Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Oh yeah 1 last question what is the best free ad aware blocker you can recommend? I scanned with eset online scanner and I had a couple ad aware installers... thanks then feel free to close the thread...
  2. Okay... Sorry I didn't know... I don't need any more help anyways though because you ended up removing the Zero Access virus fully and it fixed Windows Defender! I also found a few other programs like TFC (Temp File Cleaner) and Eset Online Scanner! Thank you for your understanding.
  3. I replaced the user names with asterisks as that is personal information... I have a right too... I gave you the log so... can you please take a look at it for me? I put it on pastebin as it is a lot easier then for you.
  4. Okay I followed the video tutorial and removed the Zero Access left over registry keys... Windows Defender works now! Anything else you see that may be a virus? or that I should run before you close this topic?
  5. Okay here is the 2nd FRST.txt: http://pastebin.com/raw.php?i=m2gWTU5g What should I do about the Zero Access thing? Should I follow the instrucitons on the page that was listed?
  6. Okay here is the Roguekiller log... It mentioned something about "Zero Access" and linked me to a webpage: http://www.adlice.com/zeroaccess-removal-with-roguekiller/ Also I already posted the other 2 logs before lol... I still have them saved if you still need them. RogueKiller V8.7.1 _x64_ [Oct 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : ******* [Admin rights]Mode : Scan -- Date : 10/05/2013 15:03:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 8 ¤¤¤[RUN][ROGUE ST] HKUS\.DEFAULT\[...]\Run : 20090604 (C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.rpd") -> FOUND[RUN][ROGUE ST] HKUS\S-1-5-18\[...]\Run : 20090604 (C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe /r "C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.rpd") -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Standard disk drives) - WDC WD64 00AAKS-22A7B SCSI Disk Device +++++--- User ---[MBR] 18516f6067fcda58ed7c00e2d3df624f[BSP] e10c19537013babe50cba4b90ef42edc : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 603207 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1235576832 | Size: 4095 Mo3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1243963392 | Size: 3073 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[0]_S_10052013_150315.txt >>
  7. Yup just deleted the folder and the task scheduler task... It said it never ran before lol... So idk where it came from but doesn't matter now it's gone... Below are the contents of CKFiles.txt: CKScanner 2.4 - Additional Security Risks - These are not necessarily badc:\program files\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsarc:\program files\comicrack\changes.txtc:\program files\comicrack\comicrack.engine.display.forms.dllc:\program files\comicrack\comicrack.engine.dllc:\program files\comicrack\comicrack.exec:\program files\comicrack\comicrack.exe.configc:\program files\comicrack\comicrack.inic:\program files\comicrack\comicrack.plugins.dllc:\program files\comicrack\comicrack.urlc:\program files\comicrack\cyo.common.dllc:\program files\comicrack\cyo.common.presentation.dllc:\program files\comicrack\cyo.common.windows.dllc:\program files\comicrack\defaultlists.txtc:\program files\comicrack\icsharpcode.sharpziplib.dllc:\program files\comicrack\ironpython.dllc:\program files\comicrack\ironpython.modules.dllc:\program files\comicrack\license.txtc:\program files\comicrack\microsoft.dynamic.dllc:\program files\comicrack\microsoft.scripting.dllc:\program files\comicrack\microsoft.scripting.metadata.dllc:\program files\comicrack\microsoft.windowsapicodepack.dllc:\program files\comicrack\microsoft.windowsapicodepack.shell.dllc:\program files\comicrack\mysql.data.dllc:\program files\comicrack\newstemplate.htmlc:\program files\comicrack\readme.txtc:\program files\comicrack\sharpcompress.dllc:\program files\comicrack\sharppdf.dllc:\program files\comicrack\tao.opengl.dllc:\program files\comicrack\tao.platform.windows.dllc:\program files\comicrack\uninst.exec:\program files\comicrack\windows7.multitouch.dllc:\program files\comicrack\help\comicrack introduction.djvuc:\program files\comicrack\help\comicrack introduction.djvu.xmlc:\program files\comicrack\help\comicrack online manual.inic:\program files\comicrack\help\comicrack wiki.inic:\program files\comicrack\help\readme.txtc:\program files\comicrack\languages\cs-cz.zipc:\program files\comicrack\languages\de.zipc:\program files\comicrack\languages\el-gr.zipc:\program files\comicrack\languages\es.zipc:\program files\comicrack\languages\fi.zipc:\program files\comicrack\languages\fr.zipc:\program files\comicrack\languages\hr.zipc:\program files\comicrack\languages\hu.zipc:\program files\comicrack\languages\it.zipc:\program files\comicrack\languages\ja.zipc:\program files\comicrack\languages\nl-be.zipc:\program files\comicrack\languages\pl.zipc:\program files\comicrack\languages\pt-br.zipc:\program files\comicrack\languages\ru.zipc:\program files\comicrack\languages\sk-sk.zipc:\program files\comicrack\languages\tr.zipc:\program files\comicrack\languages\zh-cn.zipc:\program files\comicrack\languages\zh-hans.zipc:\program files\comicrack\languages\zh.zipc:\program files\comicrack\resources\7z.dllc:\program files\comicrack\resources\7z.exec:\program files\comicrack\resources\7z64.dllc:\program files\comicrack\resources\c44.exec:\program files\comicrack\resources\ddjvu.exec:\program files\comicrack\resources\djvm.exec:\program files\comicrack\resources\libdjvulibre.dllc:\program files\comicrack\resources\libjpeg.dllc:\program files\comicrack\resources\libtiff.dllc:\program files\comicrack\resources\libz.dllc:\program files\comicrack\resources\icons\ageratings.zipc:\program files\comicrack\resources\icons\ageratings_australia.zipc:\program files\comicrack\resources\icons\formats.zipc:\program files\comicrack\resources\icons\publishers.zipc:\program files\comicrack\resources\icons\special.zipc:\program files\comicrack\scripts\autonumber.pyc:\program files\comicrack\scripts\commitproposed.pyc:\program files\comicrack\scripts\newcomics.pyc:\program files\comicrack\scripts\otherscripts.pyc:\program files\comicrack\scripts\package.inic:\program files\comicrack\scripts\sample.pyc:\program files\comicrack\scripts\sample.xmlc:\program files\comicrack\scripts\searchandreplace.pyc:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.cppc:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.hscanner sequence 3.ZZ.11.TKAPJ0 ----- EOF -----
  8. okay... well if there is nothing that can be done for now then we are done for now uz I did solve my issue with the firewall thing and the other stuff cuz of system restore... Thank you for you help so far though! I wouldn't know even where to begin... never used that farbar thing before...
  9. Seriously I have never heard of AutoKMS before.... I can delete it if it means you can help me.. All I really wanted to know was if my PC is virus infected or not still and why my Windows Defender says its broke??? and that also explains why microsoft office never expires lol... I knew something must've been up with that...
  10. Okay I have all 4 log files attached. I took a look at them and I could see that windows defender says it is not working apparently... Idk if it has always been like this but I am pretty sure it is supposed to work?
  11. Hi thank you for your repsonse! Actually I was lucky enough to have a restore point before I got the virus! So my system is back in working order lol... If you think I should still do the Farbar scan thing then please tell me below.
  12. Oh yeah I forgot to mention I found another thread with similar Virus aftermath: http://forums.malwarebytes.org/index.php?showtopic=119681
  13. Okay so yesterday I unknowingly installed a virus onto my computer... This virus wouldn't allow me to delete it or anything... If I tried it would say "explorer.exe crashed" or something like that... I ended up using a program called Unlocker to delete it and then I scanned my computer twice with Malware Bytes, AVG, and Trend Micro Housecall. I am fairly confident the virus is removed now but what it left me with is very frustrating =( ... Now that the virus is gone I am left with some very concerning problems: 1. My Windows Firewall cannot be enabled, if I try to access it my PC says: "There was an error opening the Windows Firewall with Advanced Security snap-in". "The Windows Firewall with Advanced Security snap-in failed to load. Restart the Windows Firewall service on the computer that you are managing. Error code: 0x6D9". If I go to services.msc the "Windows Firewall" service isn't even listed on the page. 2. My Windows Defender cannot be started/found. 3. There is a problem in Windows Action Center. Now there may be other issues but I am unsure if there is... If someone can please help me out with this it would be very appreciated! If you would like a link to the download page of the virus I could give it to you as it is a RAR file but it will give you a VIRUS so.... I don't think that is such a great idea... Oh and I heard about a program called Sandboxie which I guess I will be using from now on if I ever install anything...
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.