Caught A Bug!

Hi and welcome!

Re run Hitman Pro, and have it remove all that it finds.



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

• [PUP] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found
• [PUP] (X86) HKEY_LOCAL_MACHINE\Software\csdimedia -> Found
• [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found
• [PUP] (X86) HKEY_LOCAL_MACHINE\Software\{12A61307-94CD-4F8E-94BC-918E511FAA81} -> Found
• [PUP] (X86) HKEY_LOCAL_MACHINE\Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
• [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Zofhe ("C:\Users\Donald\AppData\Roaming\LogpKyudpik\Sablep.exe" -cms) -> Found
• [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Zofhe ("C:\Users\Donald\AppData\Roaming\LogpKyudpik\Sablep.exe" -cms) -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...same for this entry on the files tab please...

• [PUP][Folder] C:\ProgramData\VideoDownloaderUltimateWinApp -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


MGTools did not run to completion, please run it again this time ensuring you ran it as admin, that protection software is disabled and that UAC is turned off.

Upload the log once done.


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Do it from the account you uploaded these logs from.

 

Let's finish this account now we have started. Once we are finished here we will begin the same tests on the other.

Uninstall the below:
Registry Cleaner

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.
Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• 
  
  
  • You should now have both fixlist.txt and FRST64.exe on your Desktop.
  • Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
  • Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
  • Click the Fix button just once and wait.
  • Your computer should reboot after the fix runs.
  • Reconnect your internet connection after reboot so you can come back here to continue.
  • The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• 
  
  
  • Fixlog.txt
  • C:\MGlogs.zip

Also at this point, I want to double check the status of things by having you run another scan with FRST like in my last message and attach the new FRST.txt and Addition.txt logs.

 

Follow the instruction as in my post #7 for running this, but use THIS fixlist... not the last one. Skip the running of MGTools again...

 

And do you also have the FRST log please?

 

OK, I am satisfied we have done enough on this account for now.
Let's move onto the next account where all the trouble is.
Run all the tools in the Read and Run me First and also run a scan with FRST. Upload logs once done.

 

I haven't checked the logs... I have to dash out for about 2 hours. Can you tell me how things are running currently?

 

OK, sorry for the delay I was out longer than expected. Going to eat my dinner and get straight onto your next set of logs, give them a good once over.. and respond back to you.

 

I have uploaded a fixlist. Repeat the same steps as in my post #7. You do not have to run MGTools again though.

 

So pleased to hear things are running well. Would you like me to post final steps? Basically, the infection had tainted your dnsapi.dll file, replacing it with a clean copy fixed it up.