Finding Discounts

Please run Hitman Pro, activate/enable the free trial, then remove all detections. Reboot and rescan with Hitman Pro, upload an updated log.

Next re-run RogueKiller.exe. (Vista/Windows7/8/10 users should right-click and select "Run as Administrator")
After it finishes the scan, under these tabs select and then click the Delete button these items.
Registry

• [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
• [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8877;https=127.0.0.1:8877 -> Found
• [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X]) -> Found
• [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55D45C47-34FB-4501-8A3A-629FA9D79F3F} | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X]) -> Found

Files

• [PUP][Folder] C:\Users\Game\AppData\Local\yuntnani -> Found

Then immediately reboot your PC. Now run a new scan with RogueKiller and save a log as in the original instructions and upload that new log also.

Please shut down ALL of your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

Uninstall the below outdated applications using
GeekUninstaller 1.3.5.56, a portable appl.

Java 8 Update 65
Mozilla Firefox 43.0.1 (x86 en-US)
​

NOTE: If you wish to save any bookmarks, please review this article.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
• O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
• O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
• O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
• O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

After clicking Fix, exit HJT.

Now please download Junkware Removal Tool to your desktop.

• Make sure to shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Upload JRT.txt to your next message.

Next download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• Upload this log to your next reply.

Now install the current version of Sun Java from:

• Go here for 64 bit OS = Sun Java 64 bit Runtime Environment
• Go here for 32 bit OS = Sun Java 32 bit Runtime Environment

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version ( 32 bit or 64 bit ) for your PC. Only the correct version will run so if you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button and wait.
• The first time the tool is run it makes two logs, FRST.txt and Addition.txt in the same directory the tool is run.
• Please upload them in your next reply.

 

My instructions were to save the below tool to your Desktop.... move it there now.

Using AdwCleaner.exe previously downloaded:

• Double click on AdwCleaner.exe to run the tool. (Vista, Win7/8/10 users should right-click and "Run As Administrator")
• Click on the Scan button.
• When the scan has completed, click on the Clean button.
• Press OK when asked to close all programs and follow the on-screen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Upload this log to your next reply.

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.

• Save the attached (fixlist.txt) to your desktop.
• Right-click FRST(x32/64) and select Run as Administrator.
• Click the FIX button once.
• Wait while FRST processes fixlist.txt
• A report should pop up named Fixlog.txt, please upload it here in your next reply.

 

You're welcome. The reason for following our guides instructions for downloading and running tools from specific directories is for ease of trouble-shooting problems and clean up when the malware removal is completed.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, Win 7/8/10 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If you are running Win 7/8/10, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing!