Instructed to get help!

[Birdi 0]

I just ran the scan and there were 2 files that would not let me delete. I came to forums as instructed, ran the emergency kit, then FBAR. Attached is the logs as instructed.

 

 

    Shortcut.txtAddition.txtFRST.txt

[Kevin Zoll 309]

Birdi,

I need the scan log from the Emergency Kit.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No File
2015-10-06 14:01 - 2015-10-22 18:33 - 00000000 ____D C:\Users\mike\AppData\Local\bvxvexvbg
2015-10-06 14:01 - 2015-10-06 14:01 - 00003494 _____ C:\WINDOWS\System32\Tasks\bvxvexvbg
2015-08-24 19:40 - 2015-08-24 19:40 - 00003264 _____ C:\WINDOWS\System32\Tasks\{A341ABB3-300A-47A5-AB13-F29E10320E84}
2015-08-03 17:40 - 2013-11-22 15:36 - 00254704 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SETBBA1.tmp
2015-10-03 14:28 - 2015-01-25 13:32 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-06-15 21:07 - 2014-06-15 21:07 - 0000000 _____ () C:\Users\mike\AppData\Local\{EB93857E-D833-4723-AC98-7729A6ABF2CA}
2015-08-12 19:10 - 2015-08-12 19:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-03 02:26 - 2013-04-03 02:26 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-04-03 02:21 - 2013-04-03 02:22 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-04-03 02:22 - 2013-04-03 02:24 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-04-03 02:21 - 2013-04-03 02:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-04-03 02:24 - 2013-04-03 02:26 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
C:\Users\mike\AppData\Local\Temp\BullGuard Internet Security Setup.exe
C:\Users\mike\AppData\Local\Temp\scp7125.tmp.exe
C:\Users\mike\AppData\Local\Temp\scp9C51.tmp.exe
Task: {07AA4161-DC1A-4ECD-9181-E98C4847439A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {388E703A-E572-4618-B3A0-F912369EA4C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {474BF959-1836-46D6-99FA-6CE4AFF47A5C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {72B45279-E8A3-4CDB-B2A8-67A4B6C78798} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {76D0F714-F911-4A7A-A075-E235E5368149} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8523D624-89F3-45B1-B000-7BC1E51101C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9729ECCB-9642-4BD4-9E2B-38B07E060226} - System32\Tasks\The weDownload Manager-codedownloader => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe <==== ATTENTION
Task: {9D40B51A-01A6-4D75-AB63-EEE389BDD448} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A4D4B440-5A84-4F7C-848D-6509C2E6AD21} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C08414CB-B25F-469C-BFDF-466E98D000C6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C5C78798-30AD-432B-AAB0-01EA8D2BB1C1} - System32\Tasks\The weDownload Manager-chromeinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: {CC8C2804-2D9E-4208-A65C-F6712C628891} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F1C1E893-1ABD-4344-BD07-DDDBB2732E36} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCDBF2AA-7F45-44A5-A278-09A510F1FF18} - System32\Tasks\The weDownload Manager-firefoxinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe <==== ATTENTION
Task: {FE081058-FCF1-4D97-9E53-F8BE8AA5F94C} - System32\Tasks\bvxvexvbg => C:\Users\mike\AppData\Local\bvxvexvbg\bvxvexvbg.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\The weDownload Manager-chromeinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\The weDownload Manager-codedownloader.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exeɉ/reinstallapp /runfrom=task /agentregpath='The weDownload Manager' /appid=49074 /srcid='000898' /subid='verticals-' /zdata='0' /bic=83DF8EE9B9C349698C613F848670170AIE /verifier=09bc9f72ebffb18d9a3f6d8abf376924 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1394305925 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/app-static.crossrider.com /defbro=ch /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\The weDownload Manager-firefoxinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exeи/installxpi /agentregpath='The weDownload Manager' /extensionfilepath C:\Program Files (x86)\The weDownload Manager\49074.xpi' /appid=49074 /srcid='000898' /subid='verticals-' /zdata='0' /bic=83DF8EE9B9C349698C613F848670170AIE /verifier=09bc9f72ebffb18d9a3f6d8abf376924 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1394305925 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /[email protected]c2e-a62b-e25e264651bb.com /extensionversion=0.93 /prefsbranch=ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49074.rdf /extensionname='The weDownload Manager' /extensiondesc='Enhance your search results with direct download links and information for apps and games.' /publishername='weDownload' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

[Birdi 0]

I tried to upload the emergency scan log as a word doc and it would not let me. No idea how to get to notepad?

[Birdi 0]

the scan log says :adware/generic 1329508 (B)  c:\windows\sysytem32\drivers\SPPD.sys

[Birdi 0]

Found the notepad and ran the tool, say it completed. I ran the scan tool after the fix and I am still getting the same results. Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02

Ran by mike (2015-10-25 18:01:58) Run:2

Running from C:\Users\mike\Desktop

Loaded Profiles: mike (Available Profiles: mike)

Boot Mode: Normal

[Kevin Zoll 309]

Word documents are not an allowed file type for attachments.  Every log I ask you for is a plain text log with either a .log or .txt file extension.

 

Please follow the last set of instructions I sent.

[Kevin Zoll 309]

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.