[RESOLVED] rapidywebie program

[kspeel]

Nope I moved the fixlist to desktop but have not run frst....sorry

[kspeel]

there is nothing there like this ,I looked in the directory
C:\Users\kspee_000\AppData\Local\Microsoft\Windows\INetCache\IE\4G8DPSN4

[Broni]

Download FRTS64 one more time: http://www.bleepingcomputer.com/down...ery-scan-tool/ and make sure it's on your DESKTOP.

[kspeel]

Broni I downloaded\ and saved frst right next to the fixlist.txt file(it shows its a .php file} and frst is saying there is no fixlist there.BOth are on the desktop as per requested.

[Broni]

Obviously you're doing something wrong.
Rename fixlist.php to fixlist.txt.

[kspeel]

okay chaged it to .txt file and still says same

[kspeel]

Just trying to work with you broni been doing this a long time

[kspeel]

your in charge just trying to get it right

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:

Code:

:filefind
frst*
fixlist*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[kspeel]

okay Broni what a pain in the a but hope its worth it
SystemLook 30.07.11 by jpshortstuff
Log created at 19:32 on 01/12/2014 by kspee_000
Administrator - Elevation successful

========== filefind ==========

Searching for "frst*"
C:\$Recycle.Bin\S-1-5-21-3867094829-2339833201-1041792167-1001\$R38VPBA\FRST64.exe --a---- 2117120 bytes [11:50 01/12/2014] [11:50 01/12/2014] 8C5B21CD725D0050D3634E8BE1D9B6AF
C:\$Recycle.Bin\S-1-5-21-3867094829-2339833201-1041792167-1001\$R9XFQC5\FRST64.exe --a---- 2117120 bytes [00:27 02/12/2014] [11:40 01/12/2014] 8C5B21CD725D0050D3634E8BE1D9B6AF
C:\$Recycle.Bin\S-1-5-21-3867094829-2339833201-1041792167-1001\$RB93AMH\Logs\FRST_29-11-2014_20-59-45.txt --a---- 51588 bytes [01:59 30/11/2014] [01:59 30/11/2014] A7FDCC1BF3B76B56B954687772932770
C:\Users\kspee_000\AppData\Local\Microsoft\Windows\INetCache\IE\4G8DPSN4\FRST.txt --a---- 51588 bytes [01:58 30/11/2014] [01:59 30/11/2014] A7FDCC1BF3B76B56B954687772932770
C:\Users\kspee_000\Desktop\FRST64.exe --a---- 2117120 bytes [11:40 01/12/2014] [11:40 01/12/2014] 8C5B21CD725D0050D3634E8BE1D9B6AF
C:\Windows\Prefetch\FRST64.EXE-7C6DC6B5.pf --a---- 45692 bytes [11:51 01/12/2014] [00:27 02/12/2014] 5E18A19C2E905B780F49A1EDD66F1777
C:\Windows\Prefetch\FRST64.EXE-A29D52BA.pf --a---- 47114 bytes [11:41 01/12/2014] [00:23 02/12/2014] 8073C242D7C471ADB398EE32CD626FB5
C:\Windows\Prefetch\FRST64.EXE-A2AB2C89.pf --a---- 43720 bytes [01:58 30/11/2014] [01:58 30/11/2014] AE2D67B3EE321C954D762B906BE4D974

Searching for "fixlist*"
No files found.

-= EOF =-

[Broni]

I can see there is FRST64 on your Desktop:

C:\Users\kspee_000\Desktop\FRST64.exe

But as you can see from the above search there is not "fixlist.txt" on your Desktop so I'm not sure how you can see it there.
In fact "fixlist.txt" file is nowhere on your computer.

[kspeel]

it says attchment

[kspeel]

this is on my desktop
HKLM-x32\...\Run: [gmsd_us_4] => [X]
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\...\MountPoints2: {369b6fc5-8f78-11e3-be76-1c6f65fab647} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\...\MountPoints2: {70f29ff5-681d-11e4-becf-1c6f65fab647} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\...\MountPoints2: {84e9c5e3-13e7-11e4-bea2-1c6f65fab647} - "F:\LG_PC_Programs.exe"
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 51cdb72; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
2014-11-27 11:56 - 2014-11-29 10:36 - 00000000 ____D () C:\Program Files (x86)\Rapidyweb
C:\Users\kspee_000\AppData\Local\Temp\6A8D8BEF-AB14-21FA-1756-5DEB13D3C8B0.dll
C:\Users\kspee_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\kspee_000\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\kspee_000\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\kspee_000\AppData\Local\Temp\nvStInst.exe
C:\Users\kspee_000\AppData\Local\Temp\Quarantine.exe
C:\Users\kspee_000\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Users\kspee_000\SkyDrive:ms-properties

[kspeel]

OH yea Broni how bout this
ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by kspee_000 at 2014-12-01 19:48:52 Run:1
Running from C:\Users\kspee_000\Desktop
Loaded Profile: kspee_000 (Available profiles: kspee_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [gmsd_us_4] => [X]
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\...\MountPoints2: {369b6fc5-8f78-11e3-be76-1c6f65fab647} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\...\MountPoints2: {70f29ff5-681d-11e4-becf-1c6f65fab647} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\...\MountPoints2: {84e9c5e3-13e7-11e4-bea2-1c6f65fab647} - "F:\LG_PC_Programs.exe"
HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 51cdb72; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
2014-11-27 11:56 - 2014-11-29 10:36 - 00000000 ____D () C:\Program Files (x86)\Rapidyweb
C:\Users\kspee_000\AppData\Local\Temp\6A8D8BEF-AB14-21FA-1756-5DEB13D3C8B0.dll
C:\Users\kspee_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\kspee_000\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\kspee_000\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\kspee_000\AppData\Local\Temp\nvStInst.exe
C:\Users\kspee_000\AppData\Local\Temp\Quarantine.exe
C:\Users\kspee_000\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Users\kspee_000\SkyDrive:ms-properties

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_4 => value deleted successfully.
"HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{369b6fc5-8f78-11e3-be76-1c6f65fab647}" => Key deleted successfully.
"HKCR\CLSID\{369b6fc5-8f78-11e3-be76-1c6f65fab647}" => Key not found.
"HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70f29ff5-681d-11e4-becf-1c6f65fab647}" => Key deleted successfully.
"HKCR\CLSID\{70f29ff5-681d-11e4-becf-1c6f65fab647}" => Key not found.
"HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84e9c5e3-13e7-11e4-bea2-1c6f65fab647}" => Key deleted successfully.
"HKCR\CLSID\{84e9c5e3-13e7-11e4-bea2-1c6f65fab647}" => Key not found.
"HKU\S-1-5-21-3867094829-2339833201-1041792167-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
51cdb72 => Service deleted successfully.
"c:\Program Files (x86)\Optimizer Pro 3.11" => File/Directory not found.
AODDriver4.2.0 => Service deleted successfully.
EagleX64 => Service deleted successfully.
C:\Program Files (x86)\Rapidyweb => Moved successfully.
C:\Users\kspee_000\AppData\Local\Temp\6A8D8BEF-AB14-21FA-1756-5DEB13D3C8B0.dll => Moved successfully.
C:\Users\kspee_000\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\kspee_000\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\kspee_000\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\kspee_000\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\kspee_000\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\kspee_000\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\kspee_000\SkyDrive => ":ms-properties" ADS removed successfully.

==== End of Fixlog ====

[Broni]

Good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program