Solved Information relating to RogueKiller software.

[DonnaB]

Hi BobbyScot,

Actually, computer is at present running quite well since disconnecting two HDs. Errors do however still remain.

Try disconnecting all of them to see how the computer performs. What errors still remain?

DonnaB, MalwareBytes has quarantined two software that have managed to install on my computer.

1. PUP.Optional Talika.c.

2. PUP.Optional Candy.c.

How can these two files be removed and permanently? Thanks BobbyScot.

Are you visiting or downloading from torrents sites as I try to help you?

The 2 logs you posted here were clean as a whistle! They should have been detected and removed if they were on your system when the scans were executed.

I see I overlooked the following program:

System Ninja

That's another one of those optimizer programs I warned you about that cleans the registry. There's nothing I can do to help if you chose to continue to use these types of programs. I see the file was modified on 2015-04-15 @ 10:54 did you scan your system with it at that time? It appears so.... I suggest that you uninstall it and stay away from these types of programs that you come across.

Let's finish our cleanup here. I am surprised that the AdwCleaner and JRT scans did not find those. It's as if they were picked up after the scans whilst you were browsing around in my absence.

• Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
• Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.
  
  

  start
  createrestorepoint:
  closeprocesses:
  HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
  HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w4dp2k90.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
  FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
  S1 360FsFlt; system32\DRIVERS\360FsFlt.sys [X]
  S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
  2015-04-15 23:15 - 2015-04-15 23:15 - 06870552 _____ (ParetoLogic, Inc.) C:\Users\Robert\RegCureProSetup.exe
  2015-04-15 12:10 - 2015-04-15 12:12 - 00380416 _____ () C:\Users\Robert\u0dto4j6.exe
  2015-04-08 19:10 - 2015-03-08 13:13 - 00000000 ____D () C:\Program Files (x86)\360
  2015-04-08 12:26 - 2015-03-08 13:48 - 00000000 __SHD () C:\$360Section
  2015-04-08 12:26 - 2015-03-08 13:14 - 00000000 ____D () C:\ProgramData\360Quarant
  C:\Users\Robert\adwcleaner_4.201.exe
  C:\Users\Robert\avast_free_antivirus_setup_online.exe
  C:\Users\Robert\FSS.exe
  C:\Users\Robert\JRT.exe
  C:\Users\Robert\ninja-setup-3.0.6.exe
  C:\Users\Robert\RegCureProSetup.exe
  C:\Users\Robert\RogueKillerX64.exe
  C:\Users\Robert\u0dto4j6.exe
  C:\Users\Robert\unchecky_setup.exe
  C:\Users\Robert\vlc-2-2-0-win32.exe
  Task: {0BF8805B-3807-44F1-9819-83A718EEE1AD} - \CCleanerSkipUAC No Task File <==== ATTENTION
  Task: {0F443D61-9A27-4F8D-9214-40D6711DA6DE} - \WPD\SqmUpload_S-1-5-21-4215804292-628602006-1330011759-1000 No Task File <==== ATTENTION
  Task: {20CF4770-0A70-4C42-B1F0-096F26807AB5} - \avast! Emergency Update No Task File <==== ATTENTION
  Task: {49159A95-E6FD-4E5F-8B47-F4B8EB318334} - \HPCustParticipation HP Deskjet 1000 J110 series No Task File <==== ATTENTION
  Task: {94DD8BF8-D3DC-4FBE-BBEF-D616D511AFB9} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
  Task: {CE38B1C3-B797-49EE-8451-0B07E6FC7BE9} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
  AlternateDataStreams: C:\ProgramData\Temp:07BF512B
  hosts:
  emptytemp:
  end

  
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.

Next:

Eset Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
  
  
  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on:
  
  
  
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

• Now click on:
  
  
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic.
• Now click on:
  
  
  (Selecting Uninstall application on close if you so wish)

In your next reply please post the following logs:

Fixlog.txt
ESET log.txt

 

[bobbyscot]

View attachment FRST.txtView attachment Addition.txt

 

[bobbyscot]

DonnaB, Carried out your instructions. Removed RogueKiller and Ninja. The Fix Log appears not to do anything. Utorrent is required. Photobucket.com as said before fails to function. All HDs bar one external HD have been disconnected from computer, find little improved speed in power up. Avast as usual playing up, says software available, checking appropriate Web site state software is up to date. Thanks BobbyScot.

 

[bobbyscot]

View attachment Fixlog.txt.txtView attachment JRT.txt

 

[DonnaB]

Bobby,

I just realized that you are starting to attach older logs. I think it might be best to delete all the previous logs so that older logs are not posted.

It might be easier to find the logs if you click on your Start

and in the Start Search found just under the Start Menu in the lower left of your screen type in the following, one at a time, and once you have deleted those logs, type in the next log and do the same till no more are found.

FRST.txt
Addition.txt
Fixlog.txt


When they display in the list that pops up, just Right click and choose Delete from your right click menu.

Let me know if you need help finding the logs and I would be more than happy to help guide you in the right direction.

When your are done deleting those logs, let me know so we can proceed forward.

 

[bobbyscot]

DonnaB, I just do not have clue as to what is required to delete attachment files. Photobucket.com open to an entire white screen with a small round icon showing top left of screen, it seems to do absolutely nothing. After lengthly workout, end product appears to be Nil, as errors like Restore Point etc are still eminent. I certainly appreciate time taken by your good self in trying to solve the errors, but answers are not surfacing. My sincere thanks for interest shown, BobbyScot.

 

[DonnaB]

Bobby,

I am not worried about the logs that you have attached to your forum posts. I want you to delete the logs produced from the tools we have ran so far that were saved on your computer.

If you are not able to do that, just let me know and I'll find a way so we can work around the older logs.

 

[bobbyscot]

DonnaB, thanks, yes I am unable to trace Logs that you refer too. Help to find and remove, will be most appreciated. Thanks BobbyScot.

 

[DonnaB]

Hi Bobby,

Before we can find out why your computer is so messed up, we have to get rid of all the programs and logs so you are not tempted to post the wrong logs.

I am going to have you download the following tool. It will not only remove all the tools, but will also remove all the logs those tools created. Once we do that, we will have to start over.

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Click Run.
• The program will run for a few seconds and display a notepad log report.

Please paste, or attach that log report for so I can see what was removed.

 

[bobbyscot]

View attachment DelFix.txtView attachment DelFix.txt

 

[bobbyscot]

DonnaB, Delfix certainly removes files, as each time it requires me to completely enter User/Password to sign in VistaForums, even though Remember me is ticked. I note all software titles given by you in the past are no longer current in computer. Thanks BobbyScot.

 

[bobbyscot]

DonnaB, I failed to say in my last Reply, ""I can not instal or use "Photobucket" ""

 

[DonnaB]

Ok Bobby,

Let's start over an see if we can figure out why you are having troubles with restore points, and being able to access PhotoBucket, not to mention all the other problems you are having....

First, I am going to have you change the download location for all tools to go to your desktop and not to your user profile folder called Robert.

Change default download location in

Internet Explorer :

• Click the Tools
  
  menu icon in the upper right-corner of the browser.
• Select View downloads.
• Select the Options link in the lower left of the window.
• Click Browse and select the Desktop and then choose the Select Folderbutton.
• Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

Please let me know when that is complete and we will proceed.

 

[bobbyscot]

DonnaB, carried out instructions to the letter, hoping it is carried out. Today, old error surfaced, "Windows Explorer" has stopped working.

 

[DonnaB]

Great! Thank you Bobby.

I am going to first diagnose your system and remove what is undesirable and can cause issues. Then I will check your file system.

So, first, I am going to have you download FRST64 again to get a fresh log so I can see what is going on.

Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

Note: You will need to download and run the 64-bit version.

• Make sure that FRST is on the desktop of the infected system. If it is not, please move it to the desktop.
• Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste (or attach) the log back here.
• The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

In your next reply I need to see:

FRST.txt
Addition.txt

 

[bobbyscot]

View attachment FRST.txtView attachment Addition.txt

 

[bobbyscot]

View attachment Addition.txt

 

[bobbyscot]

DonnaB, I seem to be going on a perpetual roundabout, without a solution coming to the fore. I seem to be loosing several software titles in the process such as Reltek High definition sound process.

 

[DonnaB]

I seem to be loosing several software titles in the process such as Reltek High definition sound process.

Where did it disappear from?

Do you have sound?

Please allow me a moment to review the logs and I'll be back as soon as you answer my questions above.

 

[bobbyscot]

DonnaB, sound was still present, but the high definition quality was no longer available due to Reltek software being erased. However this error does happen frequently, caused no doubt by one of the add on software used to remove other software.