Kevin Zoll

Emsisoft Employee
  • Content count

    17470
  • Joined

  • Last visited

  • Days Won

    147

Kevin Zoll last won the day on March 23

Kevin Zoll had the most liked content!

Community Reputation

266 Excellent

5 Followers

About Kevin Zoll

  • Rank
    Malware Removal Support
  • Birthday 04. Dec 1960

Contact Methods

  • Website URL
    http://www.malwareteks.com/

Profile Information

  • Gender
    Male
  • Location
    Depauville, NY, USA
  • Interests
    Computer Security, Malware Research, Malware Removal, Computer Programming, Website Design

Recent Profile Visitors

156611 profile views
  1. Antares, Copy the lines of code in the code box only. You copied and pasted the entire post to fixlist.tx, that is going to fail and could quite possibly result in an undesired outcome.
  2. Do the FRST fix and the runAdwClear and JRT.
  3. Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  4. All our software is Windows 10 Compatible. Yes, Windows 10 comes with Windows Defender, Microsoft's anti-malware program. However, it does not provide the level of protection most third party AVs do. Though ByteFence is a legitimate AV company, their AV often gets bundled with other software and is installed along with the program you downloaded.
  5. Do the following: Download AdwCleaner and save it on your desktop. Close all open programs and Internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer. Download Junkware Removal Tool and save it on your desktop. Run the tool by double-clicking it. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. CloseProcesses: () C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe () C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe HKLM-x32\...\Run: [cpx] => "C:\Users\Great Turtle\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] () HKU\S-1-5-21-2847586871-285742337-784558086-1001\...\Run: [peidso] => rundll32.exe "C:\Users\Great Turtle\AppData\Local\peidso.dll",peidso <===== ATTENTION HKU\S-1-5-21-2847586871-285742337-784558086-1001\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Great Turtle\AppData\Roaming\Microsoft\Protect\fd6963a1-125a-4406-9e2f-d0a50489cd51.rs" <===== ATTENTION HKU\S-1-5-21-2847586871-285742337-784558086-1001\...\Run: [Spoutly.exe] => C:\Program Files (x86)\Spoutly\SpoutlyLauncher.exe <===== ATTENTION HKU\S-1-5-21-2847586871-285742337-784558086-1001\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Great Turtle\AppData\Roaming\Microsoft\Protect\fd6963a1-125a-4406-9e2f-d0a50489cd51.rs" <===== ATTENTION HKU\S-1-5-21-2847586871-285742337-784558086-1001\...\MountPoints2: {49109181-040d-11e7-971a-141877cb02f8} - "E:\LaunchU3.exe" -a HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Great Turtle\AppData\Roaming\Microsoft\Protect\fd6963a1-125a-4406-9e2f-d0a50489cd51.rs" <===== ATTENTION HKU\S-1-5-18\...\Run: [] => [X] HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Great Turtle\AppData\Roaming\Microsoft\Protect\fd6963a1-125a-4406-9e2f-d0a50489cd51.rs" <===== ATTENTION SearchScopes: HKU\S-1-5-21-2847586871-285742337-784558086-1001 -> DefaultScope {A34D5335-6CB4-4AA0-8F41-B9A86B54FB23} URL = SearchScopes: HKU\S-1-5-21-2847586871-285742337-784558086-1001 -> {A34D5335-6CB4-4AA0-8F41-B9A86B54FB23} URL = R2 Dataup; C:\Users\Great Turtle\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 windowsmanagementservice; "C:\Users\Great Turtle\AppData\Local\obgrolcd\ct.exe" /svc [X] <==== ATTENTION R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION 2017-04-15 20:53 - 2017-04-16 01:57 - 00000000 ____D C:\Users\Great Turtle\AppData\Local\ntuserlitelist 2017-04-15 20:41 - 2017-04-16 23:38 - 00000000 ____D C:\Users\Great Turtle\AppData\Local\obgrolcd 2017-04-15 20:41 - 2017-04-15 20:41 - 00000000 ____D C:\Users\Great Turtle\AppData\Local\vajiquox 2017-03-24 16:22 - 2017-03-24 16:22 - 00000000 __HDC C:\ProgramData\{042448DA-1440-41DE-BC4B-7C215005F4ED} 2017-04-15 20:39 - 2017-04-15 20:39 - 0011568 _____ () C:\Users\Great Turtle\AppData\Roaming\InstallationConfiguration.xml 2017-04-15 20:39 - 2017-04-15 20:39 - 0140288 _____ () C:\Users\Great Turtle\AppData\Roaming\Installer.dat 2017-04-15 20:36 - 2017-04-15 20:36 - 0014336 _____ () C:\Users\Great Turtle\AppData\Local\peidso.dll 2017-04-15 20:36 - 2017-04-15 20:36 - 0002048 _____ () C:\Users\Great Turtle\AppData\Local\uninstallro.exe 2016-12-10 22:39 - 2016-12-10 22:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-12-24 14:00 - 2016-12-24 14:00 - 0000016 _____ () C:\ProgramData\mntemp 2016-12-24 14:00 - 2016-12-24 14:00 - 0004156 _____ () C:\ProgramData\nakuvtjg.ewu 2017-02-11 17:01 - 2017-02-11 17:01 - 0000032 _____ () C:\ProgramData\Temp.log 2016-04-25 16:20 - 2016-04-25 16:21 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2016-04-25 16:25 - 2016-04-25 16:25 - 0000105 _____ () C:\ProgramData\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}.log 2016-04-25 16:24 - 2016-04-25 16:24 - 0000100 _____ () C:\ProgramData\{6BADCD73-E925-46F7-A295-FF2448632728}.log 2016-04-25 16:25 - 2016-04-25 16:25 - 0000098 _____ () C:\ProgramData\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}.log 2017-04-16 07:07 - 2017-04-16 07:07 - 3516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Great Turtle\AppData\Local\Temp\esgsetup.exe 2017-04-15 20:35 - 2017-04-15 20:35 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\Great Turtle\AppData\Local\Temp\fox.exe Task: {08525713-2AAF-4318-851B-A61A0C28AC9A} - System32\Tasks\GEN => C:\Users\Great Turtle\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] ( ) <==== ATTENTION Task: {32A785A5-C12E-45F1-BE4A-7EB459027950} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION Task: {5B256BD2-0557-4108-A595-311614604FAA} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION Task: {688E99C8-E2D5-40B4-8F65-2D900A74AB9C} - System32\Tasks\PasswordBoss_Desktop_HealthChk_ANTARES_Great Turtle => C:\Program Files (x86)\PasswordBoss\PasswordBoss.exe <==== ATTENTION Task: {6C2F95D7-D45C-48FD-99A7-6833A5E619A5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION Task: {7C66C32F-612C-4F5F-BC47-E95585FF61AF} - System32\Tasks\PasswordBoss_Desktop_24h_ANTARES_Great Turtle => C:\Program Files (x86)\PasswordBoss\PasswordBoss.exe <==== ATTENTION Task: {936D6494-568D-42C3-B10E-74A1AE7DD7BA} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION Task: {A214170D-4DD2-452D-A25D-26D73C2C7AFF} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION Task: {A86754B1-2DEA-47AE-BAAB-422F7EAD5675} - System32\Tasks\PC Health Advisor Update => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION Task: {BC3920C8-30A3-44E4-A2D7-B1912D35D45D} - System32\Tasks\GEN_Interval => C:\Users\Great Turtle\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] ( ) <==== ATTENTION Task: {D03E5FBB-9C62-47F1-8FD5-E3A44668F934} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION Task: {F17118CD-4EDD-449B-BCC8-0FD1C472C916} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\PC Health Advisor Update.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION C:\Users\Great Turtle\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe C:\Users\Great Turtle\AppData\Local\ntuserlitelist C:\Users\Great Turtle\AppData\Local\vajiquox\qdcomsvc.exe C:\Users\Great Turtle\AppData\Local\vajiquox Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DATAUP" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DRMKPRO64" /f Reboot: Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  6. Hi, Restart the laptop to Safe Mode and try running FRST. If it runs successfully attached the FRST scan logs to your reply.
  7. Hello antares, Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you with fixing your problems. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. Take note of some guidelines for this support request: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Furthermore, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean." We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be attached to the reply. Set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Download to your Desktop: - Emsisoft Emergency Kit - Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system, if you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. Do not run anything in "Safe Mode," unless you are instructed to do so by the Malware Removal Specialist handling your case. Do not force Safe Mode. Instructions on How to Boot to "Safe Mode" can be found at: http://www.malwarete...kb/SafeMode.php Let's get started: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit Scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Create a new topic in our Help, my PC is infected! forum and attach the following logs to your post: Emsisoft Emergency Kit log (C:\EEK\Reports\) FRST.txt Addition.txt (NOTE: if you need to attach the logs to a reply to an existing topic, then you will need to use the More Reply Options button to the lower-right of where you type in your reply in order to see the controls for attaching files) The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.
