Could you let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer Open
notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-3043237361-960592186-1168485760-1001\...\Run: [pnwqahtfhe] => wscript.exe //B "C:\Users\Aris\AppData\Local\Temp\pnwqahtfhe.vbs" <===== ATTENTION
CHR HKU\S-1-5-21-3043237361-960592186-1168485760-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-3043237361-960592186-1168485760-1002] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing
S2 UpdaterSvcHulaToo; "C:\Program Files (x86)\HulaToo\updater.exe" [X]
AlternateDataStreams: C:\Users\Aris\Local Settings:ma7cCFEHHtZ1hMVecwwWk
AlternateDataStreams: C:\Users\Aris\AppData\Local:ma7cCFEHHtZ1hMVecwwWk
AlternateDataStreams: C:\Users\Aris\AppData\Local\Application Data:ma7cCFEHHtZ1hMVecwwWk
AlternateDataStreams: C:\Users\Aris\AppData\Local\OqvGtG6xlaR6N:8zVxuS1x7Lq2kdfBVCBgow
AlternateDataStreams: C:\Users\Aris\AppData\Local\Temp:cdgWvWfPtCcqjhP31ta5EjULPgZ
C:\Users\Aris\AppData\Local\Temp\pnwqahtfhe.vbs
C:\ProgramData\msocgc.exe
C:\Program Files (x86)\HulaToo
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as
fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THENPlease download
AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLYDownload
Anti VBS/VBE to your desktop
- download the appropriate version (32 bit or 64 bit) and double click the file to run it.
- After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
- Post that report
Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run