JefeTrat

Awesome, thanks again!

Everything seems to running working now. No weird programs running in the background, Windows is running correctly. Never dealt with a rootkit before, was driving me crazy trying to stop the process and always being denied access. Thanks a lot! Is there anything else I should do?

Ok, here's the fixlog Fixlog.txt

Ok, heres the files MWB 10-26-17.txt AdwCleaner[S8].txt FRST.txt Addition.txt

Here's the MWB log. I noticed it quarantined the files in those folders. I am wondering if I can just delete those folders and free up some hard drive space? Thanks MWB 25-10-2017.txt

Yes, I clicked cleanup and allowed it to reboot. Malwarebytes is now detecting the malware that was in those suspiciously named folders now. When it's done scanning I will upload the logs.

Got it to run in the command prompt mode. It found 1 malicious software. Attaching logs below. Going to do step 7 and run MalwareBytes custom scan with rootkit on. mbar-log-2017-10-25 (23-24-18).txt system-log.txt

Ok, changed USB port and keyboard started working. Entered command prompt, will update.

Well it would not run at all from Safe Mode, I was able to get MBAR 1.10.2.1002-nr to extract by clicking really fast. When I ran it, it gave me the first error about the DDA driver, so I had it restart. Looked like the photo with the black screen, and it gave a second error so I attempted to get into the Recovery Environment. When I choose the option respiratory your computer, my keyboard stops receiving power and will not take any inputs, mouse still works though. I typed in thr bcdedit.exe /set {bootmgr} displaybootmenu yes and got: The boot configuration data store could not be opened. Access is denied.

Sorry for the late reply, forgot to follow the thread. I downloaded the MBAR, but when I try to extract it, it will pop up for a second before being closed. I am going to try it in Safe Mode w/o networking.

I was going through my /AppData/Local and found two folders with strange names and when I tried to open them I got access denied. I was able to look at them using WinDirStat and found that one 'csezron' was filled with adobe flash setup and shockwave flash setup and downloaded databases from websites. The other is in a folder 'msoxnzc' which is running several processes which I cannot end. I assume these are just junk names as I could not find any other information about them on the Internet. However, this process appears to downloading a bunch of files that are filling up my C:\ as well as doing who knows what else in the background. Attached are my MWB log and the FRST log. Thanks! Addition.txt FRST.txt MWB 19-10-2017.txt

Hello, So I got a virus from a download on 10/7. I restarted in Safe mode and had MalwareBytes go to work and it removed a lot of it, but it seems there are some remnants from that download or possibly before. Since then there is a RiskWare.Agent.E that keeps appearing in scans but is unable to be removed. Also Microsoft Security Essentials keeps finding a trojan Wonknod.A that it quarantines every hour but is unable to remove. I have tried deleting the folder (located in the Appdata/Local) and it says I do not have permission. Tried a bunch of different ways through the security tab to get permission, but it didn't help. Also since cleaning out the virus whenever I logon Windows 7 keeps prompting me that I may be using a counterfeit or not valid version (which it is). Other than these issues, everything else seems to running okay. Any help would be great! Thanks in advance! MBTS Log.txt FRST.txt Addition.txt

Thanks for the reply, I tried deleting the folder and re-downloading JRT, but the same error still came up. I used AdwCleaner and it's scan didn't find anything. I think there may be something messing with the access to the Temp folder as that is where the virus was installing a lot of bloatware. I'll post in the other forum and see if I can get some help there. Thanks for all the help you provide! Jefe

So I recently downloaded JRT version 8.1.4 to help get rid of a RiskWare.Agent.E that Malwarebytes finds and is unable to quarantine as well as a Wonknod.A that Microsoft Security Essentials keeps detecting but is unable to get rid of. When I run JRT as an administrator either in Normal or Safe Mode I get the following error. "Could not create file C:\Users\DRAC83~1.JEF\AppData\Local\Temp\jrt\clean_shortcut.vbs Access is denied.". My computer appears to be working alright after I cleaned out a virus yesterday except for Windows 7 saying it may not be valid (which it is). Any help is greatly appreciated. Cheers!