Suspected of Malwares

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode. Thanks.


Please use Revo Uninstaller to remove Avast.



Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab (Or fix proxy) and locate this 1 detection:

• [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (175.139.234.30:3128) -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Re run Hitman Pro and have it delete Potential Unwanted Programs.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kl.startnow.com/?src=startpage&provider=
• O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
• O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
• O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
• O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

After clicking Fix exit HJT.

........................................

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.



Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

OK, no problem, just continue on with the other steps now please.

 

Yep, if it's broken, it's gotta come out.

 

Yes, carry on with all the steps that I outlined, please.

 

OK, explain how things are running at this point, please.

 

That's madam (and no offence taken )

You can easily add them back.

If you do not like to use UAC then there is no need for you to turn it back on(

Yes indeed and let me know how the process of that goes.

Very good to know.

 

Please DO try to install Avast from fresh. There shouldn't be a problem; and if there is I will do all that I can towards helping, however I may refer you onto the software forum.

 

I do not know about the keybinders, you are going to have to ask about that in another area of the forum.

What exact error did avast give during the attempted installation, can you roughly translate for me please? :confused

 

It's an option yes, but then what if the other anti virus had issues installing too? We may need to figure this one out. Can you run the avast removal tool please.

Reboot the machine if the process does not involve one.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

I will review the logs, and check nothing remains of avast. You can have one more try at installing from fresh and if that fails, you will have to try another anti virus for now. I would very much like to get this solved though.

 

Are you saying Avast is installed and fully functional now?

 

Okay... try to install another anti virus please as I can't have you keep surfing without one. Let me know how it goes. We will have to abandon trying to work out the Avast thing.

 

Yes let it run a complete full system scan and let me know the results. If you do ever wish to further investigate the avast issue you would have to post in the software forum regarding that.

 

Keep scanning then and let me know later on today how things are.

 

And what is it doing now?

 

That's taking it's time for sure. But we might as well let it finish now. Do update me again later on today.

 

So this seems tobe the only item it cannot delete?

• D:\WINDOWS\system32\blphcnvvj0en91.scr

This is why!

Your machine needs more RAM.

 

Should be able to just navigate to it's location, and right click and delete the blphcnvvj0en91.scr file.