Jump to content

Remaining Computer Infections


Recommended Posts

Hello. I am typing this from the computer that is infected. My brother had asked me if I could take a look at his computer and after going through it and using several programs to help diagnose and fix his computer I found that it was full of all sorts of unwanted programs and viruses. It looks like they were mainly from bad downloads and my brother doesn't seem to be able to say where they could have come from.

 

I am a new user of Emsisoft's anti-malware software myself and I very much like it so far. So without going to this forum my first step already was to plug in my flash drive that has Emsisoft's Emergency Kit on it to my brother's computer and run a scan with it. After scanning and deleting the viruses that showed up, I then ran some other programs to get some more opinions. I ran Malwarebytes Anti-Malware scanner, Adwcleaner, and TDSSKiller from Kaspersky. All programs showed different viruses and I did my best to look through them and quarantine/delete everything that showed up.

 

I also made sure to go through his computer and run force uninstalls on many programs that were all running on my brother's computer, most of which he didn't want on his computer in the first place. I made a few other minor tweaks including updating softwares and trying to get current with the Windows system updates. I believe there may be some more Windows updates that need installing. I think they were stopped from installing before for some reason, possibly because of viruses.

 

Now, after all of this there still seem to be virus issues going on with this computer. I decided to use this forum for your expertise since I am already an Emsisoft user and I cannot seem to fix the problem on my own. I have run the EEK scan and the Farbar scan and will post the logs here shortly. Before I do, I also wanted to make a note that there still seem to be several unwanted services/processes that are running on this system even after I thought I had stopped them from running and deleted them, one of which being the "csrss.exe" process that looks like it is not just part of the system, but instead a virus. Plus, I still get popups for websites and programs that should not be on this computer. I know there are more viruses so here are the scan logs that you need. Thank you in advance!

EEK scan 1.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Gordon,

 

Do the following:

 

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-572521112-3127046767-2044842528-1001] => Internet Explorer proxy is enabled.
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File not found
2015-08-06 13:39 - 2015-08-06 13:39 - 00000000 ____D C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}
2015-08-02 14:52 - 2015-08-08 02:52 - 00000000 ____D C:\Users\kennys\AppData\Local\mlbmvtatmelmbjb
2015-08-02 14:52 - 2015-08-02 14:52 - 00000000 ____D C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza
2015-08-02 14:52 - 2015-08-02 14:52 - 00000000 ____D C:\Users\kennys\AppData\Local\mkrmtzbtmejmltb
2015-08-01 23:06 - 2015-08-07 14:47 - 00000000 ____D C:\ProgramData\oEJRGDmFs
2015-08-01 00:20 - 2015-08-07 13:46 - 00001698 _____ C:\ProgramData\tempimage.bmp
2015-07-31 23:02 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\Umjbmyzbhmdrmntb
2015-07-31 23:01 - 2015-08-08 02:58 - 00000000 ____D C:\Program Files\Smmzmnta1mdjmzdb
2015-07-31 23:00 - 2015-08-06 13:37 - 00000000 ____D C:\Program Files\c91-a2-c09b
2015-07-31 22:58 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\8e85682a-172d-40b1-bc2a-681d25d452c7
2015-07-31 13:45 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\7af43c85-630a-4ced-8b56-816f28f8dbd9
2015-07-31 13:45 - 2015-08-07 11:00 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-30 17:08 - 2015-08-06 16:07 - 00000000 ____D C:\Users\kennys\AppData\Local\8341
2015-07-30 17:06 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\b84df010-f37c-46f9-b56a-c9ff8bc7e7a8
2015-07-30 17:06 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\3cab4452-67bb-4f8c-8e5f-30db06f1c745
2015-07-30 17:00 - 2015-07-30 17:00 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-12 17:22 - 2015-05-12 17:22 - 0099678 _____ () C:\Program Files\tunepro138x138.ico
2015-06-23 13:41 - 2015-07-19 00:33 - 0000020 _____ () C:\Users\kennys\AppData\Roaming\appdataFr2.bin
2015-07-16 06:19 - 2015-07-31 13:45 - 0000024 _____ () C:\Users\kennys\AppData\Roaming\appdataFr25.bin
2015-08-01 00:20 - 2015-08-07 13:46 - 0001698 _____ () C:\ProgramData\tempimage.bmp
C:\Users\kennys\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\ProgramData\{ea573fb2-2126-eefb-ea57-73fb2212fec8}\J. Stalin & The Worlds Freshest - Never Be Realer Then Me ft. Vellquan (Real World 4) [New 2015].exe
C:\ProgramData\{ea573fb2-2126-eefb-ea57-73fb2212fec8}
C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza\mkxmbzbvmg5mcza.exe
C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza
C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}\OffersWizard.exe
C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
Task: {36434B65-BE46-46D5-86E5-73663DDF8A6C} - \WindApp Update -> No File <==== ATTENTION
Task: {51BADCD5-BF93-4E96-B02B-E2EFE1E79630} - \Selection Tools Update -> No File <==== ATTENTION
Task: {5F5984E8-E18D-458B-8701-9B3C3E822581} - \SushiLeads -> No File <==== ATTENTION
Task: {7E575DA6-DC53-4899-9099-4C609EB23B4E} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {9CDA93C2-8087-466B-BD79-A588A6427C54} - \Microsoft\Windows\Maintenance\Web Tool Updater -> No File <==== ATTENTION
Task: {B6730515-9E14-44CD-B453-9F7079F2D73D} - \SMWUpd -> No File <==== ATTENTION
Task: {D37CFF2D-3B9B-421C-9A33-3A682F526859} - \Elazt -> No File <==== ATTENTION
Task: {FE52C30C-8366-4321-9589-222A25D1143A} - \Web Tool Runner -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.
Link to post
Share on other sites

