1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Task: {F25B03CC-24A8-4B38-A529-5425BD1EC787} - System32\Tasks\Digital Sites => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Users\admin\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-25]
HKU\S-1-5-21-4023048206-416325105-1711805914-1001\...\Run: [AceStream] => C:\Users\admin\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904
C:\Users\admin\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\_acestream_cache_
C:\Users\admin\AppData\Roaming\ACEStream
C:\Users\admin\AppData\Roaming\ACEStream\updater\ace_update.exe
HKU\S-1-5-21-4023048206-416325105-1711805914-1001\...\MountPoints2: {c39d80c9-786a-11e3-8276-08d40c01c687} - "F:\Setup.exe"
EmptyTemp:
CMD: bitsadmin /reset /allusers
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.
Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
[i]For full instructions how MBAR works, read this article
> Doubleclick on the MBAR file (
http://www.mcshield.net/personal/magna86/Images/mbar.png
) and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.
• On the Update Database screen, click on the Update button. Once you see ‘Success: Database was successfully updated’ click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.
Notice: with some infections, you may see two messages boxes:
- ‘Could not load protection driver’. Click ‘OK’.
- ‘Could not load DDA driver’. Click ‘Yes’ to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.
>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.
>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution …
- When you see “press any key to exit” fix is completed, press any key to close the window. Reboot the system.
> The following reports will be created in mbar folder:
- mbar-log-year-month-day (hour-minute-second).txt
- system-log.txt
Please post both logs in your next reply.