JimboDavis

Finally made it through! Thank you very much for your help, MrC. Comment duly left on the profile feed. Probably doesn't adequately express appreciation, though Jim

They are just about done. The OTL cleanup has run and the computer is rebooting. I should get a message soon saying that they finished the checklist. Thanks for all your help! Jim

Looking that list over, I am inclined to have them uninstall Java Runtime, then update Adobe Reader and IE. What are your recommendations? Jim

Here's the results: Results of screen317's Security Check version 0.99.63 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Online Scanner `````````Anti-malware/Other Utilities Check:````````` AntiSpyware CCleaner Java 2 Runtime Environment, SE v1.4.2_03 Java version out of Date! Adobe Reader 7 Adobe Reader out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 8% ````````````````````End of Log`````````````````````` Jim

Interesting - when I had them turn Avast back on, it said that they needed to re-register. We made it through that process. They should be running Security Check now. Jim

When I talked to them I realized that their antivirus program (Avast) isn't running. Should it be running before we run Security Check? Jim

I'll try to remember to post, not attach the results.

Okay - passing the instructions along. I was swamped Saturday, and yesterday they were busy. We're back at it today. Jim

They were busy, then they ran it twice. (Couldn't find the log file after the first run) Attached are both log files. Jim AdwCleanerR1.txt AdwCleanerR2.txt

I think they are going to rebel! Anyway - I'm passing this message along. Same routine, I'll let you know when I get something back. Jim

Just realized I didn't post my last comment. Sorry. Attached is the ComboFix file. ComboFix.txt

This is getting intense! I'm passing along the instructions - hope to be back to you soon.

Here are the logs from the second scan. It looks clean. system-log2.txt mbar-log2-2013-04-25 (17-42-47).txt

Sorry this took so long! Attached are the logs from the first scan. system-log.txt mbar-log-2013-04-25 (16-33-55).txt

The first scan is finished. They are rebooting and will run the second scan. Jim

Sorry - the only file I got was the one I attached. I have passed along these instructions. I'll let you know what I hear back. Jim

Whoops - that should have read RogueKiller.

They were finally able to get back to work on the computer this morning. Attached is the Roadkiller report. Jim RKreport4_D_04252013_02d1206.txt

I sent the instructions along. Hopefully we can get this done tonight.

The computer booted up normally. Thank you very much for your help and expertise. Attached is the fixlog.txt file. Jim Fixlog.txt

The friends are a couple of thousand miles away, so I'm not sure if I remember exactly what I told them. Basically I had them boot to the boot menu, then selected command prompt (w/o network support). They have a laptop which is running, so I had them download frst.exe and save it on a thumbdrive. They put the thumbdrive in the infected computer and ran f:\frst.exe and did "scan." I had them remove the thumbdrive and put it back in the laptop and asked them to email it to me. When I looked over the txt file I could see registry stuff I would delete, and files/folders that looked questionable. But since I am not at the computer I didn't want to take any chances. I will send them the fixlist.txt file and report back with a fixlog.txt file as soon as I can. Thanks Jim

These were my google search tems: ukash malware running in safe mode

I saw it on a couple of other messages on this forum that came up from a google search. http://forums.malwarebytes.org/index.php?showtopic=121717 I thought I could decipher it or find some instructions, but I got nervous and decided to ask for help. Jim

Friends got infected with Ukash malware. They are unable to boot in Safemode. I am trying to help them. I found items pointing to the Farbar Recovery Tool so I have had them run that. Attached is the FRST.txt file that was generated. They are running 32bit XP. Thank you for your help. Jim frst.txt