Unknown Possible Infection

Please run Hitman Pro, activate/enable the free trial, then remove all detections. Reboot and rescan with Hitman Pro, upload an updated log.

Re-run RogueKiller.exe. (Vista/Windows7/8/10 users should right-click and select "Run as Administrator").
After it finishes the scan, select the following tabs and then select any of the below that exist and then click the Remove Selected button.
Registry

• [PUP] (X64) HKEY_USERS\S-1-5-21-252475601-355364202-2162630188-1000\Software\UpdaterEX -> Found
• [PUP] (X64) HKEY_USERS\S-1-5-21-252475601-355364202-2162630188-1000\Software\YahooPartnerToolbar -> Found
• [PUP] (X86) HKEY_USERS\S-1-5-21-252475601-355364202-2162630188-1000\Software\UpdaterEX -> Found
• [PUP] (X86) HKEY_USERS\S-1-5-21-252475601-355364202-2162630188-1000\Software\YahooPartnerToolbar -> Found
• [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F60D7513-E4E3-4E6C-81DD-879B7AB05EA9}C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe|Name=upg-spa2102-5-2-12.exe|Desc=upg-spa2102-5-2-12.exe|Defer=User| [x] -> Found
• [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{664BE56D-D320-4C02-9BDB-86C7CBC191AA}C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe|Name=upg-spa2102-5-2-12.exe|Desc=upg-spa2102-5-2-12.exe|Defer=User| [x] -> Found
• [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F60D7513-E4E3-4E6C-81DD-879B7AB05EA9}C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe|Name=upg-spa2102-5-2-12.exe|Desc=upg-spa2102-5-2-12.exe|Defer=User| [x] -> Found
• [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{664BE56D-D320-4C02-9BDB-86C7CBC191AA}C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\myles\appdata\local\temp\temp1_spa2102-5-2-12.zip\upg-spa2102-5-2-12.exe|Name=upg-spa2102-5-2-12.exe|Desc=upg-spa2102-5-2-12.exe|Defer=User| [x] -> Found

Files

• [Hidden.ADS][Stream] C:\Users\Myles\AppData\Local:ImMytXW4247sK6la44t8pRyqqZJ6 -> Found

Web browsers

• [PUM.SearchEngine][FIREFX:Config] ixty2sha.default : user_pref("browser.search.selectedEngine", "Astromenda"); -> Found
• [PUM.SearchEngine][FIREFX:Config] ixty2sha.default : user_pref("browser.search.defaultenginename", "Astromenda"); -> Found

Then immediately reboot your PC. Now run a new scan with RogueKiller, save a log as in the original instructions and upload that new log.

Next please download Junkware Removal Tool to your desktop.

• Make sure to shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Upload JRT.txt to your next message.

Next download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• Upload this log to your next reply.

Please download ZHPCleaner to your desktop.

• Close all applications (including your web browsers and antivirus)
• Double-click on ZHPCleaner to run the tool.
• If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
• Please click the "J'accepte/I agree" button.
• First press the "Scanner" button. Be patient, the scan takes longer than 5mins.
• Then press the ''Repair'' button.
• Browsers will automatically shut down.
• A logfile will automatically open after the scan has finished.
• Please upload that logfile with your next reply.

Your MGlogs.zip is very incomplete... run it again ensuring that protection software is disabled, that UAC is turned off, you are running it as Admin, and you must wait for it to tell you it is finished. Please run the GetLogs.bat file again and upload the new log.

Tell me how the machine is running now.

 

You'll have to be more specific, describe it....take a screencapture and upload it.

Additional instructions:
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version ( 32 bit or 64 bit ) for your PC. Only the correct version will run so if you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button and wait.
• The first time the tool is run it makes two logs, FRST.txt and Addition.txt in the same directory the tool is run.
• Please upload them in your next reply.

 

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.

• Save the attached (fixlist.txt) to your desktop.
• Right-click FRST(x32/64) and select Run as Administrator.
• Click the FIX button once.
• Wait while FRST processes fixlist.txt
• A report should pop up named Fixlog.txt, please upload it here in your next reply.

This is an issue better suited for tracing down in our software forum. You will need to use tools such as Microsoft Process Explorer and Microsoft Autoruns to monitor your startup and running processes, along with monitoring the connections your firewall permits.