Jump to content

Recommended Posts

Hello Pegzy and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if ther are any remaining issues or concerns....

Thank you,

Kevin....

 

 

fixlist.txt

Link to post
Share on other sites

---------------------------------------------------------------------------------------

Hi Kevin,

Thank you for your prompt assistance.Everything seems OK now. All steps completed. I have attached the Fixlog.txt and Malwarebytes Scan Results.txt files below.

 AdwCleaner removed 7 threats and Microsoft Malicious Software tool discovered no infections. Copies pasted below:

# AdwCleaner v6.046 - Logfile created 27/04/2017 at 11:19:07
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-25.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Customer - DESKTOP-D0COM6A
# Running from : C:\Users\Customer\Downloads\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Customer\AppData\Roaming\Enigma Software Group
[-] Folder deleted: C:\Program Files\Enigma Software Group


***** [ Files ] *****

[-] File deleted: C:\Users\Customer\Favorites\eBay.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\eBay.lnk


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: YCMServiceAgent


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1215 Bytes] - [27/04/2017 11:19:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [1456 Bytes] - [27/04/2017 11:17:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1361 Bytes] ##########
 

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.47, April 2017 (build 5.47.13703.0)
Started On Thu Apr 27 11:29:34 2017

Engine: 1.1.13601.0
Signatures: 1.239.313.0
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 27 11:33:33 2017


Return code: 0 (0x0)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Fixlog.txt

Scan Results.txt

Link to post
Share on other sites

Thank you for those logs, yes system should be back to normal now. The problem entry was removed with FRST, subsequent scans confirm your system is good to go. Continue with the following to clean up...

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.