Just a mention here - the 2 hits in MBAM were quarantined by ADWCleaner already.
MBAM logs looks good; HMP log looks good; RKILL log makes me think we might want to run a system file check to fix some bad images in your OS.
Please open an admin command prompt and enter
Notice the space preceding the forward slash.
We're looking for the result "
No integrity violations found". If it's anything other than that, please reboot, run it again, rinse and repeat. If you still have no luck with the scan results, please grab a log so we can have a look at the problem(s) in detail:
Open an admin command prompt and type:
Code:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
This will place a text file on your desktop called
sfcdetails.txt. (Note: If you have relocated your user files, you may have to manually find this file.) Please upload the file and PM me when that is completed, as I am not around at present.
For the step 24 (certificates):
Sounds to me like that cert will be found on your system since that's the infection we identified. I'd like you to please verify that cert is not found:
Type
certmgr in the search box and click on
Manage Computer Certificates.
Expand
Trusted Root Certification to show the sub-folder
Certificates.
In the right pane, scroll all the way down -
www.cloudguard... should be at the very bottom (it's alphabetical).
Note: If you are not sure how to reset
ALL browsers on the system, or how to turn off browser syncing, please ask and we'll be happy to provide instructions.
Please be sure to flush your DNS after clearing cache, resetting, etc.: at an admin command prompt:
Open your NICs' properties one at a time, and make sure your DNS is set to dynamic, or use
OpenDNS DNS servers:
Control Panel>Network and Sharing Center>Change Adapter Settings
right-click on each NIC (Network Adapter), select Properties, highlight IPv4, select Properties to verify/change:
It's my understanding that DNSUnlocker may have modified these settings.
Also, please be careful as to what extensions you add to your browsers, as it appeared one of them was a problem.
Cheers!