[skelly34]

Hello I am sorry to bother everyone but I have a very nasty virus/malware/rootkit problem I have tried for 3 or 4 days to remove this infection but I cannot download and run most antivirus spyware or malware removal application and the ones that it will allow to run cannot remove this virus.  I have done a system restore, ran the window malicious software tool, I cannot run any MacAfee or Norton product I cannot run Malwarebytes even with the standalone rootkit remover I am completely dejected at this point as this has been an all consuming situation especially seeing that I am not very computer savvy or competent can someone please help me??

Attached Files

•  FRST.txt   811.74KB   773 downloads
•  Addition.txt   31.85KB   669 downloads

[Advertisements]

Hi Skelly34,

Welcome to GeeksToGo!

Please follow the instructions below:

Malwarebytes Anti-Rootkit (MBAR)

• Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
• Right-Click MBAR.exe and select Run as administrator to run the installer.
• Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
• Click Next, followed by Update. Upon update completion, click Next.
• Ensure Drivers, Sectors & System are checked and click Scan.
• Note: Do not use your computer during the scan.
• Upon completion:
  • If no infection is found, close the MBAR window.
  • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
• Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

The above should clean up the initial infection. This infection leaves quite a few remnants behind. When I return from work this evening we can pick up where we left off.

Donna

[DonnaB]

Hi Skelly34,

Welcome to GeeksToGo!

Please follow the instructions below:

Malwarebytes Anti-Rootkit (MBAR)

• Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
• Right-Click MBAR.exe and select Run as administrator to run the installer.
• Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
• Click Next, followed by Update. Upon update completion, click Next.
• Ensure Drivers, Sectors & System are checked and click Scan.
• Note: Do not use your computer during the scan.
• Upon completion:
  • If no infection is found, close the MBAR window.
  • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
• Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

The above should clean up the initial infection. This infection leaves quite a few remnants behind. When I return from work this evening we can pick up where we left off.

Donna

[skelly34]

​Donna you are a genius, cyber goddess, and my very favorite person!!!!

 

 

Attached Files

•  system-log.txt   28.31KB   585 downloads
•  mbar-log-2017-04-07 (13-18-36).txt   5.53KB   555 downloads

[DonnaB]

Aww shucks, skelly34. Thank you for the compliment. I am but one of a team of many that has been fighting this new beastly infection.

That was good timing, by the way. I just got home from work and logged in to check up on you. Perfect timing!!

Looks like MBAR did get the rootkit. I am going to have you follow the same instructions again that I posted above just to see if anything was overlooked on the first run. Please post the mbar-log that it produces the second time around.

Once that is complete:

I am going to have you run JRT to see if there are any remnants left over, then we'll grab a fresh set of FRST logs as well.

Junkware Removal Tool (JRT)

• Download Junkware Removal Tool (JRT) and move it to your Desktop;
• Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Press on any key to launch the scan and let it complete;
  
  Credits : BleepingComputer.com
• Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

Next:

Farbar Recovery Scan Tool (FRST) - Scan mode

• Right click on FRST.exe and select Run as Administrator
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
• Click on the Scan button;
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
• Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

[skelly34]

​HI Donna I am sorry it took me so long to provide these scans!!

Attached Files

•  mbar-log-2017-04-07 (17-58-49).txt   2.21KB   507 downloads
•  Addition.txt   31.59KB   633 downloads
•  JRT.txt   554bytes   549 downloads
•  FRST.txt   811.03KB   561 downloads

[DonnaB]

Hi Skelly34,

No need to apologize.

Looks like MBAR cleaned you up pretty good there.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[skelly34]

​I hoped all of these viruses were gone but I thought I saw Malewarebytes say that it found 56 infections I hope I was wrong about that.

 

 

# AdwCleaner v6.045 - Logfile created 07/04/2017 at 22:15:08
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-06.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Sean - LAPTOP-NMPDR74D
# Running from : C:\Users\Sean\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[-] Service deleted: scan

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Sean\.proxycheck
[-] Folder deleted: C:\Users\Sean\.AnonymizerLauncher
[-] Folder deleted: C:\Users\Sean\AppData\Local\AnonymizerLauncher
[-] Folder deleted: C:\Users\Sean\AppData\Local\llssoft
[-] Folder deleted: C:\Users\Sean\AppData\Roaming\ParetoLogic
[#] Folder deleted on reboot: C:\Users\Sean\AppData\Roaming\PARETOLOGIC
[-] Folder deleted: C:\ProgramData\ParetoLogic
[-] Folder deleted: C:\ProgramData\SlimWare Utilities, Inc
[#] Folder deleted on reboot: C:\ProgramData\PARETOLOGIC
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities, Inc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PARETOLOGIC
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: C:\Program Files (x86)\S5
[-] Folder deleted: C:\Program Files (x86)\SlimCleaner
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Users\Sean\AppData\Roaming\AGData
[-] Folder deleted: C:\quardata

***** [ Files ] *****

[-] File deleted: C:\Users\Sean\AppData\Local\uninstallro.exe
[#] File deleted: C:\Users\Sean\AppData\Local\uninstallro.exe

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001\Software\csastats
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\csastats
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0187837F-FA61-437D-9647-EE1E86233276}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\ParetoLogic
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5148 Bytes] - [07/04/2017 22:15:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [4837 Bytes] - [07/04/2017 22:12:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5294 Bytes] ##########

[DonnaB]

Good morning Skelly34,

How is your computer behaving now?

AdwCleaner removed quite a bit, helping to trim down some of the stuff I was going to include in my script fix for FRST.
 

​I hoped all of these viruses were gone but I thought I saw Malwarebytes say that it found 56 infections I hope I was wrong about that.

We used Malwarebytes Anti-Rootkit above. The first scan removed a huge amount of the infection. The second scan found only one trojan. Now I am going to have you download the following version of Malwarebytes to see what, if anything it finds.

Scan with Malwarebytes

Please note: If you already have Malwarebytes Anti-Malware installed, do not download it again. Skip to the next line.

• Download Malwarebytes Anti-Malware by clicking here.
• Start the program and select Update
• Once it has updated select Settings > Detection and Protection
• Tick Scan for rootkits

• Go back to the Dashboard and select Scan Now

• If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

• On completion of the scan (or after the reboot), start MBAM,
• Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.
• Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.

Next:

One more set of FRST/Addition logs to see what is left to remove.

• Right click on the FRST.exe and choose Run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Under Optional Scan place a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
• Press Scan button.
• Please post both logs directly into your next reply.

[skelly34]

​I hope every thing is okay now??

 

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/8/17
Scan Time: 5:10 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1686
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LAPTOP-NMPDR74D\Sean

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387323
Time Elapsed: 13 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

 

 

Attached Files

•  FRST.txt   808.27KB   604 downloads
•  Addition.txt   32.01KB   756 downloads

[DonnaB]

Hi Skelly34,

Sorry for the delay.

Please go to your Control Panel > Programs and Features and uninstall the following two programs:

Digital Care Solutions
Trojan Remover

I have a feeling they were downloaded and installed in your time of desperation. The Malwarebytes version 3 that I had you download is a much better alternative. Make sure to keep MBAM 3.0 installed and run it often. If you feel safer, they do offer the Pro version that runs in real time as a second layer of protection though there is a yearly subscription cost involved.

The developers of Malwarebytes recently released Malwarebytes v3.0 which is an antivirus replacement, as with all previous Pro versions the newly released Malwarebytes 3.0 was designed to support compatibility if you choose to use a third-party antivirus or other security software alongside Malwarebytes 3.0. Meaning, you can run McAfee along side MBAM V3.0 and they will not cause conflict as other multiple AV's will. You can read more about that here if you like.
 

​I hope every thing is okay now??

Yes. Every thing is shaping up very nicely. We do have a some loose ends to clean up.

After you uninstall the two programs that I mentioned above, please do as follows:

• Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
• Please copy the entire contents of the code box below, including the words start and end
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
• Save it to your desktop as fixlist.txt.
  
  

  start
  CloseProcesses:
  CreateRestorePoint:
  HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3656248 2017-03-02] (Simply Super Software)
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
  SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
  R3 gzflt; C:\Program Files\BDServices\gzflt.sys [161592 2017-03-15] (BitDefender LLC)
  R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2017-03-15] (BitDefender S.R.L.)
  2017-03-29 14:49 - 2017-04-07 13:31 - 00000000 ____D C:\Users\Sean\AppData\Local\drutkycvq
  2017-03-29 14:49 - 2017-03-30 17:25 - 00000000 ____D C:\Users\Sean\AppData\Local\lpzahjqu
  2017-03-29 14:49 - 2017-03-29 14:49 - 00000000 ____D C:\Users\Sean\AppData\Roaming\c
  2017-03-29 14:49 - 2017-03-29 14:49 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
  2017-03-29 14:49 - 2017-03-29 14:49 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
  2017-03-16 11:43 - 2017-03-16 11:43 - 40622592 _____ () C:\Program Files (x86)\Digital Care Solutions
  2017-04-05 23:37 - 2017-04-06 01:09 - 00002303 _____ C:\Users\Sean\Desktop\Digital Care.lnk
  2017-04-05 23:37 - 2017-04-05 23:38 - 00000584 _____ C:\WINDOWS\Tasks\Digital Care Startup.job
  2017-04-05 23:37 - 2017-04-05 23:37 - 00003148 _____ C:\WINDOWS\System32\Tasks\Digital Care Startup
  2017-04-05 23:37 - 2017-04-05 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Care Solutions
  2017-04-05 23:35 - 2017-04-05 23:35 - 00000000 ____D C:\ProgramData\Digital Care Solutions
  2017-04-05 23:24 - 2017-04-05 23:24 - 00000000 ____D C:\Users\Sean\AppData\Local\DBG
  2017-04-05 23:21 - 2017-04-06 15:41 - 00042362 _____ C:\WINDOWS\system32\bddel.dat
  2017-04-05 23:03 - 2017-04-06 04:12 - 00000000 ____D C:\Program Files\BDServices
  2017-04-04 04:25 - 2017-04-06 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
  2017-04-04 04:25 - 2017-04-04 04:25 - 00000000 ____D C:\Users\Sean\Documents\Simply Super Software
  2017-04-04 04:25 - 2017-04-04 04:25 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Simply Super Software
  2017-04-04 04:25 - 2017-04-04 04:25 - 00000000 ____D C:\ProgramData\Simply Super Software
  2017-04-04 04:24 - 2017-04-06 01:53 - 64936608 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup695.exe
  2017-04-04 04:23 - 2017-04-04 04:24 - 01884832 _____ ( ) C:\Users\Sean\Downloads\Trojan_Remover_6.9.5.exe
  C:\Program Files (x86)\Trojan Remover
  Task: {8F984A00-2F47-439A-9931-CE754DB28AA9} - System32\Tasks\Digital Care Startup => C:\Program Files (x86)\Digital Care Solutions\Digital Care\DC_Launcher.exe [2017-03-16] (Digital Care Solutions)
  Task: C:\WINDOWS\Tasks\Digital Care Startup.job => C:\Program Files (x86)\Digital Care Solutions\Digital Care\DC_Launcher.exe
  BootExecute: autocheck autochk * bddel.exe
  AlternateDataStreams: C:\WINDOWS\system32\Drivers\nfntibvj.sys:changelist [448]
  Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
  Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state Off
  CMD: ipconfig /flushdns
  Emptytemp:
  end
  

