Trcklion.com Malware

Hello, again TLTD

Please upload all of the requested logs from running the READ & RUN ME FIRST. Malware Removal Guide.

 

You need to upload the log from Malware Bytes as well for Dr M. Thanks.

 

Uninstall this software using GeekUninstaller 1.4.0.88, a portable appl.

DriverAgent by eSupport.com
​

NOTE: Your Malwarebytes' log shows that you need to run it again and hit the "Remove Selected" button. Upload an updated log, please.

Re-run RogueKiller.exe. (Vista/Windows7/8/10 users should right-click and select "Run as Administrator")
After it finishes the scan, under these tabs select and then click the Delete button these items.

• Registry <= PUP only
• Files
• Tasks

Then immediately reboot your PC.

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Upload RKreport[2].txt to your next message.
After uploading RKreport[2].txt, now run a new scan with RogueKiller and save a log as in the original instructions and upload that new log also.

Now re-scan with Hitman Pro and have it delete everything under the headings of

Potential Unwanted Programs​

Afterwards, click the Next button.
Now reboot the PC in order for the changes to take affect.

After reboot and when you are back in Windows, rescan with with HitmanPro and upload that new log.

Next please download Junkware Removal Tool to your desktop.

• Make sure to shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Upload JRT.txt to your next message.

Finally, download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• Upload this log to your next reply.

Delete this file using Windows Explorer -
C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}

*New and updated logs to upload:

• updated MBAMLOG.txt
• RKreport[2].txt plus updated log
• updated HitmanPro log
• the JRT.TXT log
• AdwCleaner[S#].txt

*Take a look at your Hosts file now and let me know if 74.120.16.187 trcklion.com is listed.

Make sure you tell me how things are working now!

 

Yes, please continue with my instructions.

 

Good - on to the others, then.

EDIT: Remember only to SCAN with AdwCleaner... and run the tools while Offline. (browsers closed)

 

The only way that can happen is by you making changes to your pc while I'm trying to remove malware....that complicates my work! (RE-READ the instructions in the R&R ME guide)

Using AdwCleaner.exe previously downloaded:

• Double click on AdwCleaner.exe to run the tool. (Vista, Win7/8/10 users should right-click and "Run As Administrator")
• Click on the Scan button.
• When the scan has completed, click on the Clean button.
• Press OK when asked to close all programs and follow the on-screen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Upload this log to your next reply.

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version ( 32 bit or 64 bit ) for your PC. Only the correct version will run so if you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button and wait.
• The first time the tool is run it makes two logs, FRST.txt and Addition.txt in the same directory the tool is run.
• Please upload them in your next reply.

 

How did you uninstall it? Is it listed in GeeksUninstaller?

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.

• Save the attached (fixlist.txt) to your desktop.
• Right-click FRST(x32/64) and select Run as Administrator.
• Click the FIX button once.
• Wait while FRST processes fixlist.txt
• A report should pop up named Fixlog.txt, please upload it here in your next reply.

Please download SystemLook from the link below and save it to your Desktop.
http://downloads.malwareremoval.com/SystemLook/SystemLook_x64.exe

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  *Pluto*
  :regfind
  *Pluto*
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Please perform these steps in order:

Download ZHPcleaner to your desktop.

*Using Advanced SystemCare's Startup Manager => release control of the Shortcut "PlutoTV.lnk". (A re-boot may be required to implement)

Running ZHPcleaner

• Close all applications (including your web browsers and antivirus)
• Double-click on ZHPCleaner to run the tool.
• If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
• Please click the "J'accepte/I agree" button.
  • First press the "Scanner" button. Be patient, the scan takes longer than 5mins.
  • Then press the ''Repair'' button.
• Browsers will automatically shut down.
• A logfile will automatically open after the scan has finished.
• Please upload that logfile with your next reply.

Reset Chrome to Defaults

How safe is the game modding community
Read the post by "quietman", it is even more revelant today with the state of malware.

Tell me how your pc is running after a couple of reboots.

 

Addtionally -

Using Windows Explorer make sure that these are deleted:

C:\Users\780G\AppData\Roaming\Pluto TV
C:\Users\780G\Desktop\PlutoTV.lnk​

 

I see that ZHPcleaner did find two redirections that it reset. Let me know how it goes.

 

You're welcome!

Your logs look good! If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, Win 7/8/10 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If you are running Win 7/8/10, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing!

 

You are welcome.