Jump to content

Recommended Posts

Hello, weeks ago i've downloaded a malware by mistake and while I was able to remove most of the junk he created (2010 threats mostly PUP, adware, malware, and 2 rootkits)

One keeps coming back, almost weekly it's name is Adware.ELEX i've done everything! MalwareBytes scan,Junk tool removal multiple times, ADWCleaner,HitmanPro (Used separately and both in save and normal mode)

This little prick keeps coming back and its annoying, what i know is that it creates a folder in C:\ProgramFiles(x86)\Zirotrain\_ALLOWDEL_a62f915\Random DLLS and .exe called Snarer and more!

I've found more junk in my C:\ (DLLs that shouldhave been where I found them) and deleted them without a problem (they where 100% malwares not windows related) I also know that he keeps coming back by running the rundll.exe of Windows to it might be a dll hidden around my pc?

Please i just want to get rid of it!

Link to post
Share on other sites

Hello PlanetPurple and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

5 hours ago, kevinf80 said:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2017
Ran by Planet (administrator) on PLANET (02-06-2017 01:22:30)
Running from C:\Users\Planet\Desktop
Loaded Profiles: Planet (Available Profiles: Planet)
Platform: Windows 10 Pro Version 1511 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) D:\AMDriver\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) D:\AMDriver\CNext\CNext\amddvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Advanced Micro Devices, Inc.) D:\AMDriver\CNext\CNext\amdow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [912768 2017-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-01] (Valve Corporation)
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [291968 2015-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\Run: [DAEMON Tools Lite Automount] => D:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\Run: [AMDDVR] => D:\AMDriver\CNext\CNext\amddvr.exe [1367432 2017-03-16] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\Run: [Discord] => C:\Users\Planet\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\MountPoints2: {92256998-944e-11e5-826c-f07959609e64} - "H:\SETUP.EXE" 
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\...\MountPoints2: {cdbe3f54-9e71-11e5-8276-f07959609e64} - "H:\Setup.exe" 
HKU\S-1-5-18\...\Run: [script_fcbd] => "E:\Blood Dragon\Far Cry 3 Blood Dragon\fcbd.bat"
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Planet\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Planet\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Planet\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Planet\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Planet\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Planet\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
Startup: C:\Users\Planet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-04-02]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Planet\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0f500b89-22a0-44ea-8172-eb8129824d0f}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKU\S-1-5-21-1391749044-1163464371-2050450923-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Java\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Java\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Planet\AppData\Roaming\Mozilla\Firefox\Profiles\zju0u8x3.default-1488915876311 [2017-06-01]
FF Homepage: Mozilla\Firefox\Profiles\zju0u8x3.default-1488915876311 -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Adblock Plus) - C:\Users\Planet\AppData\Roaming\Mozilla\Firefox\Profiles\zju0u8x3.default-1488915876311\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> E:\Java\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> E:\Java\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-1391749044-1163464371-2050450923-1005: @nsroblox.roblox.com/launcher -> C:\Users\Planet\AppData\Local\Roblox\Versions\version-6da8969024ca4410\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1391749044-1163464371-2050450923-1005: @nsroblox.roblox.com/launcher64 -> C:\Users\Planet\AppData\Local\Roblox\Versions\version-6da8969024ca4410\\NPRobloxProxy64.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","hxxp://www.google.com/","hxxp://www.initialsite123.com/?z=e843228ec22a027879f165bgez7taz6cazam7c1z4c&from=fss&uid=ST31000528AS_9VP5AW3AXXXX9VP5AW3A&type=hp"
CHR Profile: C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-02]
CHR Extension: (Presentazioni Google) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-26]
CHR Extension: (HD for YouTube™) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2017-05-26]
CHR Extension: (Documenti Google) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-26]
CHR Extension: (Google Drive) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-05-26]
CHR Extension: (YouTube) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (Adblock Plus) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-05-26]
CHR Extension: (Fogli Google) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-26]
CHR Extension: (Rick and Morty Theme) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fephklcklapphnamkaobdjhbbfdpanod [2017-05-26]
CHR Extension: (Google Documenti offline) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-26]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-26]
CHR Extension: (Gmail) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Planet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1119712 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1520680 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
S3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 HasteUEService; C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe [1473832 2017-03-19] (Thalonet, Inc. (dba Haste))
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-10] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-28] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-13] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2015-12-13] (Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-04-05] (LogMeIn Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 SaiHFFB5; C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys [171144 2007-05-01] (Saitek)
S3 SaiIFFB5; C:\WINDOWS\system32\DRIVERS\SaiIFFB5.sys [20608 2007-05-01] (Saitek)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-02 01:22 - 2017-06-02 01:23 - 00018892 _____ C:\Users\Planet\Desktop\FRST.txt
2017-06-02 01:22 - 2017-06-02 01:22 - 02433536 _____ (Farbar) C:\Users\Planet\Desktop\FRST64.exe
2017-06-01 20:09 - 2017-06-01 20:59 - 00000000 ____D C:\Users\Planet\Desktop\idle_master
2017-06-01 20:09 - 2017-06-01 20:09 - 00000000 ____D C:\Users\Planet\AppData\Local\IdleMaster
2017-06-01 17:46 - 2017-06-02 01:22 - 00000000 ____D C:\FRST
2017-05-31 17:21 - 2017-05-31 17:21 - 00000000 ____D C:\Users\Planet\AppData\LocalLow\Bluster Light
2017-05-30 20:37 - 2017-05-30 20:37 - 00000066 _____ C:\Users\Planet\Desktop\Nuovo documento di testo.txt
2017-05-30 18:30 - 2017-05-30 18:30 - 00000000 ____D C:\Users\Planet\AppData\LocalLow\Random Seed Games
2017-05-29 20:13 - 2017-05-29 20:13 - 00000000 ____D C:\Users\Planet\.oracle_jre_usage
2017-05-29 17:50 - 2017-05-29 20:24 - 00000000 ____D C:\Users\Planet\AppData\Roaming\.minecraft
2017-05-28 14:14 - 2017-05-28 14:14 - 00000000 ____D C:\Users\Planet\AppData\Roaming\ATI
2017-05-28 14:14 - 2017-05-28 14:14 - 00000000 ____D C:\Users\Planet\AppData\Local\ATI
2017-05-28 14:14 - 2017-05-28 14:14 - 00000000 ____D C:\ProgramData\ATI
2017-05-27 23:11 - 2017-05-27 23:11 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-05-27 21:47 - 2017-05-27 21:47 - 00007605 _____ C:\Users\Planet\AppData\Local\Resmon.ResmonCfg
2017-05-27 21:34 - 2017-05-27 21:34 - 00000000 ____D C:\Users\Planet\Downloads\Video
2017-05-27 21:34 - 2017-05-27 21:34 - 00000000 ____D C:\Users\Planet\Downloads\Compressed
2017-05-27 21:33 - 2017-05-27 21:33 - 00000000 ____D C:\Users\Planet\AppData\Local\MegaDownloader
2017-05-26 22:19 - 2017-05-26 22:19 - 00020082 _____ C:\WINDOWS\system32\.crusader
2017-05-26 16:04 - 2017-05-28 18:15 - 00000000 ____D C:\UmbraDebug
2017-05-26 14:56 - 2017-05-26 14:56 - 00000000 ____D C:\Users\Planet\AppData\Roaming\Google
2017-05-26 14:55 - 2017-05-26 14:55 - 00000000 ____D C:\Users\Planet\AppData\Local\CEF
2017-05-26 14:25 - 2017-05-26 22:19 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-26 14:25 - 2017-05-26 14:25 - 00000000 ____D C:\Program Files\HitmanPro
2017-05-26 14:17 - 2017-05-26 14:17 - 00000000 ____D C:\Users\Planet\AppData\Local\PeerDistRepub
2017-05-26 14:14 - 2017-05-26 14:15 - 11584088 _____ (SurfRight B.V.) C:\Users\Planet\Desktop\hitmanpro_x64.exe
2017-05-26 14:13 - 2017-05-27 21:44 - 00000000 ____D C:\AdwCleaner
2017-05-26 14:12 - 2017-05-26 14:12 - 04110280 _____ C:\Users\Planet\Desktop\adwcleaner_6.047.exe
2017-05-26 14:12 - 2017-05-26 14:12 - 00000000 ____D C:\Users\Planet\AppData\Local\Comms
2017-05-26 14:08 - 2017-05-26 15:04 - 00000000 ____D C:\Users\Planet\AppData\Local\Google
2017-05-26 14:08 - 2017-05-26 14:09 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-26 14:06 - 2017-05-26 14:08 - 00000000 ____D C:\Users\Planet\AppData\Local\Deployment
2017-05-26 14:06 - 2017-05-26 14:06 - 00000000 ____D C:\Users\Planet\AppData\Local\Apps\2.0
2017-05-25 23:08 - 2017-05-26 14:36 - 00000541 _____ C:\Users\Planet\Desktop\JRT.txt
2017-05-25 22:34 - 2017-05-25 22:34 - 00002098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-25 22:34 - 2017-05-25 22:34 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-25 17:54 - 2016-10-17 17:35 - 00223464 ____N (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2017-05-24 19:36 - 2017-05-24 19:36 - 00000000 ____D C:\Users\Planet\AppData\LocalLow\SteelRaven7
2017-05-16 17:58 - 2017-05-16 17:58 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\49070EDB.sys
2017-05-16 17:42 - 2017-05-16 17:42 - 01663672 _____ (Malwarebytes) C:\Users\Planet\Desktop\JRT.exe
2017-05-12 20:38 - 2017-05-26 14:09 - 00002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 20:36 - 2017-05-26 14:08 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-12 20:36 - 2017-05-26 14:08 - 00003544 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-10 14:54 - 2017-05-28 11:31 - 00000000 ____D C:\Users\Planet\Desktop\RegistryFinder64
2017-05-10 14:16 - 2017-05-10 14:16 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3B9F0FA6.sys
2017-05-09 19:16 - 2017-05-24 13:59 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-09 18:42 - 2017-05-30 17:11 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-09 18:42 - 2017-05-19 18:32 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-09 18:42 - 2017-05-19 18:32 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-09 18:42 - 2017-05-19 18:32 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-09 18:42 - 2017-05-09 18:42 - 00001937 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-09 18:42 - 2017-05-09 18:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-09 18:42 - 2017-05-09 18:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-09 18:42 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-09 18:31 - 2017-05-09 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-09 18:31 - 2017-05-09 18:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-09 17:38 - 2017-05-09 17:38 - 00000000 _____ C:\autoexec.bat
2017-05-07 14:37 - 2017-05-07 14:37 - 00000000 ____D C:\Users\Planet\AppData\Local\Disc_Soft_Ltd
2017-05-07 12:44 - 2017-05-07 12:49 - 00000000 ____D C:\Users\Planet\AppData\Local\NieRAutomata
2017-05-07 12:44 - 2017-05-07 12:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Update
2017-05-07 09:47 - 2017-05-07 09:47 - 00003254 _____ C:\Users\Planet\Desktop\UtorrentTrackers.txt
2017-05-06 16:43 - 2017-05-06 16:43 - 00000000 ____D C:\Users\Planet\Documents\Eek
2017-05-06 16:43 - 2017-05-06 16:43 - 00000000 ____D C:\Users\Planet\AppData\LocalLow\Eek
2017-05-05 20:40 - 2017-05-05 20:48 - 00000000 ____D C:\Users\Planet\AppData\Local\Spaceship_Looter_Demo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-01 22:18 - 2016-06-17 17:05 - 00000000 ____D C:\Users\Planet\AppData\Roaming\vlc
2017-06-01 21:23 - 2015-12-06 10:06 - 00000000 ____D C:\Users\Planet\AppData\Roaming\Audacity
2017-06-01 19:29 - 2015-12-06 17:29 - 00000000 ____D C:\Users\Planet\AppData\Roaming\TS3Client
2017-06-01 17:44 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-01 17:44 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-30 20:30 - 2015-11-23 15:52 - 00000000 ____D C:\Users\Planet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-30 18:30 - 2017-04-22 17:28 - 00000000 ____D C:\Users\Planet\AppData\Roaming\SmartSteamEmu
2017-05-30 18:04 - 2015-11-23 15:32 - 00000000 ____D C:\Users\Planet\Documents\My Games
2017-05-30 17:09 - 2015-11-23 01:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-29 21:24 - 2017-01-11 22:00 - 00000000 ____D C:\Users\Planet\AppData\Local\Battle.net
2017-05-29 20:13 - 2015-11-23 01:02 - 00000000 ____D C:\Users\Planet
2017-05-28 22:22 - 2016-08-29 17:01 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-05-28 22:22 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-05-28 14:20 - 2016-03-13 21:27 - 00000000 ____D C:\Users\Planet\AppData\Roaming\discord
2017-05-28 13:51 - 2016-06-12 08:47 - 00000000 ____D C:\Users\Planet\Desktop\Giochi
2017-05-28 11:34 - 2015-12-13 09:54 - 00000000 ____D C:\Users\Planet\AppData\Roaming\DAEMON Tools Lite
2017-05-27 21:54 - 2016-05-27 09:21 - 00003640 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-05-27 14:18 - 2015-11-23 01:10 - 01836308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-27 14:18 - 2015-10-30 20:19 - 00813036 _____ C:\WINDOWS\system32\perfh010.dat
2017-05-27 14:18 - 2015-10-30 20:19 - 00152330 _____ C:\WINDOWS\system32\perfc010.dat
2017-05-27 14:18 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-05-26 23:00 - 2015-11-23 01:00 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-26 15:13 - 2015-11-22 18:24 - 00000000 ____D C:\Users\Planet\AppData\Local\Packages
2017-05-25 22:58 - 2016-11-07 18:51 - 00000000 ____D C:\Users\Planet\AppData\Roaming\TeamViewer
2017-05-25 21:43 - 2015-11-29 10:37 - 00000000 ____D C:\Users\Planet\AppData\Local\Ubisoft Game Launcher
2017-05-21 15:56 - 2017-03-21 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.5.2f1 (64-bit)
2017-05-18 07:41 - 2014-05-03 20:43 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-18 07:40 - 2016-06-12 08:48 - 00000000 ____D C:\Users\Planet\Desktop\Programmi
2017-05-16 20:04 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-05-16 16:40 - 2016-12-14 21:10 - 00001209 _____ C:\Users\Planet\Desktop\kronos.lnk
2017-05-12 20:12 - 2016-01-24 17:14 - 00000000 ____D C:\Users\Planet\AppData\Roaming\uTorrent
2017-05-10 19:57 - 2016-01-12 22:56 - 00000871 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-05-08 14:35 - 2016-01-04 14:10 - 00644648 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-05-04 14:14 - 2016-03-17 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== Files in the root of some directories =======

