wireless_one

all seems good! I updated IE to IE11 and ran it a couple of times . . . .

thanks for the help . . .will let you know . . .

so far so good, but I have purposely not opened IE for fear of unleashing the Kracken again . . . looks like the last task was to fix that but will wait for confirmation.

here are the results! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014 02Ran by Kevin Barlay at 2014-01-16 08:45:16 Run:1Running from C:\Users\Kevin Barlay\Desktop\cleanup2Boot Mode: Normal ============================================== Content of fixlist:*****************Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No FileC:\Windows\system32\zkahe.cljC:\Windows\system32\ynwbri.zumC:\Windows\system32\udajgdh.egkC:\Windows\system32\mcirn.jskC:\Windows\system32\sxnaff.ccjC:\Windows\system32\zpcztzl.gawC:\Windows\system32\rjzq.lktC:\Windows\system32\qcsfkt.mxjC:\Windows\system32\dknbis.kyzC:\Windows\system32\hipa.wjnC:\Windows\system32\Drivers\zh-TWC:\Windows\system32\Drivers\zh-CNC:\Windows\system32\Drivers\tr-TRC:\Windows\system32\Drivers\th-THC:\Windows\system32\Drivers\sv-SEC:\Windows\system32\Drivers\ru-RUC:\Windows\system32\Drivers\ro-ROC:\Windows\system32\Drivers\pt-PTC:\Windows\system32\Drivers\pt-BRC:\Windows\system32\Drivers\pl-PLC:\Windows\system32\Drivers\nl-NLC:\Windows\system32\Drivers\nb-NOC:\Windows\system32\Drivers\ko-KRC:\Windows\system32\Drivers\ja-JPC:\Windows\system32\Drivers\it-ITC:\Windows\system32\Drivers\hu-HUC:\Windows\system32\Drivers\he-ILC:\Windows\system32\Drivers\fr-FRC:\Windows\system32\Drivers\fi-FIC:\Windows\system32\Drivers\el-GRC:\Windows\system32\Drivers\de-DEC:\Windows\system32\Drivers\ar-SAC:\Windows\system32\zh-TWC:\Windows\system32\zh-CNC:\Windows\system32\tr-TRC:\Windows\system32\th-THC:\Windows\system32\sv-SEC:\Windows\system32\ru-RUC:\Windows\system32\ro-ROC:\Windows\system32\pt-PTC:\Windows\system32\pt-BRC:\Windows\system32\pl-PLC:\Windows\system32\nl-NLC:\Windows\system32\nb-NOC:\Windows\system32\ja-JPC:\Windows\system32\it-ITC:\Windows\system32\hu-HUC:\Windows\system32\he-ILC:\Windows\system32\fr-FRC:\Windows\system32\fi-FIC:\Windows\system32\el-GRC:\Windows\system32\de-DEC:\Windows\system32\ar-SA ***************** HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.C:\Windows\system32\zkahe.clj => Moved successfully.C:\Windows\system32\ynwbri.zum => Moved successfully.C:\Windows\system32\udajgdh.egk => Moved successfully.C:\Windows\system32\mcirn.jsk => Moved successfully.C:\Windows\system32\sxnaff.ccj => Moved successfully.C:\Windows\system32\zpcztzl.gaw => Moved successfully.C:\Windows\system32\rjzq.lkt => Moved successfully.Could not move "C:\Windows\system32\qcsfkt.mxj" => Scheduled to move on reboot.C:\Windows\system32\dknbis.kyz => Moved successfully.C:\Windows\system32\hipa.wjn => Moved successfully.C:\Windows\system32\Drivers\zh-TW => Moved successfully.C:\Windows\system32\Drivers\zh-CN => Moved successfully.C:\Windows\system32\Drivers\tr-TR => Moved successfully.C:\Windows\system32\Drivers\th-TH => Moved successfully.C:\Windows\system32\Drivers\sv-SE => Moved successfully.C:\Windows\system32\Drivers\ru-RU => Moved successfully.C:\Windows\system32\Drivers\ro-RO => Moved successfully.C:\Windows\system32\Drivers\pt-PT => Moved successfully.C:\Windows\system32\Drivers\pt-BR => Moved successfully.C:\Windows\system32\Drivers\pl-PL => Moved successfully.C:\Windows\system32\Drivers\nl-NL => Moved successfully.C:\Windows\system32\Drivers\nb-NO => Moved successfully.C:\Windows\system32\Drivers\ko-KR => Moved successfully.C:\Windows\system32\Drivers\ja-JP => Moved successfully.C:\Windows\system32\Drivers\it-IT => Moved successfully.C:\Windows\system32\Drivers\hu-HU => Moved successfully.C:\Windows\system32\Drivers\he-IL => Moved successfully.C:\Windows\system32\Drivers\fr-FR => Moved successfully.C:\Windows\system32\Drivers\fi-FI => Moved successfully.C:\Windows\system32\Drivers\el-GR => Moved successfully.C:\Windows\system32\Drivers\de-DE => Moved successfully.C:\Windows\system32\Drivers\ar-SA => Moved successfully.C:\Windows\system32\zh-TW => Moved successfully.C:\Windows\system32\zh-CN => Moved successfully.C:\Windows\system32\tr-TR => Moved successfully.C:\Windows\system32\th-TH => Moved successfully.C:\Windows\system32\sv-SE => Moved successfully.C:\Windows\system32\ru-RU => Moved successfully.C:\Windows\system32\ro-RO => Moved successfully.C:\Windows\system32\pt-PT => Moved successfully.C:\Windows\system32\pt-BR => Moved successfully.C:\Windows\system32\pl-PL => Moved successfully.C:\Windows\system32\nl-NL => Moved successfully.C:\Windows\system32\nb-NO => Moved successfully.C:\Windows\system32\ja-JP => Moved successfully.C:\Windows\system32\it-IT => Moved successfully.C:\Windows\system32\hu-HU => Moved successfully.C:\Windows\system32\he-IL => Moved successfully.C:\Windows\system32\fr-FR => Moved successfully.C:\Windows\system32\fi-FI => Moved successfully.C:\Windows\system32\el-GR => Moved successfully.C:\Windows\system32\de-DE => Moved successfully.C:\Windows\system32\ar-SA => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-16 08:50:39)<= C:\Windows\system32\qcsfkt.mxj => Is moved successfully. ==== End of Fixlog ====

