Adware At Startup

Hi and welcome, I am reviewing those logs now. Will post back with a response soon.

 

You can begin by re-running Hitman Pro. Activate/enable the free trial and allow it to remove the Potential Unwanted Program.

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

How are things running?

 

Hmm,

Run this and attach the results.

Using ESET's Online Scanner

 

Please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some data on it
• Right click on the screen and select > Select All
• Press Control+C
• Open a notepad and press Control+V
• now please UPLOAD that report to this thread

 

Once done.... download and run the Microsoft Malicious Software Removal Tool

https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

 

Then do this:

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

 

@Kestrel13!

Have sent a private convo message with an idea. dr.m

 

I would like you to download Process Monitor https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

Save the zipped file to your desktop.
Right click it > choose to "Extract all"
Right click on the Procmon.exe file > important you choose to run it as admin...
You will see the program open up...
Click on "File" at the top left of screen > click on SAVE > in the window that now pops up, I would like you to select "All Events" using the radio button under the "Events to save" option.
On the "Format" option, I'd like you to choose "Native Process Monitor Format (PML)
Now click on OK, the log file should save to your desktop.
Open the Process Monitor folder on your desktop and locate the Logfile.PML > Right click it and send to compressed file. (Zipped)
I want you to upload this zip for me to see.

 

Downloading...

 

Delete Process Monitor. Now download http://www.majorgeeks.com/files/details/microsoft_process_explorer.html
There's a tutorial for how to use it here https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-2-Process-Explorer try and use it to find any strange processes that could be causing the pop up at start up.

 

What did it fix? The ads that show at start up? If you think there's still something strange please download Autoruns:

Download and run Autoruns ( you will have to extract the contents from the ZIP file into its a new folder you create for it ( like AutoRuns on your Desktop ) and keep the Everything tab selected in AutoRuns. Then click on the File menu selection and select Save. Save this log file in default format to your Desktop. The default format and filename should be AutoRuns.arn

Now put the AutoRuns.arn file into a ZIP file and attach this ZIP to your next message. ( you cannot attach the AutoRuns.arn file. It must be ZIP'ed ).

 

Hi

I am not seeing anything suspicious.

Is this still happening?

 

You're so welcome. Are there any outstanding issues at all?

 

Excellent.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
   
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
   
   
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!