2017-05-27 21:47 - 2017-05-27 21:47 - 0007605 _____ () C:\Users\Planet\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-23 19:18

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Thanks for those logs, continue with the following;

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Next,

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop.

Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how

Right click on user posted image and select "Run as Administrator"

In the new Window accept the terms of service

user posted image

In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings"

user posted image

In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan"

user posted image

In the new Window new virus database signatures will download, Do Not Select Stop

user posted image

The Window will progress showing the scan in action....

user posted image

In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply...

user posted image

If threats are found the following Window will open:

user posted image

Click on "Select All" then "Save to Text file" name and save that file, attach to your reply.

Now select "Do not clean" and then close out....

let me see those logs in your reply...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

@echo off
del /f /s /q "C:\Windows\Installer\17c76e.msi"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: user posted image<--XP user posted image <--vista or windows 7/8/10
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
 
Let me know how your PC responds now, are there any remaining issues or concerns....?
 
Thank you,
 
Kevin
Link to post
Share on other sites

9 hours ago, kevinf80 said:

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.


@echo off
del /f /s /q "C:\Windows\Installer\17c76e.msi"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: user posted image<--XP user posted image <--vista or windows 7/8/10
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
 
Let me know how your PC responds now, are there any remaining issues or concerns....?
 
Thank you,
 
Kevin

HI, I did all of this but the cmd widows before closing statest "Acces denied" when trying to delete that file, I have admin privileges.

EDIT: I had to run it as Administrator to make it work, but how do i check if it was deleted?
I tried going into C:\Windows\Installer but that folder ("Installer") Doesnt seem to be existing.

Edited by PlanetPurple
Link to post
Share on other sites

1 hour ago, kevinf80 said:

Unless you get an error the file will have been deleted... How does your PC respond now, any issues or concerns..?

At the moment it doesnt have any type of problem but we should wait some days and see if the adware comes back, i will reply back in a few days if thats ok with any info on the issue !

Link to post
Share on other sites

Yes wait a couple of days and reply back when you`re ready, if the problem does not return continue as follows to clean up;

Delete the esetonlinescanner directory from the following location: %userprofile%\appdata\local\eset

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 2 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.