MWB log . . . Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.16.01 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 9.0.8112.16421Kevin Barlay :: COM-EX-KB2 [administrator] Protection: Disabled 1/16/2014 6:20:25 AMmbam-log-2014-01-16 (06-20-25).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 263468Time elapsed: 30 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

adwcleaner log . . # AdwCleaner v3.017 - Report created 15/01/2014 at 21:12:23# Updated 12/01/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : Kevin Barlay - COM-EX-KB2# Running from : C:\Users\Kevin Barlay\Desktop\cleanup\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Kevin Barlay\AppData\Local\AVG SafeGuard toolbarFile Deleted : C:\Windows\System32\Tasks\NCH Software ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Mozilla Firefox v3.6.11 (en-US) [ File : C:\Users\Kevin Barlay\AppData\Roaming\Mozilla\Firefox\Profiles\una71sz2.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Kevin Barlay\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6061 octets] - [10/01/2014 08:36:06]AdwCleaner[R1].txt - [5514 octets] - [14/01/2014 11:37:51]AdwCleaner[R2].txt - [1301 octets] - [15/01/2014 21:10:39]AdwCleaner[s0].txt - [6400 octets] - [10/01/2014 08:42:24]AdwCleaner[s1].txt - [5572 octets] - [14/01/2014 11:41:20]AdwCleaner[s2].txt - [1228 octets] - [15/01/2014 21:12:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1288 octets] ##########

re-ran script and FRST . . results attached . still no "addition.txt" file though . . FRST.txt ComboFix.txt

ohh, no "additions" log was found . .

logs attached . . thanks for the help! when we get done with this, can you share what we did different this time which is intended for this not to return? Thanks! FRST.txt ComboFix.txt

log attached cf.txt

What about what I asked about roguekiller?

screens of Rougekiller and options

when I hover over delete, it only refers to the registry files that are checked... I'm not given an option to delete, "rpcss.DLL"

There's no check box, but can highlight. Is that what you mean?

it seems like we do the same thing each time (replace the infected .dll) but it somehow keeps getting reinfected. is there another file that we need to delete/replace/modify?