Next Door Neighbour Seems To Be Infected, Log Files Attached

What is this?
C:\YLQKA

Uninstall the below using
GeekUninstaller 1.3.5.56, a portable appl.
Ask Toolbar

SpywareBlaster 4.6 <= Outdated - current version is 5.4

Please re-run HitmanPro, activate the 30-day Trial License, then fix these detections:
Potential Unwanted Programs

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

After reboot and when you are back in Windows, run another scan with HitmanPro and then upload the latest HitmanPro log.

Now re-run RogueKiller and run a scan. After it finishes the scan, select the following tabs and then select any of the below that exist and then click the Delete button.
*Make sure you select the Click to Expand text ( if present ) at the bottom of the quote box to see the whole fix.

Then immediately reboot your PC.

After reboot, run a new scan with RogueKiller and save a log as in the original instructions and upload the new log.

Next download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• Upload this log to your next reply.

Please download ZHPcleaner to your desktop.

• Close all applications (including your web browsers and antivirus)
• Double-click on ZHPCleaner to run the tool.
• If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
• Please click the "J'accepte/I agree" button.
  • First press the "Scanner" button.Be patient, the scan takes longer than 5mins.
  • Then press the ''Repair'' button.
• Browsers will automatically shut down.
• A logfile will automatically open after the scan has finished.
• Please upload that logfile with your next reply.

Then upload the below logs:

• updated Hitman Pro log.txt
• updated RK log.txt
• AdwCleaner[S#].txt
• ZHPCleaner.txt

Make sure you tell me how the machine is running.

 

Have you forgotten about this thread, mondola?

 

If you deleted what ADW and ZHP found, then you are good to go.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

What is this?

C:\Users\Paul Cooper\AppData\Roaming\filter

Re run adwcleaner, let it remove the following:

Registry:
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKCU\Software\Rocket Browser

Web Browsers:
[C:\Users\Paul Cooper\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com
[C:\Users\Paul Cooper\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Paul Cooper\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : WSE Rocket.com
[C:\Users\Paul Cooper\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ibnjmihbbanannlbobkbmnmckjnmdnom

 

Cross Posted with you Tim..... apologies.

 

No problem Kes, just trying to finish up Dr. M's thread.

 

Have adwcleaner remove what I queried you about:

C:\Users\Paul Cooper\AppData\Roaming\filter

Then you should be good.

 

Excellent You are most welcome. Safe surfing!