Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Annoying adware, maybe spyware & virus


  • Please log in to reply

#1
jerry3003

jerry3003

    Member

  • Member
  • PipPip
  • 26 posts

Frequent annoying adware, popups and occasional red sreeen (fake?) virus warning

Need help to determine if something serious is going on

 

My first time using the FRST utility. Hope someone can help!

Attached Files


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,887 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special Note: Please know that I am against piracy in any form. This includes, but not limited to, movies, music, and software. This is also a violation of the Terms of Service you agreed to when you created your account here. If programs such as KMS that are used to activate illegal copies of Microsoft software are found, you will be asked to remove them and submit fresh logs.

Failure to do so will result in assistance being withdrawn.

Now, let's get started, shall we? :thumbsup:


Hello :)

When posting the logs, please copy and paste them as replies to your topic. It makes them much easier to analyze. :)

Let's run some tools and then a fresh look at your system. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related:

Quiknowledge
Zip Opener Packages



Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2469075875-354067968-2794457364-1002\...\Run: [Power2GoExpress] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0F0C0Fzz0A0E0AtDyDtB0A0C0B0A0CzytN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtAtAtBtB0AzytCtG0C0DtDtAtGtAtD0B0BtG0A0DzzyDtGyBtCzytC0AtA0FyByCzzyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyB0EyCzyzyyEyCtGyEzyzz0BtG0AtCyCtAtG0EyEtDzztGtAtD0B0B0F0B0D0DyDzz0E0B2Q&cr=425275822&ir=
SearchScopes: HKLM -> DefaultScope {DDE39C86-F989-441C-B21E-BD11A8455FE8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0F0C0Fzz0A0E0AtDyDtB0A0C0B0A0CzytN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtAtAtBtB0AzytCtG0C0DtDtAtGtAtD0B0BtG0A0DzzyDtGyBtCzytC0AtA0FyByCzzyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyB0EyCzyzyyEyCtGyEzyzz0BtG0AtCyCtAtG0EyEtDzztGtAtD0B0B0F0B0D0DyDzz0E0B2Q&cr=425275822&ir=
SearchScopes: HKLM -> {DDE39C86-F989-441C-B21E-BD11A8455FE8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0F0C0Fzz0A0E0AtDyDtB0A0C0B0A0CzytN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtAtAtBtB0AzytCtG0C0DtDtAtGtAtD0B0BtG0A0DzzyDtGyBtCzytC0AtA0FyByCzzyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyB0EyCzyzyyEyCtGyEzyzz0BtG0AtCyCtAtG0EyEtDzztGtAtD0B0B0F0B0D0DyDzz0E0B2Q&cr=425275822&ir=
BHO: Quiknowledge -> {323C6E6D-1621-470F-8A52-4FDEC4E75E40} -> C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll -> No File
Task: {157C98A0-C305-4FEF-AEC9-8EC93EFD7C6A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {27FCB6A8-2B56-4DF1-98CA-DD978E369A25} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3E5D5AD0-67BC-4CD9-9545-9AE7078BBCDB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {53AD2352-1E94-479C-B7F1-BD883B3BB04C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {81F5218D-739D-4D20-80D0-776DC05748CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {920A27B8-0649-4601-8426-1AF8DE2EEEC9} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {950BD522-59F3-4250-B1C2-B5921A2C0CE8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {96295E9C-2B04-412A-AD53-4E2ED860CC1C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C0B91437-FA97-42F5-9E97-41632BC1EA44} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CA37D1B0-E605-4FEA-8640-6C1F87ECA8ED} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {CF91320A-F752-41E5-B894-D6CF784F0615} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CFE0A32B-97C8-4D96-A6CF-E8EFE8534886} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DC232AE5-5754-40C1-85DD-706CC719241B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F66CB502-B95B-46BD-BD44-ABE5586CF10B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F757CD7A-A5DA-4C54-9471-4DD1304D44A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD4E1115-5D50-4023-A279-C94CD62A961E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-2469075875-354067968-2794457364-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2469075875-354067968-2794457364-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-2469075875-354067968-2794457364-1002\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2469075875-354067968-2794457364-1002\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download AdwCleaner by Xplode to your Desktop from the following link.


Download Link #1
Download Link #2

  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Option and put a check mark on everything;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
  • Copy and Paste the contents of this log in your reply.
Step 5: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool, click the Addition box and press the Scan button.
  • FRST will scan your system and produce two logs. FRST.txt and Addition.txt. Please post both logs in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP