[Solved] PC Virus Removal

Welcome to Computer Help Forums, Julian.
I have contacted one of our malware removal specialists.
One of them should be along shortly to assist you.
Please be patient as they all work on other help sites.

 

Hello Julian Kinkaid

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
• If you are using Cracked or Illegal software your thread will be closed
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Before we start can you confirm if you have set a Proxy Server?

 

Hi Julian Kinkaid

Can you please go to C:\users\julian\appdata\local\temp\ Right click on keygen.exe > Click Send To and then > click Compressed Zip Folder.

Then please go to http://www.bleepingcomputer.com/submit-malware.php?channel=179 and upload the folder you have just created.

 

Hi Julian Kinkaid

We will do a search for the File.

Step 1

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• In the Search box Type in the following:-
  
  Code:

  keygen.exe
  

• Click on Search
• Once completed a search.txt file will be created where FRST has been run on your computer. Please copy and paste the contents of this log in your next reply.

Step 2


Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• click Search For Files.
• When finished, click Save List To File.
• Remember to run this tool once only, if not asked to run it again.

Please include the content of CKFiles.txt in your next reply.

 

Hi Julian Kinkaid

Step 1

• Click on Start -> Control Panel -> Add/Remove Programs
• Uninstall the following Programs:-
  Duplicate Cleaner Free 3.2.6
  Media View
  Spybot - Search & Destroy
• Close the Add/Remove Programs and Control Panel
• Restart your computer

Step 2

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​

Press the + R on your keyboard at the same time. Type Notepad and click OK.

• Copy the entire content of the codebox below and paste into the Notepad document:
  
  Code:

  start
  CloseProcesses:
  RemoveProxy:
  Winlogon\Notify\igfxcui: igfxdev.dll [X]
  Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
  ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  No File
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  Task: {2DEBE5A0-14C2-4700-8EA1-23906789142A} - \WS.Booster-S-1839310039 -> No File <==== ATTENTION
  Task: {4E4804FC-AA9E-4DC3-B33F-46F12C039146} - \AutoKMS -> No File <==== ATTENTION
  Task: {84F091B2-62B2-441B-A62D-95DDB772B102} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
  Task: {A45A57B4-AF46-4D20-81B4-BF602C8CB151} - System32\Tasks\{EB19C9D3-EBB5-48D6-848E-0E59953EA6F2} => I:\setup.exe
  ShortcutWithArgument: C:\Users\Julian\Desktop\Utilities\Fuze Meeting .lnk -> C:\Users\Julian\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe (Fuze Box Inc.) -> hxxps://www.fuzemeeting.com/fuze <==== ATTENTION
  ShortcutWithArgument: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fuze Meeting\Fuze Meeting .lnk -> C:\Users\Julian\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe (Fuze Box Inc.) -> hxxps://www.fuzemeeting.com/fuze <==== ATTENTION
  FirewallRules: [TCP Query User{16ED47A3-F750-4DB3-96B0-E08E08F16E04}C:\users\julian\appdata\local\temp\keygen.exe] => (Allow) C:\users\julian\appdata\local\temp\keygen.exe
  FirewallRules: [UDP Query User{396129B8-E2C4-4414-9F1B-E52157C60362}C:\users\julian\appdata\local\temp\keygen.exe] => (Allow) C:\users\julian\appdata\local\temp\keygen.exe
  C:\ProgramData\uvjwatqp.vyn
  C:\users\julian\appdata\local\temp\keygen.exe
  EmptyTemp:
  end
  

• Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 3

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and let this process run uninterrupted.
• This scan can take a while, depending on your System specs.
• Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

 

Hi Julian Kinkaid

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press Scan button and wait.
• The tool will produce a logfile on your Downloads : FRST.txt

Please include their content into your next reply.

Can I also have update if you are still having issues with your machine?

 

Great, lets run another Scan to be on the safe side.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Remove found threats is unchecked.
• Scan archives is checked.
• In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.Don't forget to re-enable previously switched-off protection software!

 

Hi Julian,

How is the machine running now? Do you have any further issues?

 

Hi Julian

If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.

• Double Click to start the program
  If you are using Vista or higher, please right-click and choose run as administrator
  Make Sure the following items are checked:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
  Now click on " Run " and wait patiently until the tool have completed.
  
  The tool will create a log when it has completed. We don't need you to post this.
  
  Turn On Automatic Updates:
  
  Turn On Automatic Updates
  
  1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
  2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them
  
  
  Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-
    
    
  • Also verify that Enable Protected Mode is checked
  • Next press the Apply button and then the OK to exit the Internet Properties page.

• Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection
  
  If you have any problems you know where we are