SpyPal Notice Removal Help

Status
Not open for further replies.

mireshadhikari

New Member
Thread author
Feb 19, 2022
1
I was testing this software to control my kid and later I uninstalled the software. However there it its presence on top right corner of my desktop.
Please help me remove this.
As I went through other posts, I saw that FRST text file is required. I am attaching the FRST.txt as well as Addition.txt here.
Please help me get rid of this.
 

Attachments

  • Addition.txt
    40.8 KB · Views: 24
  • FRST.txt
    41.7 KB · Views: 23

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:
start

Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:

Comment: Items from the FRST.TXT log that will be removed from the Registry.

HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\MountPoints2: {7f01a22c-f69a-11e9-99ca-40a3ccc35b40} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\MountPoints2: {7f01a2ef-f69a-11e9-99ca-40a3ccc35b40} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\MountPoints2: {92d9047a-0171-11ea-99e1-40a3ccc35b40} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\MountPoints2: {aea775af-0eab-11ea-99fa-2cfda1acce11} - "F:\setup.exe"
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\MountPoints2: {bf9c099f-2231-11ea-9a25-2cfda1acce11} - "F:\Auto.exe"
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\MountPoints2: {f13d73a6-ee2c-11e9-99ba-806e6f6e6963} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File)
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
IFEO\DeviceCensus.exe: [Debugger] %windir%\System32\taskkill.exe
Startup: C:\Users\SharpY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK [2019-11-24]
ShortcutTarget: Registration Brothers In Arms.LNK -> F:\Support\Register\RegistrationReminder.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {3E0FD1CB-DB61-4E71-81D3-E7F4CDACE4E8} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (No File)
Task: {CCF871BD-3A8E-496E-8A47-78B7556A3F18} - System32\Tasks\Throttlestop => C:\Users\SharpY\Desktop\ThrottleStop_8.70.6\ThrottleStop.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\uvo5gnm5.default -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-03-14 07:08:37&bName=
FF NewTab: Mozilla\Firefox\Profiles\40rq236d.default-release-1578921558257 -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-03-14 07:08:37&bName=
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [No File]
CHR HomePage: Profile 2 -> hxxp://isearch.avg.com?cid=%7Be513f514-49f7-46d4-9c1a-7caf8453dc15%7D&mid=c1fe76ba965c47d0ab30d156503554c4-bf4ad5f10b937b8ff74ac030449e605ff1e15d18&ds=tt014&v=8.0.0.40.2&lang=en&pr=sa&d=2012-05-17%2023%3A15%3A37
CHR Extension: (Safe Torrent Scanner) - C:\Users\SharpY\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-02-15]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
U4 npcap_wifi; no ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

Comment: Items from the Addition.txt log that will be removed from the Registry.
AlternateDataStreams: C:\Users\SharpY\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\SharpY\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
HKLM\...\regfile\shell\open\command: "regedit.exe" "%1" <==== ATTENTION
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-03-14 07:08:37&bName=
IE trusted site: HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\StartupApproved\StartupFolder: => "SmartClock.lnk"
HKU\S-1-5-21-2347380136-2431973769-2924374052-1001\...\StartupApproved\Run: => "Web Companion"

Comment: TCP/IP Reset
CMD: netsh int ip reset
CMD: ipconfig /flushDNS

Comment: To rebuild the performance counter library values.
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"

Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp

Comment: The system will restart.
Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Farbar's Service Scanner utility
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are check marked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
<<<>>>

Please post the Fixlog.txt and the FSS.txt llgs

Let me know what problem persists.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top