BleepingComputer.com: Trojan.Vundo.H, Trojan.Agent, Rogue.Adware Alert (according to MBAM)

Hello,

I have tried many different ways to remove the infections present on my computer.
I will provide a brief history:

I use firefox (latest version) and began receiving popups constantly. Websites such as facebook or google simply wouldn't load (the page would remain on "contacting www.google.ca ..." and never load anything). Closing firefox completely and restarting it resolved the problem for a few moments, but the popups and freezing would continue.

I tried several programs and methods. MBAM identifies many risks (quick and complete scans performed) and removes most at the time of the scan, with the rest requiring a restart, which is always performed. On restart, I receive a rundll error stating that the dll name (i.e. defarewo.dll or zapezade.dll) cannot be located.

I downloaded AVG and allowed it to scan as well. While active in my task bar, upon opening firefox, one or several trojans are identified and I allow AVG to "heal", "remove" or "delete" them (there are different options depending on what is identified). Regardless, once in firefox the popups continue.

I have also attempted several protocols suggested on this website. I have started the computer in safemode with the program that suspends explorer and winlogon (the protocol states to suspend rundll32 as well, but that file is not listed on the screen). I then ran vundofix, which failed to locate it on the computer. Still in safemode I ran MBAM and several things (registry keys and dll's) were identified and removed.

Once again, on restart and running firefox, pop ups return. There are two distinct types: One is a new window, not full screen, that advertises something (a game, a website etc). This window has no address bar or back/forward options. The other opens up in the same size as my current window, but doesn't load anything. The address bar is complicated and begins with an IP such as 70.82.etc. In the address bar is also a recent thing I have searched for at google. For example, if I searched "vundo removal" the window that opens up is blank, but in the address bar there is an IP, and some gibberish containing ...=vundo.removal//google etc (not exactly like that, but some what, I'm sorry I have nothing to copy atm).

I have also ran Ad aware, spybot, and several other programs as well.

I also ran the trendmicro housecall webpage, which again identified the trojans and claimed removal, but to no avail.

I thank you for your help, it would be a monumental weight off my shoulders if this can be corrected. I have attached the required file.

Sam.

EDIT: When the blank window opens up, my working window freezes for a few moments and the top blue bar flashes (blue/grey/blue/grey). If I'm typing something, it just stops and I can't resume until the window pops up (2-3 seconds later).

As well, I forgot to mention that the first popup I ever received was one claiming my computer was infected, click here to scan etc (Antivirus 2009). I never closed the window directly, I usually ctrlaltdel and close the popup that way. Sometimes, despite the warning that my computer is infected coming up, there is no option to close it in the ctrlaltdel menu, so I have to press the x to close it. The popup that then begins "scanning" my computer comes up, and I then use ctrlaltdel to close that.

Hah, the popup just happened. I couldn't type for 5 seconds and then this window opens (not a new tab, a new window): //82.98.235.111/dot.gif/?ver=119&cmp=profiling4&uid=50065b30c8bc11dd9e8600304890471a&guid=ee605607a5b07d408417cb6678c548d3&affid=170802&rid=in0009&m=re7v&revid=lappland&lid=www.google.ca%2Fsearch%3Fhl=en%26q=how+to+mix+drinks%26btnG=Google+Search%26meta=&uqs=1&s=0&c1=1&c2=0&uid_track=9807dc72-3196-4758-91de-e2ef6d357b14&br=firefox


DDS (Ver_09-01-19.01) - NTFSx86
Run by Sam at 18:07:13.48 on 23/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.40 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {92789ac5-a15e-e429-c1b4-3da4a4f4ab51}: {15ba4f4a-4ad3-4b1c-924e-e51a5ca98729} - c:\windows\system32\vflyel.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {bdc1d751-d583-42ad-bb1c-2167012bff56} - c:\windows\system32\vidajadu.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RogersAgent] c:\program files\rogers\selfhealing\rogersagent.exe
uRun: [SHS] "c:\program files\rogers\selfhealing\SHS.exe" /background
uRun: [Update Manager] "c:\program files\rogers\update manager\UpdateManager.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdwareAlert] c:\program files\adwarealert\AdwareAlert.exe -boot
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [gewosemujo] Rundll32.exe "c:\windows\system32\defarewo.dll",s
mRun: [CPM8f34e186] Rundll32.exe "c:\windows\system32\wakozawa.dll",a
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127397272078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: karna.dat avgrsstx.dll ogyreo.dll c:\windows\system32\kunuzavi.dll vflyel.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli c:\windows\system32\kunuzavi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\qk5zocdd.default\
FF - prefs.js: browser.startup.homepage - hxxps://webmail.utoronto.ca/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\sam\application data\mozilla\firefox\profiles\qk5zocdd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-20 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-20 26824]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-20 231704]
S4 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2005-3-8 17432]

=============== Created Last 30 ================

2009-01-23 17:16 <DIR> --d----- c:\docume~1\sam\applic~1\AdwareAlert
2009-01-23 17:09 133,341 a--sh--- c:\windows\system32\vflyel.dll
2009-01-23 14:06 <DIR> --d----- C:\VundoFix Backups
2009-01-23 04:21 134,351 a--sh--- c:\windows\system32\owkqzl.dll
2009-01-22 16:18 1,417,488 ---sh--- c:\windows\system32\efahiweb.ini
2009-01-22 16:18 133,431 a--sh--- c:\windows\system32\ogyreo.dll
2009-01-21 15:13 1,417,488 ---sh--- c:\windows\system32\ayiyopil.ini
2009-01-20 23:40 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-20 23:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-20 23:13 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-20 23:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-20 23:13 <DIR> --d----- c:\program files\AVG
2009-01-20 23:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-20 21:15 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-20 20:29 134,468 a------- c:\windows\system32\okasmc.dll
2009-01-20 20:18 2,713 ---sh--- c:\windows\system32\vijufezi.dll
2009-01-20 20:18 2,713 ---sh--- c:\windows\system32\tisuzezi.dll
2009-01-20 20:18 2,713 ---sh--- c:\windows\system32\garenuji.dll
2009-01-20 08:23 133,814 a------- c:\windows\system32\mdubkv.dll
2009-01-20 08:18 2,713 ---sh--- c:\windows\system32\fosadite.dll
2009-01-19 20:22 133,200 a------- c:\windows\system32\rqlpmj.dll
2009-01-18 10:37 133,279 a------- c:\windows\system32\rhbtgq.dll
2009-01-18 10:33 2,713 ---sh--- c:\windows\system32\juwefisi.dll
2009-01-17 18:37 2,713 ---sh--- c:\windows\system32\sotugulu.dll
2009-01-17 06:54 133,231 a------- c:\windows\system32\ykokqp.dll
2009-01-17 06:36 2,713 ---sh--- c:\windows\system32\navuyane.dll
2009-01-17 06:36 2,713 ---sh--- c:\windows\system32\popuyumi.dll
2009-01-17 06:36 2,713 ---sh--- c:\windows\system32\zufasewa.dll
2009-01-16 18:48 133,763 a------- c:\windows\system32\xdsmba.dll
2009-01-16 18:36 2,713 ---sh--- c:\windows\system32\bozakita.dll
2009-01-16 18:36 5,018 ---sh--- c:\windows\system32\jibanehi.dll
2009-01-16 18:36 5,018 ---sh--- c:\windows\system32\nitalopo.dll
2009-01-16 18:36 2,713 ---sh--- c:\windows\system32\webukeyo.dll
2009-01-16 06:47 1,390,479 ---sh--- c:\windows\system32\ahotetib.ini
2009-01-16 06:36 5,018 ---sh--- c:\windows\system32\yoduseya.dll
2009-01-16 06:36 5,018 ---sh--- c:\windows\system32\kigoleki.dll
2009-01-15 15:36 2,713 ---sh--- c:\windows\system32\zakupuju.dll
2009-01-13 08:55 1,318,228 ---sh--- c:\windows\system32\omuvetod.ini
2009-01-13 08:38 5,018 ---sh--- c:\windows\system32\weluyiki.dll
2009-01-13 08:38 2,713 ---sh--- c:\windows\system32\wasomuli.dll
2009-01-12 20:49 1,255,908 ---sh--- c:\windows\system32\imewidul.ini
2009-01-12 20:40 2,713 ---sh--- c:\windows\system32\nukatojo.dll
2009-01-12 20:40 2,713 ---sh--- c:\windows\system32\hakurevi.dll
2009-01-11 20:39 1,328,039 ---sh--- c:\windows\system32\ebolokim.ini
2009-01-08 18:24 1,312,845 ---sh--- c:\windows\system32\apurabaf.ini
2009-01-08 18:19 2,713 ---sh--- c:\windows\system32\kisevabi.dll
2009-01-08 18:19 2,713 ---sh--- c:\windows\system32\wuduzuli.dll
2009-01-08 06:24 1,309,042 ---sh--- c:\windows\system32\edakafij.ini
2009-01-08 06:20 2,713 ---sh--- c:\windows\system32\bibegipe.dll
2009-01-06 20:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-01-06 20:33 <DIR> --d----- c:\program files\common files\iS3
2009-01-06 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-01-02 21:40 1,294,028 ---sh--- c:\windows\system32\ibedisuz.ini
2008-12-31 08:38 1,701,582 ---sh--- c:\windows\system32\atapubab.ini

==================== Find3M ====================

2009-01-23 17:09 133,341 a--sh--- c:\windows\system32\vajapaso.dll
2009-01-23 04:21 134,351 a--sh--- c:\windows\system32\tareniva.dll
2009-01-22 16:18 65,186 a--sh--- c:\windows\system32\lubujoko.dll
2009-01-22 16:18 133,431 a--sh--- c:\windows\system32\guromome.dll
2009-01-22 16:18 99,647 a--sh--- c:\windows\system32\tifakapu.dll
2009-01-21 15:13 133,383 a--sh--- c:\windows\system32\hotomoho.dll
2009-01-20 20:29 134,468 a------- c:\windows\system32\lenasoyu.dll
2009-01-20 08:23 65,797 a------- c:\windows\system32\vufeguja.dll
2009-01-20 08:23 133,814 a------- c:\windows\system32\zegofadu.dll
2009-01-19 20:22 133,200 a------- c:\windows\system32\wisepale.dll
2009-01-18 22:37 133,370 a------- c:\windows\system32\pujojiwu.dll
2009-01-17 18:46 101,160 a------- c:\windows\system32\mufayehu.dll
2009-01-17 06:54 133,231 a------- c:\windows\system32\liyayeki.dll
2009-01-16 18:48 133,763 a------- c:\windows\system32\duwekide.dll
2009-01-16 18:48 64,122 a------- c:\windows\system32\vogomiyi.dll
2009-01-16 06:47 131,843 a------- c:\windows\system32\jodenosi.dll
2009-01-15 15:39 127,861 a------- c:\windows\system32\siruboma.dll
2009-01-15 15:39 68,856 a------- c:\windows\system32\nugebini.dll
2009-01-13 20:55 99,992 a------- c:\windows\system32\lejufomu.dll
2009-01-13 20:55 131,809 a------- c:\windows\system32\rilihezo.dll
2009-01-13 08:55 99,576 a------- c:\windows\system32\pufajahe.dll
2009-01-12 08:38 100,987 a--sh--- c:\windows\system32\fatodogi.dll
2009-01-09 06:20 103,642 a--sh--- c:\windows\system32\rimododi.dll
2009-01-08 18:24 102,109 a------- c:\windows\system32\zanelupo.dll
2009-01-08 06:24 102,126 a------- c:\windows\system32\legadaza.dll
2009-01-06 21:42 103,556 a--sh--- c:\windows\system32\lupomoja.dll
2009-01-06 21:42 67,380 a--sh--- c:\windows\system32\ginejoyi.dll
2009-01-06 09:42 102,113 a--sh--- c:\windows\system32\kukeyehu.dll
2009-01-05 21:42 103,035 a--sh--- c:\windows\system32\sevabija.dll
2009-01-05 09:41 104,155 a--sh--- c:\windows\system32\wevanovo.dll
2009-01-04 21:41 102,579 a--sh--- c:\windows\system32\somibezi.dll
2009-01-04 09:41 104,096 a--sh--- c:\windows\system32\pekiboba.dll
2009-01-03 21:40 102,571 a--sh--- c:\windows\system32\verazemi.dll
2009-01-03 09:40 103,098 a--sh--- c:\windows\system32\lifigote.dll
2009-01-02 21:40 101,665 a--sh--- c:\windows\system32\fabufepu.dll
2009-01-02 08:40 102,007 a--sh--- c:\windows\system32\nolamira.dll
2009-01-02 08:40 66,708 a--sh--- c:\windows\system32\subuzele.dll
2009-01-01 20:39 96,383 a--sh--- c:\windows\system32\yageyinu.dll
2009-01-01 08:39 95,988 a--sh--- c:\windows\system32\vamakepu.dll
2008-12-31 20:39 97,588 a--sh--- c:\windows\system32\gabuvike.dll
