Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Press the + R on your keyboard at the same time. Type Notepad and click OK.
- Copy the entire content of the codebox below and paste into the Notepad document:
start CloseProcesses: HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION! AlternateDataStreams: C:\ProgramData\Temp:0B174FAE C:\Users\VIRGINIA\AppData\Local\Mobogenie S3 catchme; \??\C:\ComboFix\catchme.sys [X] GroupPolicyUsers\S-1-5-21-589063879-4051792814-2538650772-1001\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION EmptyTemp: end
- Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
Scan with Malwarebytes' Anti-Malware
Please re-run Malwarebytes' Anti-Malware.
- First of all, select update.
- Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
- Click the Scan tab, choose Threat Scan is checked and click Scan Now.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs and double-click the newest Scan Log.
- At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Scan with ESET Online Scanner
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.
If using Internet Explorer:
- Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
- Download esetsmartinstaller_enu.exe that you'll be given link to.
- Double click esetsmartinstaller_enu.exe.
To perform the scan:
- Make sure that Enable detecion of potentially unwanted applications is checked.
- In the Advanced Settings dropdown menu:
- Make sure that Remove found threats is unchecked.
- Scan archives is checked.
- Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Use custom proxy settings is unchecked.
- Click Start
- The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
- When completed, the program will begin to scan. This may take several hours. Please, be patient.
- Do not do anything on your machine as it may interrupt the scan.
- When the scan is done, click Finish.
- A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!