Skip to main content

bambooZLD Cloudscout etc.

Comments

2 comments

  • Support

    Hi bambooZLD,

     

    It's possible that the computer is infected with a rootkit and since it might be difficult to remove and has changed Windows files, it's probably faster and safer to reinstall Windows and all programs than to clean the computer. But we can try to clean it, but I don't promise that it's possible.

     

    1. Please uninstall:

    RelayDouble, since it's adware

    Microsoft Security Essentials, since having more than one active antivirus program can give conflicts, crashes and makes it harder to remove the infection. If you haven't installed Ad-Aware in compatible mode, you have to uninstall AVG too.

    Restart the computer.

     

     

    2. Please, start Notepad.

    Copy all text that is in the box:


    File: C:\Windows\SysWow64\Drivers\ASPI32.sys
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [gmsd_au_15] => [X]
    HKU\S-1-5-21-1985921260-2862718565-1384548183-1000\...\Policies\Explorer: []
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    S2 4dd8d474; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\RelayDouble\RelayDouble.dll",serv
    2014-12-22 16:30 - 2015-01-13 16:57 - 00001684 _____ () C:\Windows\Tasks\BFDWSDT.job
    Task: {4A48A0A3-92EF-4A10-B57A-8FD2390FB343} - \BFDWSDT No Task File <==== ATTENTION
    Task: {8865D9A8-A63D-40E9-B518-6E7BDA0505DA} - System32\Tasks\{67BBF58B-C5B8-4A81-93F2-E6FE4900010D} => pcalua.exe -a C:\Users\Chris\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION
    C:\Users\Chris\AppData\Roaming\omiga-plus
    Task: C:\Windows\Tasks\BFDWSDT.job => C:\Users\Chris\AppData\Roaming\BFDWSDT.exe <==== ATTENTION
    C:\Users\Chris\AppData\Roaming\BFDWSDT.exe
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    Restart the computer.

     

    FRST creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your answer.

     

     

    3. Please, save RougueKiller on the Desktop: http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe

     

    Turn off all running programs, including antivirus programs, and remove any external drives and other devices connected with USB etc. except mouse and keyboard.

     

    Start RougueKiller (in Vista and Windows 7 right-click the program and select "Run as administrator"). If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

     

    Wait until "Prescan" has finished.

    Click on "Scan" button in upper right corner.

    Wait until the scan has finished.

     

    A report with a name similar to RKreport.txt should have been created on the desktop.

    Please, post it in your answer.

    0
  • Support

    Due to lack of feedback, this topic has been closed.

     


    If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

     


    Everyone else please begin a New Topic.

     


    Thank You !

    0

Please sign in to leave a comment.