Hi
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/remove%20outdated.jpg
Uninstall some programs
We need to uninstall some programs.
[*]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type appwiz.cpl and click OK.
[*]Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
[*]Ask Toolbar
After completing uninstalls, please manually reboot your machine!
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
- R on your keyboard at the same time. Type Notepad and click OK.
[*]Copy the entire content of the codebox below and paste into the Notepad document:
start
CloseProcesses:
HKU\S-1-5-21-293655139-2097187613-2028248552-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - DefaultScope {78882031-6432-4DFF-A69B-FE6A3586E248} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM - {78882031-6432-4DFF-A69B-FE6A3586E248} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=DIC2V5&o=13732&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D5&apn_dtid=gog187YYUS&apn_uid=5333EA2B-5ACC-4389-B1E9-46F416396723&apn_sauid=0F28AB25-182D-4B08-9442-51D426AE563E
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=lzhuHnGIkM0EIVrfMYdA0XmvvvY?q={searchTerms}
SearchScopes: HKCU - {78882031-6432-4DFF-A69B-FE6A3586E248} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_en___US346
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm0806Wus&ptb=sE_AvbRGx_TwjGG1octdSw&ind=2011031120&ptnrS=ZUxdm0806Wus&si=&n=77dde650&psa=&st=kwd&searchfor=
FF NetworkProxy: "type", 0
FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
C:\Program Files\CouponAlert_2pEI
FF SearchPlugin: C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\wctui4in.default\searchplugins\mywebsearch.xml
C:\Users\Graham\AppData\Roaming\Mozilla\Firefox\Profiles\wctui4in.default\searchplugins\mywebsearch.xml
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
U3 catchme; \??\C:\Users\Graham\AppData\Local\Temp\catchme.sys [X]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-293655139-2097187613-2028248552-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {A08CECC7-E3B9-4F21-9E10-8365538EC1B1} - System32\Tasks\RunAsStdUser Task => C:\Users\Graham\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
Task: {CDA6B8B2-AE0E-4EC2-A554-0C036BC361F0} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
C:\Program Files\Ask.com
C:\Users\Graham\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
EmptyTemp:
end
[*]Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.