Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.
Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.
I'm Gary R
, Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.Because of this, I advise you to backup any personal files and folders before you start.
As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.
Please click on THIS
link, and follow the instructions for installing TCRB
and creating a backup of your Registry.
Please observe these rules while we work:
- Do not edit your logs in any way whatsoever.
- Perform all actions in the order given.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Stick with it till you're given the all clear.
- Remember, absence of symptoms does not mean the infection is all gone.
- Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
- Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
There are a large number of policy settings showing in your FRST logs, these are not normal for a home machine, are you aware of how and why these policy settings have been made ????Next ...
- Download MGA Diagnostic Tool to your Desktop.
- Double click MGADiag.exe to launch the programme.
- Click Continue and let the scan run.
- When finished it will have created a log.
- Click Copy.
- Next open Notepad.
- Click Start > Run type Notepad click OK.
- This will open an empty Notepad file.
- Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
- Save the file to your Desktop.
- Close MGA Diagnostic Tool.
- Copy/Paste the log in your next reply please.
to your Desktop.
Summary of the information I need from you in your next post:
- Doubleclick CKScanner.exe to launch it.
- Click Search For Files.
- After a couple minutes a list will appear in the panel to the right.
- Click Save List To File.
- A message box will verify the file saved.
- Close CKScanner.
- Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
- Please run the program once only.
- A reply to my question about the policy settings.
- MGA Diagnostic log