I seem to be having issues posting right now. I will check back at another time. When I click "add reply" I get a blank page and then it asks me to "resend" the page which is where I think the duplicate messages came from. I cannot seem to add the attachment so I will try to copy it straight to this post. Let's try again....

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:13-08-2015
Ran by kennys (2015-08-14 16:43:00) Run:1
Running from C:\Users\kennys\Desktop
Loaded Profiles: kennys (Available Profiles: kennys)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [s-1-5-21-572521112-3127046767-2044842528-1001] => Internet Explorer proxy is enabled.
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File not found
2015-08-06 13:39 - 2015-08-06 13:39 - 00000000 ____D C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}
2015-08-02 14:52 - 2015-08-08 02:52 - 00000000 ____D C:\Users\kennys\AppData\Local\mlbmvtatmelmbjb
2015-08-02 14:52 - 2015-08-02 14:52 - 00000000 ____D C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza
2015-08-02 14:52 - 2015-08-02 14:52 - 00000000 ____D C:\Users\kennys\AppData\Local\mkrmtzbtmejmltb
2015-08-01 23:06 - 2015-08-07 14:47 - 00000000 ____D C:\ProgramData\oEJRGDmFs
2015-08-01 00:20 - 2015-08-07 13:46 - 00001698 _____ C:\ProgramData\tempimage.bmp
2015-07-31 23:02 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\Umjbmyzbhmdrmntb
2015-07-31 23:01 - 2015-08-08 02:58 - 00000000 ____D C:\Program Files\Smmzmnta1mdjmzdb
2015-07-31 23:00 - 2015-08-06 13:37 - 00000000 ____D C:\Program Files\c91-a2-c09b
2015-07-31 22:58 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\8e85682a-172d-40b1-bc2a-681d25d452c7
2015-07-31 13:45 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\7af43c85-630a-4ced-8b56-816f28f8dbd9
2015-07-31 13:45 - 2015-08-07 11:00 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-30 17:08 - 2015-08-06 16:07 - 00000000 ____D C:\Users\kennys\AppData\Local\8341
2015-07-30 17:06 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\b84df010-f37c-46f9-b56a-c9ff8bc7e7a8
2015-07-30 17:06 - 2015-08-08 02:52 - 00000000 ____D C:\Program Files\3cab4452-67bb-4f8c-8e5f-30db06f1c745
2015-07-30 17:00 - 2015-07-30 17:00 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-12 17:22 - 2015-05-12 17:22 - 0099678 _____ () C:\Program Files\tunepro138x138.ico
2015-06-23 13:41 - 2015-07-19 00:33 - 0000020 _____ () C:\Users\kennys\AppData\Roaming\appdataFr2.bin
2015-07-16 06:19 - 2015-07-31 13:45 - 0000024 _____ () C:\Users\kennys\AppData\Roaming\appdataFr25.bin
2015-08-01 00:20 - 2015-08-07 13:46 - 0001698 _____ () C:\ProgramData\tempimage.bmp
C:\Users\kennys\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\ProgramData\{ea573fb2-2126-eefb-ea57-73fb2212fec8}\J. Stalin & The Worlds Freshest - Never Be Realer Then Me ft. Vellquan (Real World 4) [New 2015].exe
C:\ProgramData\{ea573fb2-2126-eefb-ea57-73fb2212fec8}
C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza\mkxmbzbvmg5mcza.exe
C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza
C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}\OffersWizard.exe
C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\kennys\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
Task: {36434B65-BE46-46D5-86E5-73663DDF8A6C} - \WindApp Update -> No File <==== ATTENTION
Task: {51BADCD5-BF93-4E96-B02B-E2EFE1E79630} - \Selection Tools Update -> No File <==== ATTENTION
Task: {5F5984E8-E18D-458B-8701-9B3C3E822581} - \SushiLeads -> No File <==== ATTENTION
Task: {7E575DA6-DC53-4899-9099-4C609EB23B4E} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {9CDA93C2-8087-466B-BD79-A588A6427C54} - \Microsoft\Windows\Maintenance\Web Tool Updater -> No File <==== ATTENTION
Task: {B6730515-9E14-44CD-B453-9F7079F2D73D} - \SMWUpd -> No File <==== ATTENTION
Task: {D37CFF2D-3B9B-421C-9A33-3A682F526859} - \Elazt -> No File <==== ATTENTION
