magna86
16
Hi,
I didn’t finish with fix process. First FRST fix had task just to neutralize malware. This fix will remove the malware completely.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [] - [x]
SearchScopes: HKCU - DefaultScope {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=CA&install_date=20130131&user_guid=39D756B81C194E8D99A46115FEB2B51A&machine_id=b076414cf7e28ab338d89b9f79db4fd6&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=CA&install_date=20130131&user_guid=39D756B81C194E8D99A46115FEB2B51A&machine_id=b076414cf7e28ab338d89b9f79db4fd6&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
BHO-x32: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll No File
Toolbar: HKLM-x32 - StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll No File
C:\Program Files (x86)\StartNow Toolbar
2013-11-13 16:50 - 2013-11-13 16:50 - 00000000 ____D C:\Users\John Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-13 10:52 - 2013-11-13 10:52 - 00287232 _____ C:\Users\John Taylor\AppData\Local\viivlkcg.exe
File: C:\Users\John Taylor\Downloads\ddmsetup1360.exe
CMD: ipconfig /flushdns
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
THEN
Please download TFC by OldTimer to your desktop
[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Post me fresh FRST.txt