  8. Rebecca, Most of our staff do not work on the weekends. Changing tools. Download RogueKiller from one of the following links and save it to your desktop: Link 1 Link 2 Close all programs and disconnect any USB or external drives before running the tool. Double-click RogueKiller.exe to run the tool (Vista/7/8/10 users: Right-click and select Run As Administrator). Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything! Attach the RogueKiller report to your next reply. The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex) The highest number of [X], is the most recent Scan
  9. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  10. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. CloseProcesses: Hosts: (Dashlane, Inc.) C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\Run: [Dashlane] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-03-17] (Dashlane, Inc.) HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\Run: [DashlanePlugin] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-03-17] () HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017170234550\...\Run: [Dashlane] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-03-17] (Dashlane, Inc.) HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017170234550\...\Run: [DashlanePlugin] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-03-17] () HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017170234550\...\MountPoints2: {afe88079-13d4-11e7-a743-b88a60a163c7} - "G:\Windows/AutoRun.exe" /autoinstall HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017170234550\...\MountPoints2: {f03f99c8-e9f6-11e6-a737-704d7b495897} - "F:\Setup.exe" HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017171916849\...\Run: [Dashlane] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-03-17] (Dashlane, Inc.) HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017171916849\...\Run: [DashlanePlugin] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-03-17] () HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017171916849\...\MountPoints2: {afe88079-13d4-11e7-a743-b88a60a163c7} - "G:\Windows/AutoRun.exe" /autoinstall HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017171916849\...\MountPoints2: {f03f99c8-e9f6-11e6-a737-704d7b495897} - "F:\Setup.exe" SearchScopes: HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017170234550 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112017171916849 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR NewTab: Profile 1 -> Active:"chrome-extension://ncdfeghkpohnalmpblddmnppfooljekh/core/newpage-pop.html" CHR Extension: (Dashlane Secure Password Manager) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-04-11] CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2017-01-18] R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-20] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-20] (Zemana Ltd.) 2017-04-10 02:22 - 2017-04-14 13:39 - 00719048 _____ C:\WINDOWS\ZAM.krnl.trace 2017-04-10 02:22 - 2017-04-14 13:39 - 00560977 _____ C:\WINDOWS\ZAM_Guard.krnl.trace Reboot: Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  11. Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  12. Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running.
  13. Unless you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin Download to your Desktop: - CCleaner Portable UnZip CCleaner Portable to a folder on your Desktop named CCleaner Run CCleaner Open the CCleaner Folder on your Desktop and double-click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit) Click "Options" and choose "Advanced" Uncheck "Only delete files in Windows Temp folders older than 24 hours" Then go back to "Cleaner" and click the "RunCleaner" button. Exit CCleaner. You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety 10 Sources of Malware Infections That should take care of everything. Safe Surfing!
  14. Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\MountPoints2: {afe88079-13d4-11e7-a743-b88a60a163c7} - "G:\Windows/AutoRun.exe" /autoinstall HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\MountPoints2: {f03f99c8-e9f6-11e6-a737-704d7b495897} - "F:\Setup.exe" HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\S-1-5-21-2453292216-1992557863-264388339-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] U3 aswMBR; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswMBR.sys [62728 2017-04-10] () [File not signed] <==== ATTENTION U3 aswVmm; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswVmm.sys [224896 2017-04-10] () <==== ATTENTION 2017-04-10 22:56 - 2017-04-10 22:57 - 10606960 _____ (Symantec Corporation) C:\Users\Rebecca Valentine\AppData\Local\Temp\nssSetup.exe Task: {D6E39F92-1A12-47DA-9784-4D7AFBE2F5DD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  15. EEK is free for personal use, commercial use requires a licence.