Pricechop adcoup removal please help
- Thread starter Docdemort
- Start date
- Apr 24, 2014
- 3,395
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Chrome installation is altered by malware. Reinstall is needed.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:
Task: {EB8047F3-EF9E-455C-9697-89813F993CCA} - System32\Tasks\PC_Booster-S-493389286 => c:\programdata\trusted publisher\pc_booster\PC_Booster.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC_Booster-S-493389286.job => c:\programdata\trusted publisher\pc_booster\PC_Booster.exe <==== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jp.hao123.com/?tn=opencd_pay_hp_ex01_hao123_jp
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M1ABB741E-4A90-4273-95ED-87F3657987C5&SearchSource=58&CUI=&UM=6&UP=SP46FB7A3B-5A63-43A4-9F46-9C2BB3633BC4&q={searchTerms}&SSPV=
BHO: NoeXTCoup -> {43b1044d-07ec-4166-840e-6c2d7cb9e5c3} -> C:\Program Files (x86)\NoeXTCoup\Xa6orDbgBg69n6.x64.dll ()
BHO: NNextCoupp -> {6a083792-bb84-44f8-9047-7c03645e89b7} -> C:\Program Files (x86)\NNextCoupp\hLtYMGzxjC8l6t.x64.dll ()
BHO-x32: NoeXTCoup -> {43b1044d-07ec-4166-840e-6c2d7cb9e5c3} -> C:\Program Files (x86)\NoeXTCoup\Xa6orDbgBg69n6.dll ()
BHO-x32: NNextCoupp -> {6a083792-bb84-44f8-9047-7c03645e89b7} -> C:\Program Files (x86)\NNextCoupp\hLtYMGzxjC8l6t.dll ()
C:\Program Files (x86)\NoeXTCoup
CHR Extension: (priceecchhoP) - C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\dffphdhepejijjkehhpcelnfjnkilhje [2014-08-06]
CHR Extension: (NextuCoup) - C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhokpeoncfcmifnknfdiopojmkdnkcp [2014-09-08]
CHR Extension: (NoeXTCoup) - C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoochkbipahmdgcnpcgiheieapmcfbb [2014-09-08]
CHR Extension: (NNextCoupp) - C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgddclcefijpfegkhjnjdekeohgejgdk [2014-09-08]
C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\dffphdhepejijjkehhpcelnfjnkilhje
C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhokpeoncfcmifnknfdiopojmkdnkcp
C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoochkbipahmdgcnpcgiheieapmcfbb
C:\Users\DocDemort\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgddclcefijpfegkhjnjdekeohgejgdk
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
EmptyTemp:NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Chrome installation is altered by malware. Reinstall is needed.
- Oct 31, 2014
- 6
i have applied the fix. the extensions did not re-appear in chrome. firefox also, has had them cleaned apparently. IE which i never use doesnt appear to be infected. If that is all, thank you so much for this help, really you saved my ass! you guys are A+ first class, and i will donate to your cause when i get paid. thank you so much! If there is more, I await your further instructions.
- Apr 24, 2014
- 3,395
Please download Malwarebytes Anti-Malware ver. 2.0 and install the application.
Double-click on mbam-setup.exe and follow the prompts to install the program. Upon installation, click Finish
Note: A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish..
On the first launch, you'll get an "Update" notification. Click the 'Update Now >>' link or button to complete update.
• Configure the scanner. On the Settings tab, Detection and Protection adjust the following options:
- subtab Detection Options, tick the box 'Scan for rootkits'.
- subtab Non-Malware Protection, for PUP detections, from 'Warn user abaut detecion' select 'Threat detections as malware'.
• Preform the Scan. Click on the Scan tab, then click on Scan Now >> for Threat Scan.
If an update is available, click the 'Update Now' button, then continue to Scan.
Note: only with some infections, you may see this message box 'Could not load DDA driver'
In this case, click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes.
• Post the logs. Click on the History tab > Application Logs. Double click on the Scan Log which shows the date and time of just performed scan.
- Click Export button at the bottom, and then select the 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type "mbam" (without quotes) for your scan log name and click Save.
- A message box "Your file has been successfully exported" should appear, click Ok and close the windows.
Please attach the exported/saved log named as mbam.txt to your next reply.
Double-click on mbam-setup.exe and follow the prompts to install the program. Upon installation, click Finish
Note: A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish..
On the first launch, you'll get an "Update" notification. Click the 'Update Now >>' link or button to complete update.
• Configure the scanner. On the Settings tab, Detection and Protection adjust the following options:
- subtab Detection Options, tick the box 'Scan for rootkits'.
- subtab Non-Malware Protection, for PUP detections, from 'Warn user abaut detecion' select 'Threat detections as malware'.
• Preform the Scan. Click on the Scan tab, then click on Scan Now >> for Threat Scan.
If an update is available, click the 'Update Now' button, then continue to Scan.
Note: only with some infections, you may see this message box 'Could not load DDA driver'
In this case, click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes.
• Post the logs. Click on the History tab > Application Logs. Double click on the Scan Log which shows the date and time of just performed scan.
- Click Export button at the bottom, and then select the 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type "mbam" (without quotes) for your scan log name and click Save.
- A message box "Your file has been successfully exported" should appear, click Ok and close the windows.
Please attach the exported/saved log named as mbam.txt to your next reply.
- Apr 24, 2014
- 3,395
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Similar threads
- Locked
