Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on August 23, 2015, 04:23:53 PM
-
I already used the Farbar recovery scan tool like the other posts and it gave FRST.tx and Addition.txt. Where should i send it? :'( :'( :'( :'( :'(
-
Here are the logs
-
Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3295863128-3621218411-1529032670-1002\...\Run: [BackgroundContainerV2] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Heindrich\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3295863128-3621218411-1529032670-1002\...\Run: [Nv GPU Pro] => [X]
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
URLSearchHook: HKLM-x32 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
URLSearchHook: HKU\S-1-5-21-3295863128-3621218411-1529032670-1002 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
SearchScopes: HKU\S-1-5-21-3295863128-3621218411-1529032670-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN10200074118226240&UM=2&UP=SP7A4278C8-83C2-4871-BF92-78B5AF75479F&SSPV=
SearchScopes: HKU\S-1-5-21-3295863128-3621218411-1529032670-1002 -> {B32ED315-1500-4989-91CE-3ECDF0CF8E42} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN10200074118226240&UM=2
BHO-x32: No Name -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
Toolbar: HKU\S-1-5-21-3295863128-3621218411-1529032670-1002 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
2015-07-15 08:59 - 2015-06-16 05:16 - 71681408 ___SH () C:\ProgramData\mstfnqle.exe
C:\Users\Heindrich\AppData\Local\Conduit
C:\Program Files (x86)\SearchProtect
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
-
Here are the logs for FRST64, and ADW cleaner. i jsut put the three inside the adwcleaner file because i'm not sure(I think it's the C1 txtfile). The pop-ups have stopped. I think this came from a usb that i have used, any way i can plug it in again in my laptop without getting infected?
-
Before you use the USB install this programme
Download MCShield (http://www.mcshield.net/) to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
(https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG)
Plug in the drive and McShield will start a scan
Then get the log which will be located under the logs tab on the main page
And post that