5101 infected objects on my laptop

Hi there and welcome. No need to worry, your grandson got you off to a wonderful start. With his help, you will be able to get through the rest of the malware removal procedures, which I will link to below for your reference.

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual update Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only RogueKiller and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run the rest of the READ & RUN ME FIRST instructions on the infected account.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

Hi there!

You can just zip those up for me please, into a compressed file.

 

Hi there calvin! Sorry for the late response, I had a busy 24 hours or so. Going to make a reply to you right now, and hopefully, it should make your machine run like clockwork again.

 

OK, for the first round, which will wipe out most of the garbage... (we'll probably need a round two to get the rest )


Uninstall the below programs:

• Advanced File Optimizer
• Advanced System Protector
• ALOT Appbar
• Babylon Chrome Toolbar
• Babylon toolbar
• BetterSurf Plus V1
• Bonanza Deals (remove only)
• Bonzuna
• DealsCompare
• DefaultTab
• Delta Chrome Toolbar
• Delta toolbar
• DMUninstaller
• Dynamo Toolbar
• express-files Toolbar
• Fa‡ade
• Feven 1.7
• FileParade Bundle
• FilesFrog Update Checker
• flash-Enhancer
• FlvPlayer
• Free Ride Games Player
• Free Zip 9.20
• FULL-DISKfighter
• Game Master 2.1 Toolbar
• iLivid
• Iminent
• Internet Explorer Toolbar 4.6 by SweetPacks
• iNTERNET TURBO Toolbar
• Internet Updater
• J2SE Runtime Environment 5.0 Update 17
• Lightspark 0.5.3-git
• McAfee Security Scan Plus
• Mobogenie
• MyPC Backup
• Mysearchdial
• Optimizer Pro v3.0
• PinPhotoZoom
• PriceGong 2.6.4
• PricePeep
• QuickShare
• RegClean Pro
• Search Protect by conduit
• Shopping Sidekick
• Software Version Updater
• SpeedUpMyPC
• SweetIM for Messenger 3.7
• Updater
• Utility Chest Toolbar
• Wajam
• Webexp Enhanced
• Websteroids
• WiseConvert B Toolbar
• Yontoo 1.12.02
• Zoom Downloader

Re run Hitman Pro and have it delete everything it finds.



http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

• [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Samsung\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND
• [RUN][SUSP PATH] HKCU\[...]\Run : Updater (C:\ProgramData\Updater\updater.exe [7]) -> FOUND
• [RUN][SUSP PATH] HKLM\[...]\Run : Updater (C:\ProgramData\Updater\Updater.exe [7]) -> FOUND
• [RUN][SUSP PATH] HKUS\S-1-5-21-1413938627-3401710783-2021175601-1000\[...]\Run : SearchProtect (C:\Users\Samsung\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND
• [RUN][SUSP PATH] HKUS\S-1-5-21-1413938627-3401710783-2021175601-1000\[...]\Run : Updater (C:\ProgramData\Updater\updater.exe [7]) -> FOUND
• [V1][ROGUE ST] Feven 1.7-chromeinstaller.job : C:\Program Files\Feven 1.7\Feven 1.7-chromeinstaller.exe -> FOUND
• [V1][ROGUE ST] Feven 1.7-firefoxinstaller.job : C:\Program Files\Feven 1.7\Feven 1.7-firefoxinstaller.exe - FOUND
• [V1][SUSP PATH] MySearchDial.job : C:\Users\Samsung\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
• [V2][SUSP PATH] DTReg : C:\Users\Samsung\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [7] -> FOUND
• [V2][ROGUE ST] Feven 1.7-chromeinstaller : C:\Program Files\Feven 1.7\Feven 1.7-chromeinstaller.exe --> FOUND
• [V2][ROGUE ST] Feven 1.7-firefoxinstaller : C:\Program Files\Feven 1.7\Feven 1.7-firefoxinstaller.exe --> FOUND
• [V2][SUSP PATH] MySearchDial : C:\Users\Samsung\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
• [V2][SUSP PATH] SomotoUpdateCheckerAutoStart : C:\Users\Samsung\AppData\Local\FilesFrog Update Checker\update_checker.exe - /auto [7] -> FOUND

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.



Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=5b50e10b-8ffc
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=5b50e10b-8ffc
• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDyCzyy
• R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDyCzyy
• R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=5b50e1
• R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=5b50e10b-
• R3 - URLSearchHook: (no name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll
• O2 - BHO: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll
• O2 - BHO: iNTERNET TURBO - {09152f0b-739c-4dec-a245-1aa8a37594f1} - (no file)
• O2 - BHO: WebexpEnhancedV1alpha408 - {0e4edeb3-b06c-48f5-b21b-b48f2496901b} - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha408\ie\WebexpEnhancedV1alpha408.dll (file missing)
• O2 - BHO: Dynamo Toolbar BHO - {0F98D75C-443B-42A2-90C5-2EB921230748} - C:\Program Files\Search Core Systems\Dynamo Toolbar\ie\dbho.dll
• O2 - BHO: CrossriderApp0005058 - {11111111-1111-1111-1111-110011501158} - C:\Program Files\Shopping Sidekick\Shopping Sidekick.dll
• O2 - BHO: CrossriderApp0040594 - {11111111-1111-1111-1111-110411051194} - C:\Program Files\Feven 1.7\Feven 1.7-bho.dll
• O2 - BHO: Game Master 2.1 - {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - (no file)
• O2 - BHO: Bubble Dock SurfMatch - {23AF19F7-1D5B-442c-B14C-3D1081953C94} - C:\Program Files\Nosibay\Bubble Dock\extensions\axSurfMatch.dll
• O2 - BHO: WiseConvert B - {2713b394-286f-4d7c-89ea-4174eeab9f5a} - (no file)
• O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.11.2\bh\BabylonToolbar.dll (file missing)
• O2 - BHO: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll
• O2 - BHO: BetterSrf - {45277F9D-8C9C-4726-A558-D69AC740910E} - C:\Program Files\BetterSurf\BetterSurfPlusV1\ie\BetterSrf.dll (file missing)
• O2 - BHO: PinPhotoZoom - {4a0c8953-9d4e-4790-b732-2b9fc9ebce05} - C:\Users\Samsung\AppData\Roaming\PinPhotoZoom\AutocompletePro.dll
• O2 - BHO: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~1\UTILIT~2\bar\1.bin\49bar.dll
• O2 - BHO: AmiExt IE plugin - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll
• O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Samsung\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
• O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll
• O2 - BHO: express-files - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)
• O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll
• O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
• O2 - BHO: (no name) - {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - (no file)
• O2 - BHO: DealsCompare - {b50321e1-e1a6-45d6-9ce4-26b21ee44e0d} - C:\Program Files\DealsCompare\150.dll
• O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll
• O2 - BHO: Zoom Downloader - {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll (file missing)
• O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
• O2 - BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.21.0\bh\mysearchdial.dll
• O2 - BHO: Value Apps plugin - {F63AAEDC-3602-49EF-AA45-262380A98980} - C:\Users\Samsung\AppData\Roaming\ValueApps\IE\MonPrx.dll
• O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (file missing)
• O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
• O2 - BHO: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll
• O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
• O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
• O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.11.2\BabylonToolbarTlbr.dll (file missing)
• O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll
• O3 - Toolbar: Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll
• O3 - Toolbar: mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll
• O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
• O4 - HKLM\..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
• O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe
• O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe
• O4 - HKLM\..\Run: [Utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h
• O4 - HKLM\..\Run: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe
• O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
• O4 - HKLM\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
• O4 - HKLM\..\Run: [Updater] C:\ProgramData\Updater\Updater.exe
• O4 - HKCU\..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO
• O4 - HKCU\..\Run: [DownloadManager] "C:\Program Files\Zoom Downloader\DownloadManager.exe" /as
• O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
• O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe
• O4 - HKCU\..\Run: [SearchProtect] C:\Users\Samsung\AppData\Roaming\SearchProtect\bin\cltmng.exe
• O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Samsung\AppData\Local\Smartbar\Application\QuickShare.exe startup
• O4 - HKCU\..\Run: [Updater] C:\ProgramData\Updater\updater.exe
• O4 - HKCU\..\Run: [Bubble Dock] "C:\Users\Samsung\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
• O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
• O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
• O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
• O4 - Startup: DesktopWeatherAlerts.lnk = Samsung\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
• O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe
• O4 - Startup: Weather Alerts.lnk = Samsung\AppData\Local\WeatherAlerts\WeatherAlerts.exe
• O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
• O15 - Trusted Zone: *.clonewarsadventures.com
• O15 - Trusted Zone: *.freerealms.com
• O15 - Trusted Zone: *.soe.com
• O15 - Trusted Zone: *.sony.com
• O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} (KeyBox Class) - https://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
• O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
• O20 - AppInit_DLLs: xC:\PROGRA~2\BROWSE~1\261095~1.52\{C16C1~1\BROWSE~1.DLL
• O23 - Service: ALOT Update Service (AlotService) - Inuvo Inc. - C:\Users\Samsung\AppData\LocalLow\alotservice\alotservice.exe
• O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
• O23 - Service: BonanzaDealsLive Service (bonanzadealslive) (bonanzadealslive) - BonanzaDeals - C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
• O23 - Service: BonanzaDealsLive Service (bonanzadealslivem) (bonanzadealslivem) - BonanzaDeals - C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
• O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Unknown owner - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (file missing)
• O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
• O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Samsung\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
• O23 - Service: Internet Updater (InternetUpdater) - Unknown owner - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
• O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files\iSafe\iSafeSvc.exe
• O23 - Service: SProtection - Iminent - C:\Program Files\Common Files\Umbrella\umbrella.exe
• O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
• O23 - Service: Utility ChestService (UtilityChest_49Service) - COMPANYVERS_NAME - C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe
• O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix exit HJT.




Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
C:\Program Files\Fighters
C:\Program Files\BonanzaDeals
C:\Program Files\Yontoo
C:\Program Files\PricePeep
C:\Users\Samsung\AppData\Roaming\ValueApps
C:\Program Files\Mysearchdial
C:\Program Files\SweetIM
C:\Program Files\Delta
C:\Program Files\DealsCompare
C:\Program Files\Wajam
C:\ProgramData\InternetUpdater
C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll
C:\Users\Samsung\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll
C:\Users\Samsung\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe
C:\PROGRA~1\UTILIT~2\bar\1.bin\49bar.dll
C:\ProgramData\Updater\updater.exe
C:\Users\Samsung\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Users\Samsung\AppData\Roaming\SearchProtect
C:\ProgramData\Updater
C:\Program Files\Feven 1.7
C:\Program Files\iSafe
C:\Program Files\BonanzaDealsLive
C:\Users\Samsung\AppData\Roaming\DefaultTab
C:\Users\Samsung\AppData\Local\FilesFrog Update Checker
C:\Program Files\UtilityChest_49
C:\Program Files\BetterSurf
C:\Program Files\Nosibay
C:\Program Files\AmiExt
C:\Program Files\WebexpEnhancedV1
C:\Program Files\Search Core Systems
C:\Program Files\Shopping Sidekick
C:\Program Files\BabylonToolbar
C:\ProgramData\Websteroids
C:\Program Files\BetterSurf
C:\Users\Samsung\AppData\Roaming\PinPhotoZoom
C:\Program Files\AmiExt
C:\PROGRA~1\UTILIT~2
C:\Program Files\alotappbar
C:\Program Files\Iminent
C:\Program Files\MyPC Backup
C:\Program Files\SearchProtect

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.





http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Re run Malware Bytes and attach the NEW log please.
Re run RogueKiller (just a scan) and attach the new log from that too please.
And finally.... Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Just continue on with the other steps then please.