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.

In your next reply, please post the following:

• fixlog.txt
• How is the computer behaving now?

[skelly34]

Hi Donna my computer is working great I was thinking of doing a factory reset so that all 3rd party apps and unecessary adware would be removed off of my computer what is your opinion on that??

Attached Files

•  Fixlog.txt   8.37KB   686 downloads

[DonnaB]

Hi Skelly34,

Woo Hoo! Excellent news! So glad your computer is behaving much better..
 

I was thinking of doing a factory reset so that all 3rd party apps and unnecessary adware would be removed off of my computer what is your opinion on that??

My opinion? Totally unnecessary! Only time I would suggest resetting a computer back to factory is as a last resort. I can introduce you to a program that you can use that will audit your system and will display which programs that you can choose from that can be safely uninstalled without effecting the performance of your computer. Some of the scans I had you run cleansed any adware so you should be good to go in that department.

Before I remove the tools used and provide a couple of safety tips to prevent this from happening again, let's perform one more overall scan to ensure nothing is lurking in the shadows.

Please do as follow:

Emisoft Emergency Kit

• Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
• Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
• After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
• Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;

• If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
• After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
• This time, click on Logs;
• From there, go under the Quarantine Log tab, and click on the Export button;

• Save the log on your desktop, then open it, and copy/paste its content in your next reply;

[skelly34]

hip hip hooray no potentially unwanted files or malware detected Donna thank you thank you thank you thank you and thank you AGAIN!!!!!!

[DonnaB]

Excellent! Let's remove the tools we used.

Tool Removal with Delfix and Creation of a clean restore point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  • Reset System Settings
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

• You can uninstall Emisoft Emergency Kit at this time.
• I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

In the meantime, I will prepare a closing post that includes information concerning some safety tips a couple of programs that I recommend and that program that will audit your system so you can choose which programs can be safely uninstalled.

If you have any questions or concerns, don't hesitate to ask.

[skelly34]

Donna you are so nice and smart how come you were the only person on the internet that new how to solve my problem??  Microsoft nor Mcafee had absolutely now clue

 

 

 

# DelFix v1.010 - Logfile created 09/04/2017 at 05:36:51
# Updated 26/04/2015 by Xplode
# Username : Sean - LAPTOP-NMPDR74D
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sean\Desktop\mbar
Deleted : C:\Users\Sean\Desktop\Addition.txt
Deleted : C:\Users\Sean\Desktop\adwcleaner_6.045.exe
Deleted : C:\Users\Sean\Desktop\Fixlog.txt
Deleted : C:\Users\Sean\Desktop\FRST.txt
Deleted : C:\Users\Sean\Desktop\FRST64.exe
Deleted : C:\Users\Sean\Desktop\JRT.exe
Deleted : C:\Users\Sean\Desktop\JRT.txt
Deleted : C:\Users\Sean\Desktop\Rkill.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1 [Removed Dropbox 25 GB | 04/06/2017 05:21:58]
Deleted : RP #3 [4/6/17 | 04/06/2017 11:05:23]
Deleted : RP #6 [JRT Pre-Junkware Removal | 04/08/2017 01:37:50]
Deleted : RP #7 [JRT Pre-Junkware Removal | 04/08/2017 02:14:50]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########