kevinf80

Hello and P2P/Piracy Warning: Next, There are 3 security systems installed on your system, MSE, AVG and Norton. That is counterproductive, you must uninstall two of those at your earliest convenience.. If you see the ransomware screen select Alt and F4 keys together, you should get the option to close that service, do so then run your AV and then Malwarebytes. If possible run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin

What is this service: Expat Shield Monitoring Service what does that do? What is this service: Garmin.Cartography.MapUpdate.CoreService.exe what does that do? Both above are generating many errors. What is happening with your browsers at present, Turn off your PC, turn off your Router and leave Router off for one full minute. Turn on Router, wait until lights stabilize then re-boot PC... any change?

Hello and P2P/Piracy Warning: Next, You appear to have run Combofix, do you have that log? will be here C:\Combofix.txt Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin

Windows 7 all versions are compatible with Microsoft Security Essentials, ok let me know if Avast installs correctly, also do a scan and see what that shows. If all is good we can clean up.. Kevin

The two entries in TDSSKiller log are classed as suspicious because the driver is unsigned, i`ve checked the MD5 info and both are clean. We see no infection on your system with the tools used. We`ve set browsers to defaults with Zoek, even tried Firefox in safe mode, you confirm you are still unable to surf internet. This is odd, as you seem to be downloading tools OK. Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump Files List Restore Points Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

There are no virus in RK log, is clean... Run the following: download the latest version of TDSSKiller from here: http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Put a checkmark beside loaded modules. A reboot will be needed to apply the changes. Do it. TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs. Then click on Change parameters in TDSSKiller. Check all boxes then click OK. Click the Start Scan button. The scan will be quick. If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options. Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

RogueKiller log is good, no issues. Close all browsers, select start, into the search box either type or copy/paste firefox -safemode tap enter. Firefox will start in Safe mode, what happens in that mode any improvement?

Continue with the following: Please download RogueKiller from here: http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 64 bit version Make sure to get the correct version for your system. Quit all running programs Please disconnect any USB or external drives from the computer before you run this scan! For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... The following EULA will appear, please select accept Ensure MBR scan, Check faked and AntiRootkit are checked Select Scan When the scan completes select Report, copy and paste that to your reply. The log should be found in RKreport[?].txt on your Desktop Exit/Close RogueKiller

Revert back to Normal boot status, let me know how your system responds..

When you have unseen problems that are not related to Malware often it can be a software issue. When running in a clean boot state all none Microsoft services are on hold, not running. If your system responds well in that state it is a matter of finding the service that caused the problem, do you understand that reasoning? If so go back to the clean boot instructions and follow them, If the clean boot fixes the issue do the following: Repeat as you did to set a Clean boot, ensure all MS services are hidden, enable half of the non MS services then re-boot. If the issue does not return do exactly the same again, this time only enable the bottom half of non MS services. If the issue returns we know the issue is in the bottom half, so you now repeat again but only enable half of the bottom half. Keep doing that until you isolate the rogue service. Do you understand what is needed, Kevin...

What is the status of your system, what issues/concerns remain. Did you follow instructions from reply #36... Cheers, Kevin

I do not see an Anti-virus program, that is risky business. Download and install Microsoft Security Essentials from the following link: http://www.microsoft.com/en-gb/download/details.aspx?id=5201 When installation is complete check for updates and run a Quick scan, let me know if anything is found... Also tell me if you have any remaining issues or concerns, if none we can clean up... Kevin

See if you can perform a clean boot, lets see how the system responds in that mode. Instructions at following link: http://support.microsoft.com/kb/929135 Expand the option for your version of Windows...

OK, thanks...

FSS log does not indicate any problems with the internet connection, ok continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. emptyclsid;firefoxlook;FFdefaults;Chromelook;CHRdefaults;autoclean;iedefaults;filesrcm;startupall; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply….. Next, Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe Important - Save it to your desktop. Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7). Give permission if necessary, and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify the file saved. Please run the program once only. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, Make sure that everything is checked, and click Remove Selected on any found items. Post the produced log Let me see those logs, also tell me what issues/concerns remain.. fixlist.txt

This is very frustrating for sure, again we see clean logs, FRST does have an anomaly we can look at that shortly. Regarding Alureon, couple of the tools we`ve already run would normally show that infection. Run this please: Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Regarding Alureon, as I said tools we`ve already run normally identify that infection. However, run this: Please download the latest version of TDSSKiller from here: http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Put a checkmark beside loaded modules. A reboot will be needed to apply the changes. Do it. TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs. Then click on Change parameters in TDSSKiller. Check all boxes then click OK. Click the Start Scan button. The scan will be quick. If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options. Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Kevin.....

What is the status of your system now, any remaining issues or concerns? Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Kevin...

Post Zoek log when you`re ready. Let me know if the IP issue persists

Removal tool for Microsoft Security Essentials is here: http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/ Next, Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, 1.Download Malwarebytes Anti-Rootkit from this link: http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop) 3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process. 12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder: System - log Mbar - log Date and time of scan will also be shown Kevin fixlist.txt

Hello and P2P/Piracy Warning: Next, There are two security systems running with anti-virus components F-Secure and Microsoft Security Essentials, That is not good, you must remove one asap. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin...

Hello and P2P/Piracy Warning: Next, Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post those logs...

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into (Delete the previous one). NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Kevin... fixlist.txt

Excellent, if no remaining issues do the following: We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself.. OK, we continue: Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Uninstall adwcleaner.exe Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Uninstall Click Yes at Would you like to Uninstall Adwcleaner Next, Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop. Double click icon to start the program. If you are using Vista or Windows 7 accept UAC Then Click the big button. You will get a prompt saying "Begining Cleanup Process". Please select Yes. Restart your computer when prompted. This will remove tools we have used and itself. Any tools/logs remaining on the Desktop or downloads folder can be deleted. Finanlly, Create a new restore point: 1. Right-click on Computer and go to Properties. 2. Next click on the System Protection link. 3. The System Properties dialog screen opens up and you will want to click on Create. 4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create. 5. You should see the message "The restore point was created successfully To remove all but the most recent restore point do the following: 1. Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup. 2. If prompted, select the drive that you want to clean up, and then click OK. 3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. 4. If prompted, select the drive that you want to clean up, and then click OK. 5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up. 6. In the Disk Cleanup dialog box, click Delete. 7. Click Delete Files, and then click OK. Re-Boot your PC. Let me know if those steps complete, also if any remaining issues or concerns... Kevin fixlist.txt

This is very frustrating, we make no progress... Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur Altenative mirror Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here: Temporarily disable Security Do not use your computer for anything else during the scan. Double click GMER.exe. If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO Then use the following settings for a more complete scan.. In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Click the image to enlarge it [*] Then click the Scan button & wait for it to finish. [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" [*]Save the log where you can easily find it, such as your desktop. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Please copy and paste the report into your Post. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin..

RogueKiller log is clean, no DNS entries flagged either. OK do the following: Run Zoek again exactly as you did previously, copy the following script into the text field: firefoxlook; FFdefaults;Chromelook; CHRdefaults;autoclean; iedefaults; Select the "Run Script" tab, wait until log is produced, copy to your reply. Let me know if that clears the IP issue.. Kevin