72 replies to this topic

[kunash]

frst64 reply

 

 FRST.txt   67.05KB   178 downloads

 

 Addition.txt   29.72KB   210 downloads

[ken545]

Hi,

 

Sorry for the late reply but I was offline last night until just now

 

Let me ask you about IOBIT, its not the best of programs , your choice to uninstall it, let me know if you do.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. 

Open Notepad and paste this in

Start

HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\...\Run: [SystemBooteHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] => mshta.exe http://fci.fokbumei....yJP8FDAh2&log=1

HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\...\Run: [RegWriteeHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] => mshta.exe http://fci.fokbumei....uq9jR1yJP8FDAh2

HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\...\RunOnce: [RegWriteeHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] - mshta.exe http://fci.fokbumei....uq9jR1yJP8FDAh2

S2 SBAMSvc; "C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe" [X]

S2 System guard; "C:\Program Files (x86)\KeyDownload\KeyPlayr\guardnot.exe" [X]

End

 

 

 

Save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) Post the log from the fix please , let me know if the Japanese adds are gone, let me know about IObit , run a new scan with FRST and post that log please

[kunash]

hi  thanks for reply

 

no worries about the delay.  i can wait as long as it takes

 

oibit is no longer on my computer.   

 

to confirm

 

copy and paste what you have quoted into a notepad and saveas to desktop named as fixlist.txt.  - once on desktop the name only shows as fixlist

 

frst64 is the program - this is on my desktop

 

frst is in notepad form on the desktop

 

i will now run scan

 

 

[kunash]

here is the new frst log

Attached Files

•  FRST.txt   67.47KB   188 downloads

[kunash]

I have deleted from the desktop fix

 

I will now run the program frst64

[kunash]

here is the latest frst log

 

 FRST.txt   67.4KB   193 downloads

[kunash]

i have rebooted and sadly the pop up is still there

[ken545]

My bad, we have 100s of tools at our disposal for removing malware that I have been using for years, FRST is fairly new and my instructions for the fix was not correct

 

Look on your desktop for the fixlist.txt file you created and delete it, You should still have FRST/64 on your desktop

 

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Attached Files

•  fixlist.txt   1.17KB   224 downloads

[kunash]

hi Ken

 

thanks for your latest reply.  I will try that.  I wont be around now until sunday, apologies.    I will post here on sunday

 

thank you

 

 

[ken545]

OK, thanks for letting me know.  I will keep this thread open for you until you return

[ken545]

The tool has been upgraded so we can do more with it, what I would like you to do is if you have downloaded the attached fixlist in my previous post to your desktop then delete it and I created a new one for you to use

 

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

 

Attached Files

•  fixlist.txt   1.17KB   205 downloads

[kunash]

hi thanks for reply.    I downloaded  your file,  but ermm sorry not sure if I first downloaded the 1st reply or 2nd.   anyway, I have attached both fix logs.    ( I downloaded both attachments and have posted both replies )

 

fixlog  2 shows something has been  deleted.  I will reboot

Attached Files

•  Fixlog.txt   2.42KB   179 downloads
•  Fixlog (2).txt   2.43KB   187 downloads

Edited by kunash, 22 June 2014 - 07:09 AM.

[kunash]

sadly it is still there.   I am surprised this pop up is so malicious.  why do they make these pop ups like this - they are so annoying.

[ken545]

The second fix log shows that those values where deleted , run a new scan with FRST and post the new log please

[kunash]

tried again making sure I downloaded the correct fixlist and most recent frst file