magna86
16
Ola,
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
HKCU\...\Run: [cacaoweb] - C:\Users\Federico\AppData\Roaming\cacaoweb\cacaoweb.exe [452608 2013-10-12] ()
HKCU\...\Run: [84182bbbv] - C:\Users\Federico\AppData\Local\Temp\84182bbbv.vbs [74189 2013-09-22] () <===== ATTENTION
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [CMD] - cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20130909 (exit) else (start http://alt-rutor.org && exit)
Startup: C:\Users\Federico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\84182bbbv.vbs ()
C:\Users\Federico\AppData\Roaming\cacaoweb
C:\Users\Federico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\84182bbbv.vbs
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\LyricsPal\125.crx
C:\Program Files (x86)\LyricsPal
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2013-09-26 18:35 - 2013-09-27 00:35 - 98009570 _____ C:\Windows\SysWOW64\鐂鯌ᵌ
Folder: C:\Program Files (x86)\39CI
C:\Users\Federico\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
------- next -------
Scan with Combofix:
[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.
[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )