Issues logging into Windows.

GilV37

You may remove MGADiag . You don't need that anymore .

Let's press on...

Part I:
Please open Notepad: (Start > All Programs > Accessories > Notepad)

Copy/paste the entire content inside the quote box below to Notepad (Do not copy the word 'Quote'):

File::
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdatact.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mhtmlmu.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mPlugin.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\T8HTML.DLL
C:\Users\Ferreira Family\AppData\Local\Google\Chrome\User Data\Default\Default\aadhddddgcdidgdbdedbdcdcdediddgf\background.js
C:\Users\Ferreira Family\AppData\Local\Google\Chrome\User Data\Default\Default\aadhddddgcdidgdbdedbdcdcdediddgf\ContentScript.js
C:\Users\Ferreira Family\AppData\LocalLow\D403.tmp.dat
C:\Users\Ferreira Family\AppData\LocalLow\D404.tmp
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\9c280d90-34ad-49ca-b231-e331aaf99bbaad\cdadcabeaafbbaad.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA3LH8DI.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA9QNTCC.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAAPZEWF.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1B8V4P.js
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LMNF8W4\foasgroup_com[1].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\334KE5MZ\iframe3[2].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSD4GYOY\iframe3[1].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA3LH8DI.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA9QNTCC.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAAPZEWF.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1B8V4P.js
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LMNF8W4\foasgroup_com[1].htms
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\334KE5MZ\iframe3[2].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSD4GYOY\iframe3[1].htm
ClearJavaCache::

In Notepad, click: File (upper left) > Save As...
Save the file to the Desktop
Name it: CFScript.txt
Click: Save

Both the CFScript.txt and the ComboFix program icon must be on the Desktop, or this will not work.

Make sure all AntiVirus and AntiMalware programscontinue to be disabled, so they do not interfere with the running of ComboFix.

Now, drag the CFScript.txt into ComboFix.exe as depicted below:



This action starts ComboFix again.

If the porgram asks to reboot, please do so.
When done, pease attach the new Combofix.txt in your reply.


Part II:
Also, you can remove the following:
1. PC Scan and Repair:
Please go to: Start > Control Panel > Programs and Features, and in the list of installed programs, look for entries like:
PC Scan and Repair
Reimage PC Repair
Reimage Repair
Reimage Community
Select the program, and click: Uninstall
Pay attention to the uninstall process, just in case Reimage attempts to prompt for additional nuisance software.

2. PC Health Boost
Uninstall: How To Uninstall PC HealthBoost™ | PCHealthBoost.com

3. MGADiag



Part III:
Next, please download Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Temporarily disable such programs as shown, or permit them to allow the changes:
http://www.bleepingcomputer.com/forums/topic114351.html

Right-click the MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.

Make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click: Finish

MBAM automatically starts and you are asked to update the program.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.

On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.

Please copy/paste the entire contents of the MBAM report in your reply.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

thanks cb

No problem with that...I'll be out for a while also.

On the ESET Online Scanner...

It is my undertanding that in order to remove the malware, there needs to be a check next to the Remove found threats option in the Computer Scan Settings prompt:


This option should be selected by default. Apparently, this was not the case, or the setting was unchecked, to see what ESET finds. This is not bad idea, since there are situations when a false positive is detected.


-->> Instead of running ESET for a long while once again, used ComboFix to cut to the chase. <<--


If anyone runs the ESET Smart Security or ESET NOD32 Antivirus, the situation is different.
In the Threatsense Engine Parameter Setup, click Cleaning on the left pane, and, on the right pane, move the slider to the left or right to set the cleaning level (see image).

The different cleaning levels are No cleaning, Standard cleaning or Strict cleaning (used by most).

These levels determine the behavior of the ESET Smart Security or ESET NOD32 Antivirus when cleaning infected files.

Thanks for the reports, GilV37.

There is some Reimage showing, so let's make sure it is out of the game...

Please go to: Downloading HijackThis
Save to the Desktop.
Right-click and select: Run as Administrator
Accept the License Agreement if you decide to run the program.

When the HijackThis console opens, press the following button: Do A system scan and save a logfile
When done scanning, a log opens in Notepad, and also appears on your Desktop.
>>Please post the HijackThis log in your reply.<<


Again in HijackThis, access the Uninstall Manager as follows:

At tne HijackThis console:
Click: Config button > Misc Tools button > Open Uninstall Manager
Now, click oo: Save list... button and save to the Desktop
A Notepad opens with the information needed.
Please provide the contents of Uninstall list in your reply.