Task: {FE52C30C-8366-4321-9589-222A25D1143A} - \Web Tool Runner -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-572521112-3127046767-2044842528-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007" => key removed successfully.
C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2} => moved successfully.
C:\Users\kennys\AppData\Local\mlbmvtatmelmbjb => moved successfully.
C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza => moved successfully.
C:\Users\kennys\AppData\Local\mkrmtzbtmejmltb => moved successfully.
C:\ProgramData\oEJRGDmFs => moved successfully.
C:\ProgramData\tempimage.bmp => moved successfully.
C:\Program Files\Umjbmyzbhmdrmntb => moved successfully.
C:\Program Files\Smmzmnta1mdjmzdb => moved successfully.
C:\Program Files\c91-a2-c09b => moved successfully.
C:\Program Files\8e85682a-172d-40b1-bc2a-681d25d452c7 => moved successfully.
C:\Program Files\7af43c85-630a-4ced-8b56-816f28f8dbd9 => moved successfully.
C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\Users\kennys\AppData\Local\8341 => moved successfully.
C:\Program Files\b84df010-f37c-46f9-b56a-c9ff8bc7e7a8 => moved successfully.
C:\Program Files\3cab4452-67bb-4f8c-8e5f-30db06f1c745 => moved successfully.
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully.
C:\Program Files\tunepro138x138.ico => moved successfully.
C:\Users\kennys\AppData\Roaming\appdataFr2.bin => moved successfully.
C:\Users\kennys\AppData\Roaming\appdataFr25.bin => moved successfully.
"C:\ProgramData\tempimage.bmp" => File/Folder not found.
C:\Users\kennys\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully.
C:\ProgramData\{ea573fb2-2126-eefb-ea57-73fb2212fec8}\J. Stalin & The Worlds Freshest - Never Be Realer Then Me ft. Vellquan (Real World 4) [New 2015].exe => moved successfully.
C:\ProgramData\{ea573fb2-2126-eefb-ea57-73fb2212fec8} => moved successfully.
"C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza\mkxmbzbvmg5mcza.exe" => File/Folder not found.
"C:\Users\kennys\AppData\Local\mkxmbzbvmg5mcza" => File/Folder not found.
"C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}\OffersWizard.exe" => File/Folder not found.
"C:\Users\kennys\AppData\Local\{06EB6C4F-0F65-4B2C-A464-2B7D0662A0D2}" => File/Folder not found.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-572521112-3127046767-2044842528-1001_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36434B65-BE46-46D5-86E5-73663DDF8A6C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36434B65-BE46-46D5-86E5-73663DDF8A6C}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51BADCD5-BF93-4E96-B02B-E2EFE1E79630}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51BADCD5-BF93-4E96-B02B-E2EFE1E79630}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F5984E8-E18D-458B-8701-9B3C3E822581}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5984E8-E18D-458B-8701-9B3C3E822581}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E575DA6-DC53-4899-9099-4C609EB23B4E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E575DA6-DC53-4899-9099-4C609EB23B4E}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CDA93C2-8087-466B-BD79-A588A6427C54}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CDA93C2-8087-466B-BD79-A588A6427C54}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Web Tool Updater" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6730515-9E14-44CD-B453-9F7079F2D73D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6730515-9E14-44CD-B453-9F7079F2D73D}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D37CFF2D-3B9B-421C-9A33-3A682F526859}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D37CFF2D-3B9B-421C-9A33-3A682F526859}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Elazt => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE52C30C-8366-4321-9589-222A25D1143A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE52C30C-8366-4321-9589-222A25D1143A}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Web Tool Runner => key not found.
C:\ProgramData\TEMP => ":AD022376" ADS removed successfully..


The system needed a reboot.

==== End of Fixlog 16:43:06 ====

Edited by Gordon Brightstar
Link to post
Share on other sites

Gordon,

 

All logs are to be attached to posts.

 

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running?

Link to post
Share on other sites

Hello again. I apologize for pasting the log directly to the post, I was having issues posting it as an attachment. This computer that we are dealing with is still having issues, but I'll see if I can post correctly this time without duplicate posts and attachment issues. This computer seems to be running better, without as many slow downs due to the several issues it had before. However, there are at least three issues that are still going on that I can see, plus it still doesn't seem to be running quite as smoothly as it's hardware would indicate it should.

 

First, the Windows updates are failing. After shut down/power on it comes back and says that the system is reverting to an older setup because the Windows updates have failed. Secondly, I am getting several random pop-ups still, usually while browsing, and they usually open in separate tabs on the browser. It seems like they especially happen when I am clicking on parts of a page when I am surfing the internet or even typing this post. Sometimes the cursor changes, as well. Could this be some kind of "click" adware virus? And third, I haven't seen it the last couple times I have powered up this computer, but I have been seeing a window pop-up each time I log on to this computer that says something about "Gfxui has stopped working." I have not researched what this is yet but I thought I would mention that it was happening.

 

Other than those things, this computer is showing good signs of life again and I am not seeing all the unwanted programs from before that seemed to keep adding themselves to this computer (although I will say this - some of those unwanted programs are still showing in the program files, though they don't show up anymore in the uninstallers lists - could this be an issue?). I will try to attach the logs you requested again and see if it works this time. Also, FRST only created an "FRST.txt" log this time that I can see and did not create a new "Addition.txt" log. I could be wrong but I did not find it on my desktop. I will try and attach just the two logs from EEK and FRST.

 

Thank You

EEK scan 2.txt

FRST.txt

Link to post
Share on other sites

Please update the EEK signatures, and run a fresh scan. It is not possible to stop all pop ups as this is normal activity for some advertising scripts, and yes it is very annoying.

Attach the new EEK scan log to your reply. I will take a look at it a determine what should be done next.

Link to post
Share on other sites

As far as the pop ups are concerned, I am not sure how to describe them. It is not like a usual pop up that occurs every so often whenever you visit certain websites. I use Emsisoft Anti-Malware on my own system that is perfectly clean and I never experience the kind of pop ups that this computer has. These pop ups seem to randomly happen whenever I move the cursor around. It's happened four times just in the time I have been typing this response and I have no other software intentionally running that I know of. For example, sometimes when I move my cursor to a part of the text in this response that I need to retype, I click that area of text and a pop up tab will randomly open up with something completely unrelated to what I am doing. I understand that there are some (very) annoying pop ups that occasionally need to be there on certain websites but these pop ups do not seem normal at all. I had the same issues before I started cleaning up this computer. Anyway, if after all cleanup is done and these pop ups are still considered "normal" than I guess I'll have to deal with it, but I am thinking that there is still some hidden virus of some kind on this system that is affecting it this way.

 

Here is the newest EEK scan with the updated signatures that you asked for. Thanks again for your help.

 

-Nathaniel

EEK scan 3.txt

Link to post
Share on other sites

Gordon,

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

S4 3ec93cdd; "C:\Windows\system32\rundll32.exe" "c:\Program Files\CutterProc\CutterProc.dll",serv
S4 426ab601; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TrimEdit\TrimEdit.dll",serv
S4 OhMyCouponsService; C:\Program Files\c91-a2-c09b\OhMyCouponsService.exe [X]
S1 mmjmmzb2mhnmbdb; system32\drivers\mmjmmzb2mhnmbdb.sys [X]
2015-07-31 23:10 - 2015-07-31 23:10 - 00000045 _____ C:\user.js
Reg: reg delete "HKEY_USERS\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\WEBAPP" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\SOLID PROGRAM" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\APPDATALOW\SOFTWARE\SMARTWEB" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\SOLID PROGRAM" /f
C:\Users\kennys\AppData\Local\Installer\Install_15723\DCYTDownloader.exe
C:\Users\kennys\AppData\Local\Installer\Install_15723
Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites

It appears that this computer is close to being cleaned up now, though I did get a random pop up while using this forum (something called fix25??). If Emsisoft does not create browser pop ups than there is still a little bug somewhere in this system. However, like I said, for the most part this computer seems to be running just fine now (although Windows updates still keep failing - I don't know if this is necessarily a virus issue). I know you may want to try maybe one more fix from FRST just to be sure. Thanks again.

 

edit: yes, it appears that I am still getting random advertising pop ups on this system - just got one after posting this reply.

EEK scan 4.txt

FRST.txt

Edited by Gordon Brightstar
Link to post
Share on other sites

Gordon,

Do the following:

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.

    NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.

Download Junkware Removal Tool and save it on your desktop.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Link to post
Share on other sites

I have been hopeful that we are close to getting this computer totally cleaned up and I think we are, but there were still a couple of pop ups just while I was typing this post that came up and one was even deemed a bad website by the Adguard browser extension that this computer is using. Sometimes the cursor still randomly turns into a hand-pointer type cursor and if I click anywhere at all with that cursor a suspicious pop up will still happen. So I believe there to still be some issues, but it IS better than before. The computer is starting to run more smoothly, I think. However, like I said before, I don't know if this is a virus issue of some kind, but the Windows updates still are not working and the computer keeps saying that it is reverting to old update settings each time I turn it on. I ran the new scans you asked for and here they are. Thank you.

EEK scan 5.txt

FRST.txt

Link to post
Share on other sites

Gordon,

I am going to have you reset the TCP/IP stack, Winsock, and flush the DNS cache.

Close all windows

Do the following:

Start -> All Programs -> Accessories -> click "Command Prompt"

Click"OK" on any alerts.

The Command Console will open

Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.

ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh winsock reset catalog
netsh int ip reset reset.log
Exit
Restart your PC.

Next:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKLM\...\Firefox\Extensions: [{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}] - \distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
C:\Windows\system32\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}" /fA)
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-572521112-3127046767-2044842528-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f
Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

I followed your directions and when I typed the two lines  ipconfig /release  and  ipconfig /renew  it said something about "no operation can be performed on Local Area Connection while it has its media disconnected." Also, I needed to enter the "netsh..." lines as the administrator which I did (just restarted Command Prompt as Administrator). I also ran the FRST fix again with your fixlist.txt and I will attach the log to this reply. This computer was NOT my computer thankfully, nor would it have been since it was SO infected and I do thank you again for taking the time to help me through this process. This computer was seemingly almost unusable when it was given to me and now it is much better. I will keep you posted on how it is responding to your instructions.

Fixlog.txt

Link to post
Share on other sites

I am still having the same issue with many random pop ups and the Windows updates failing, although I would be happy to just get the pop up issue fixed and worry about the updates later. I can probably do a little research myself to look into why the updates may be failing on this computer. Anyway, here are the logs you requested.

EEK scan 6.txt

FRST.txt

Link to post
Share on other sites

Gordon,

Changing tools.

Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Attach the RogueKiller report to your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan
Link to post
Share on other sites

I downloaded and ran the RogueKiller program and I've also got the log, but I am now using my own computer to type this response. The reason is that the Emsisoft trial period ended on the computer we were working on and the pop ups have gotten very bad again. So before I go any further on that computer I need to get the computer secured again. I am sorry, but I will need a day or two to get the owner of the computer to get the paid version, which he has planned on doing anyway. Thank you for your patience. I will post the log from RogueKiller as soon as possible.

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...