2008-12-31 08:38 97,880 a--sh--- c:\windows\system32\pabipihe.dll
2008-12-30 20:38 97,071 a--sh--- c:\windows\system32\semajosu.dll
2008-12-30 20:38 61,714 a--sh--- c:\windows\system32\nilujete.dll
2008-12-22 10:23 94,863 a--sh--- c:\windows\system32\repeseza.dll
2008-12-20 22:22 95,900 a--sh--- c:\windows\system32\geyinehi.dll
2008-12-20 10:22 97,427 a--sh--- c:\windows\system32\lizimobu.dll
2008-12-19 22:21 94,856 a--sh--- c:\windows\system32\lohukehi.dll
2008-12-17 10:20 96,828 a--sh--- c:\windows\system32\hemeketu.dll
2008-12-16 22:30 59,876 a---h--- c:\windows\system32\mlfcache.dat
2008-12-16 10:20 66,169 a--sh--- c:\windows\system32\lenidure.dll
2008-12-16 10:20 95,345 a--sh--- c:\windows\system32\ruwulehu.dll
2008-12-15 22:20 96,462 a--sh--- c:\windows\system32\savozuyi.dll
2008-12-15 21:19 95,540 a--sh--- c:\windows\system32\piyazuzi.dll
2008-12-15 21:19 64,075 a--sh--- c:\windows\system32\vukugaju.dll
2008-12-13 09:18 92,355 a--sh--- c:\windows\system32\lojonuda.dll
2008-12-12 21:18 60,537 a--sh--- c:\windows\system32\hosezuba.dll
2008-11-08 08:13 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-04 12:58 19,953 a------- c:\program files\common files\ugizuga.inf
2008-11-04 12:58 19,558 a------- c:\windows\enehu.reg
2008-11-04 12:58 18,547 a------- c:\windows\system32\vuvit.bat
2008-11-04 12:58 15,751 a------- c:\program files\common files\ydopujelar.sys
2008-11-04 12:58 14,600 a------- c:\windows\system32\yhuve.bin
2008-11-04 12:58 14,574 a------- c:\windows\axisysaxul.bin
2008-11-04 12:58 14,562 a------- c:\docume~1\sam\applic~1\nyfa.dll
2008-11-04 12:58 14,023 a------- c:\program files\common files\vufywarac.com
2008-11-04 12:58 19,585 a------- c:\docume~1\sam\applic~1\oriv.dat
2008-11-04 12:58 17,481 a------- c:\program files\common files\dypicebyq.exe
2008-11-04 12:58 13,554 a------- c:\program files\common files\eciv.dl
2008-11-04 12:58 10,964 a------- c:\program files\common files\fesono.db
2008-10-17 15:27 18,838 a------- c:\docume~1\alluse~1\applic~1\neky.reg
2008-10-17 15:27 18,503 a------- c:\docume~1\alluse~1\applic~1\aruqid.vbs
2008-10-17 15:27 14,957 a------- c:\docume~1\alluse~1\applic~1\avomapagal.bat
2008-10-16 19:58 10,457 a------- c:\docume~1\alluse~1\applic~1\ytigu.dll
0000-00-00 00:00 65,186 a--sh--- c:\windows\system32\kunuzavi.dll

============= FINISH: 18:08:58.85 ===============

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.

• Double click on RSIT.exe to run RSIT
  
• Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT


Please download GMER and unzip it to your Desktop.

• Open the program and click on the Rootkit tab.
  
• Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  
• Click on Scan.
  
• When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic