\ProgramData\\caMyciloPs\\ff.HP
S4 downlpadprodqcn; C:\Users\Marpat The Shark\AppData\Local\mediadom.exe [28160 2016-02-14] () [File not signed]
S2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe shuz -f "C:\ProgramData\\ApplicationHosting\\ApplicationHosting.dat" -l -a
S4 caMyciloP; C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a
S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [X]
S3 iscFlash; \??\C:\Users\MARPAT~1\AppData\Local\Temp\7zS7BD3.tmp\iscflashx64.sys [X]
2016-02-15 09:50 - 2016-02-15 09:50 - 00000000 ____D C:\Users\Marpat The Shark\AppData\Local\mstrn32
2016-02-15 09:50 - 2016-02-15 09:50 - 00000000 ____D C:\Users\Marpat The Shark\AppData\Local\cpx
2016-02-15 09:49 - 2016-02-15 09:50 - 00000000 ____D C:\Program Files (x86)\cpx
2016-02-15 09:49 - 2016-02-15 09:49 - 00000000 ____D C:\Program Files (x86)\msrtn32
2016-02-15 00:52 - 2016-02-15 00:52 - 00000000 ____D C:\Program Files (x86)\taskvmx
2016-02-15 00:43 - 2016-02-15 01:41 - 00000000 ____D C:\ProgramData\RFA_Backups
2016-02-15 00:43 - 2016-02-15 00:43 - 00000000 ____D C:\ProgramData\Registry First Aid
2016-02-14 21:08 - 2016-02-14 21:08 - 00003240 _____ C:\Windows\System32\Tasks\netupodtep
2016-02-14 15:10 - 2016-02-14 15:10 - 03278982 _____ () C:\Program Files\Common Files\sxgxvckw.exe
2016-02-14 15:08 - 2016-02-14 15:08 - 00003388 _____ C:\Windows\System32\Tasks\1q0si4kp
2016-02-14 15:08 - 2016-02-14 15:08 - 00000000 ____D C:\Program Files\Common Files\114w3jd3
2016-02-14 13:10 - 2016-02-14 13:10 - 03283564 _____ C:\Program Files\Common Files\lb1xrwyi.exe
2016-02-14 13:08 - 2016-02-14 13:08 - 00003388 _____ C:\Windows\System32\Tasks\y4b4gkfm
2016-02-14 13:08 - 2016-02-14 13:08 - 00000000 ____D C:\Program Files\Common Files\yetrkwfk
2016-02-14 12:08 - 2016-02-14 12:08 - 00003388 _____ C:\Windows\System32\Tasks\t4sd4lmf
2016-02-14 12:08 - 2016-02-14 12:08 - 00000000 ____D C:\Program Files\Common Files\2snnjkyo
2016-02-14 11:13 - 2016-02-14 11:13 - 00003278 _____ C:\Windows\System32\Tasks\psv_Donkix
2016-02-14 11:13 - 2016-02-14 11:13 - 00003272 _____ C:\Windows\System32\Tasks\psv_Tan-Dom
2016-02-14 11:13 - 2016-02-14 11:13 - 00003270 _____ C:\Windows\System32\Tasks\psv_ZimNix
2016-02-14 11:11 - 2016-02-14 11:11 - 03249996 _____ () C:\Program Files\Common Files\4gsok3qz.exe
2016-02-14 11:08 - 2016-02-14 11:08 - 00003388 _____ C:\Windows\System32\Tasks\ev0vzz24
2016-02-14 11:08 - 2016-02-14 11:08 - 00000000 ____D C:\Program Files\Common Files\l3w5gx1g
2016-02-14 10:11 - 2016-02-14 10:11 - 03232998 _____ C:\Program Files\Common Files\noegwx32.exe
2016-02-14 10:08 - 2016-02-14 10:08 - 00003388 _____ C:\Windows\System32\Tasks\k2iil50u
2016-02-14 10:08 - 2016-02-14 10:08 - 00000000 ____D C:\Program Files\Common Files\gf42yvjq
2016-02-14 09:41 - 2016-02-14 09:41 - 00003238 _____ C:\Windows\System32\Tasks\{4BA25BA7-9E41-4CEB-A509-032C60E01CC7}
2016-02-14 09:08 - 2016-02-15 02:23 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-02-14 09:07 - 2016-02-14 09:07 - 01827657 _____ C:\Users\Marpat The Shark\AppData\Roaming\Tandamcore.tst
2016-02-14 09:07 - 2016-02-14 09:07 - 00666112 _____ C:\Users\Marpat The Shark\AppData\Roaming\Tandamcore.exe
2016-02-14 09:07 - 2016-02-14 09:07 - 00666112 _____ C:\Users\Marpat The Shark\AppData\Roaming\Matzap.exe
2016-02-14 09:07 - 2016-02-14 09:07 - 00189676 _____ C:\Users\Marpat The Shark\AppData\Roaming\Zath-Eco.bin
2016-02-14 09:07 - 2016-02-14 09:07 - 00126976 _____ C:\Users\Marpat The Shark\AppData\Roaming\Installer.dat
2016-02-14 09:07 - 2016-02-14 09:07 - 00126464 _____ C:\Users\Marpat The Shark\AppData\Roaming\noah.dat
2016-02-14 09:07 - 2016-02-14 09:07 - 00126464 _____ C:\Users\Marpat The Shark\AppData\Roaming\lobby.dat
2016-02-14 09:07 - 2016-02-14 09:07 - 00072791 _____ C:\Users\Marpat The Shark\AppData\Roaming\Matzap.tst
2016-02-14 09:07 - 2016-02-14 09:07 - 00062976 _____ C:\Users\Marpat The Shark\AppData\Roaming\Config.xml
2016-02-14 09:07 - 2016-02-14 09:07 - 00054272 _____ C:\Users\Marpat The Shark\AppData\Roaming\ApplicationHosting.dat
2016-02-14 09:07 - 2016-02-14 09:07 - 00041472 _____ C:\Users\Marpat The Shark\AppData\Local\mediadom.dat
2016-02-14 09:07 - 2016-02-14 09:07 - 00028160 _____ C:\Users\Marpat The Shark\AppData\Local\mediadom.exe
2016-02-14 09:07 - 2016-02-14 09:07 - 00018432 _____ C:\Users\Marpat The Shark\AppData\Roaming\Main.dat
2016-02-14 09:07 - 2016-02-14 09:07 - 00017040 _____ C:\Users\Marpat The Shark\AppData\Roaming\InstallationConfiguration.xml
2016-02-14 09:07 - 2016-02-14 09:07 - 00005568 _____ C:\Users\Marpat The Shark\AppData\Roaming\md.xml
2016-02-14 09:07 - 2016-02-14 09:07 - 00000187 _____ C:\Users\Marpat The Shark\AppData\Local\mediadom.exe.config
2016-02-14 09:06 - 2016-02-14 09:06 - 00000000 ____D C:\Users\Marpat The Shark\AppData\Roaming\c
2016-02-14 00:32 - 2016-02-14 00:37 - 38192542 _____ C:\Users\Marpat The Shark\Downloads\Hot_Webcam_video_2581.avi
2016-02-14 11:11 - 2016-02-14 11:11 - 3249996 _____ () C:\Program Files\Common Files\4gsok3qz.exe
2016-02-14 15:10 - 2016-02-14 15:10 - 3278982 _____ () C:\Program Files\Common Files\sxgxvckw.exe
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1537208253-64187462-945491437-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath
Task: {00D2A18E-40B4-4BE3-ADDB-62B8589A51B3} - System32\Tasks\y4b4gkfm => C:\Program Files\Common Files\yetrkwfk\2d69505nnjqpz.exe [2016-02-14] () <==== ATTENTION
Task: {03512266-1887-4A8F-81FA-D552904CA2C0} - System32\Tasks\psv_ZimNix => /c regedit.exe /s "C:\ProgramData\Airtostrong\UniTom.reg" & del "C:\ProgramData\Airtostrong\UniTom.reg" & SCHTASKS /Delete /TN "psv_ZimNix" /F <==== ATTENTION
Task: {0B871732-8F48-4A09-BA54-B4FC43189672} - System32\Tasks\psv_Tan-Dom => /c regedit.exe /s "C:\ProgramData\Airtostrong\Iceair.reg" & del "C:\ProgramData\Airtostrong\Iceair.reg" & SCHTASKS /Delete /TN "psv_Tan-Dom" /F <==== ATTENTION
Task: {38CF518C-E841-433B-9E96-7EE588E384CD} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {6348E4F6-BF11-4214-83F7-1C3A499B3A7D} - System32\Tasks\ev0vzz24 => C:\Program Files\Common Files\l3w5gx1g\437fai2mbpqu0.exe [2016-02-14] () <==== ATTENTION
Task: {6419F744-8170-4B64-BC96-973F376DDEF5} - System32\Tasks\{B44FDBB5-3179-4F29-8D59-07AEF81EA1A9} => pcalua.exe -a "C:\Users\Marpat The Shark\Downloads\TagesSetup.exe" -d "C:\Users\Marpat The Shark\Downloads"
Task: {7AB4D9B6-66B1-46DD-AD0E-2A85C449FD73} - System32\Tasks\k2iil50u => C:\Program Files\Common Files\gf42yvjq\8c71aretravbl.exe [2016-02-14] () <==== ATTENTION
Task: {7F300963-1D7A-4B5A-A57A-DA9C593B3500} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {8AA8B705-DAEC-4CAE-883A-6D9C79074CB1} - System32\Tasks\netupodtep => C:\Windows\system32\config\systemprofile\AppData\Local\San-Phase <==== ATTENTION
Task: {CF76F3AC-F0FB-4847-AB07-6B6D8AF863B4} - System32\Tasks\t4sd4lmf => C:\Program Files\Common Files\2snnjkyo\49db6czvzq3yj.exe [2016-02-14] () <==== ATTENTION
Task: {FE289DAF-1F71-47D1-91A0-5F83EBB38A23} - System32\Tasks\psv_Donkix => /c regedit.exe /s "C:\ProgramData\Airtostrong\Zummatam.reg" & del "C:\ProgramData\Airtostrong\Zummatam.reg" & SCHTASKS /Delete /TN "psv_Donkix" /F <==== ATTENTION
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9
AlternateDataStreams: C:\Users\Marpat The Shark\Application Data:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\Cookies:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\Templates:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\AppData\Local\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Marpat The Shark\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
C:\Program Files (x86)\msrtn32
C:\Program Files (x86)\cpx
C:\Users\Marpat The Shark\AppData\Local\mediadom.exe
C:\ProgramData\ApplicationHosting
C:\ProgramData\caMyciloP
C:\Program Files (x86)\dataup
C:\Program Files\Common Files\yetrkwfk
C:\ProgramData\Airtostrong
C:\Program Files (x86)\Pro PC Cleaner\
C:\Program Files\Common Files\l3w5gx1g
C:\Windows\system32\config\systemprofile\AppData\Local\San-Phase
C:\Program Files\Common Files\2snnjkyo
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as
fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THENPlease download
AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
Edited by Essexboy, 15 February 2016 - 12:51 PM.