Avalanche-ranbyus 2

I will begin my log analysis when you upload the requested RogueKiller log.txt.

 

You're welcome.

I suggest that you read this thread ...
Warning about Porn, Keygens, Cracks, and other Illegal Software

Please run Hitman Pro, enable the 30 day Trial and remove all PUP detections. Reboot and rescan with Hitman Pro, upload an updated log.

Re-run RogueKiller.exe. (Vista/Windows7/8/10 users should right-click and select "Run as Administrator")
After it finishes the scan, select the following tabs and then select any of the below that exist and then click the Remove Selected button.
¤¤¤ Registry : ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\speedupmypc -> Found

¤¤¤ Files : ¤¤¤
[PUP][Folder] C:\ProgramData\RegClean -> Found
[PUP][Folder] C:\ProgramData\RegClean -> Found
[PUP][Folder] C:\Program Files (x86)\SmartTweak -> Found

¤¤¤ Web browsers : ¤¤¤
[PUP][Chrome:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Found

Then immediately reboot your PC.

Now run a new scan with RogueKiller and save a log as in the original instructions and upload that new log.

Next run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
• O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
• O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

After clicking Fix, exit HJT.

Now please download Junkware Removal Tool to your desktop.

• Make sure to shut down your protection software now to avoid potential conflicts.
• Run JRT.exe by double-clicking it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Upload JRT.txt to your next message.

Now download ZHPCleaner to your desktop.

• Close all applications (including your web browsers and antivirus)
• Double-click on ZHPCleaner to run the tool.
• If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
• Please click the "J'accepte/I agree" button.
• First press the "Scanner" button. Be patient, the scan takes longer than 5mins.
• Do NOT fix/repair anything yet! Please upload that logfile with your next reply.

 

Please skip it and continue on to ZHPCleaner. Tell me how the PC is running, now.

 

Please click "Yes" for now, and continue on.

 

Your Hitman Pro log shows that you haven't activated the 30 day Trial License and performed my fix yet. The contents haven't changed from the previous log. Rerun those instructions.

Re-run ZHPCleaner per previous instructions

• After the scan has completed - press the Repair button.
• Browsers will automatically shut down.
• A logfile will automatically open after the scan has finished.
• Please upload that logfile with your next reply.

 

Fix Hitman Pro entries:
Suspicious files

• C:\Users\v\Downloads\Adobe cc\Adobe Universal Patcher.exe
• C:\Users\v\Downloads\Adobe universal patcher\Adobe Universal Patcher.exe
• C:\Users\v\Downloads\cs6\Adobe Universal Patcher.exe

Potential Unwanted Programs <-- ALL

Yes - follow my instructions and upload the requested logs.

 

Again.. follow the instructions I have already given you and then run a fresh scan - upload that log, please.

 

Your logs look good! If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, Win 7/8/10 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing!