kevinf80

No need to apologize, computers can be very frustrating for anyone, What if I ask you to create a rescue CD that can be used to remove infections form outside of Windows. To do this an ISO file is downloaded to your PC, or better still another PC that has no issues, that file is then burnt to a CD. That CD will have its own operating system to boot the infected PC, it does contain tools to kill certain infections. I have a set of instructions with images I can post for you to look at.. If you think that maybe difficult for you maybe we can try a tool by Malwarebytes called MBAR, that will also have written instructions and images, we can try to download and run that directly on the infected PC... Tell me what you want to do..

Hello and P2P/Piracy Warning: Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin

Adobe and Java Updates... Adobe Reader is outdated... Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader Step 1 - Select your Operating System. Step 2 - Select your Langauge. Step 3 - Select latest version. Untick the option for any security scanner or toolbar if offered. Download and install. Having the latest updates ensures there are no security vulnerabilities in your system. Next, Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required. There maybe an offer of Google Chrome etc, untick those options if offered... Let me know if you have any remaining issues or concerns... Kevin

I do not understand the issue you have with Malwarebytes, do you have the Professional or Free version... Please download RogueKiller from here: http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version Make sure to get the correct version for your system. Quit all running programs Please disconnect any USB or external drives from the computer before you run this scan! For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... The following EULA will appear, please select accept Ensure MBR scan, Check faked and AntiRootkit are checked Select Scan When the scan completes select Report, copy and paste that to your reply. The log should be found in RKreport[?].txt on your Desktop Exit/Close RogueKiller

Hello Freda, Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, There are two Security Systems installed, AVG and Microsoft Security Essentials. You need to remove one of those ASAP, I recommend you keep MSE and remove AVG. Use AVG removal tool available here: http://www.avg.com/us-en/utilities Next, Run Malwarebytes Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, Make sure that everything is checked, and click Remove Selected on any found items. Post the log... Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document Let me see those logs, also let me know if you have any remaining issues or concerns... Kevin fixlist.txt

Hello and P2P/Piracy Warning: Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin......

Do you still need help, can you post the requested logs from AdwCleaner and FRST

Hello and P2P/Piracy Warning: Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post those logs..

I`ve uploaded that file to Virus Total, no issues reported, check following link, does that help you https://www.virustotal.com/en/file/ff000279772240b2ce07a0bb5de2b31b712301fc70dad0910011efdf585399dc/analysis/1382782942/

I`m not sure what you mean, have you bought Malwarebytes, do you have a license key. Go to the following link for help if that is what you mean: https://helpdesk.malwarebytes.org/entries/23290181-How-do-I-activate-my-Free-version-of-Malwarebytes-Anti-Malware-

Any remaining issues or concerns?

Apologies, do not run Combofix, is not compatible with W8. 1.Download Malwarebytes Anti-Rootkit from this link: http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop) 3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process. 12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder: System - log Mbar - log Date and time of scan will also be shown Thanks, Kevin...

OK, run the following: Download Combofix from the following link :- http://download.bleepingcomputer.com/sUBs/ComboFix.exe Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended. *EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted) Post the log in next reply please... Kevin

What do you not understand, you have ran a scan with Malwarebytes and it produces a log. All the found malicious entries have "No action taken" That means you took no action, you have to instruct Malwarebytes to remove those bad entries... If you do not do that they are not removed...

Download OTM from either of the following links and save to your Desktop: http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles :FilesC:\Program Files\FLVPlayerC:\Program Files\UninstallerC:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CAG4TT5G\baqkyupnl_2razbave_info[1].htmC:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GFMJX8TX\evwgrucntzm_3razbave_info[1].htmC:\Users\IronDragon\Desktop\Tools\keygen.exeC:\Users\IronDragon\Desktop\Tools\Grfx&Audio stuff\Random Program Files and Plugins\SetupImgBurn_2.5.7.0.exeC:\Users\IronDragon\Downloads\ARO2013_tbt.exeE:\Movies\GraboidVideoSetup-2.03b-Complete.exeE:\Tools n Stuff\Goldwave\keygen.exe:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Next, Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe Important - Save it to your desktop. Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7). Give permission if necessary, and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify the file saved. Please run the program once only. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

I do not see any reason for any of those entries to start at boot, highlight each one in turn then select "disable" from right hand pane. re-boot your PC when finished, what is the response time, any improvement...

There is absolutely no need to respond like that, I`m here to help you. If you do not understand the instructions I post, tell me that, I will do my best to try and simplify the instructions if I can. I definitely do not have any type of bad attitude, It is not my nature to jump on anyone as you say. If you do not have access to something I ask for, just tell me.... What do you want me to do, continue or close out...

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself.. OK, we continue: Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop. Double click icon to start the program. If you are using Vista or Windows 7 accept UAC Then Click the big button. You will get a prompt saying "Begining Cleanup Process". Please select Yes. Restart your computer when prompted. This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted. Next, Create a new restore point: 1. Right-click on Computer and go to Properties. 2. Next click on the System Protection link. 3. The System Properties dialog screen opens up and you will want to click on Create. 4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create. 5. You should see the message "The restore point was created successfully To remove all but the most recent restore point do the following: 1. Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup. 2. If prompted, select the drive that you want to clean up, and then click OK. 3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. 4. If prompted, select the drive that you want to clean up, and then click OK. 5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up. 6. In the Disk Cleanup dialog box, click Delete. 7. Click Delete Files, and then click OK. Re-Boot your PC. Do you have any remaining issues or concerns? Kevin fixlist.txt

The log shows "no action taken" on the found entries, have you left it that way?

Revert back to Normal boot option, then do the following: I see you have CCleaner installed, open that program then Select > Tools > Start up > Windows tab. The start up list for non MS entries will populate. Look to the bottom right hand corner, "Save to text file" tab will be there, select that option, copy/paste that log to next reply...

Your system has ZeroAccess infection, this is quite nasty and will try to protect itself from many tools we try to run. It will remain very much active when ever Windows is loaded. I did ask that you run FRST via USB stick from the Recovery Environment, that method did give us a better chance to kill the infection. Unfortunately you do not have that option available. In reply #36 you continue with criticism towards me... When an infection such as ZeroAccess remains undetected your system may appear OK, one of ZA primary functions is to harvest data from you, many times that maybe anything with financial implications. It aint looking to do good things. As we make inroads it starts to fight back and will try to mess up your system. You came to this forum with the infection on your system, that is not my fault. As you will not let me help it is pointless trying to continue...

Download OTM from either of the following links and save to your Desktop: http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles :FilesC:\Program Files (x86)\Coupon Companion PluginC:\Users\Crystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SKAKZSPY\metrics[1].htmC:\Users\Crystal\AppData\Local\Temp\ICReinstall\cnet2_prismpsetup_exe.exeC:\Users\Crystal\AppData\Local\Updater21804\Updater21804.exeC:\Users\Crystal\Downloads\cnet2_prismpsetup_exe.exe:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Post that log, let me know if you have any remaining issues or concerns... Kevin

Go here http://support.microsoft.com/kb/929135 follow the instructions to run a clean boot, let me know how your system responds in that state...

Yes please, but make sure Remove found threats is unticked.

Thanks for those logs, do the following: Adobe Reader is outdated... Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader Step 1 - Select your Operating System. Step 2 - Select your Langauge. Step 3 - Select latest version. Untick the option for any security scanner or toolbar if offered. Download and install. Having the latest updates ensures there are no security vulnerabilities in your system. Next, Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required. There maybe an offer of Google Chrome etc, untick those options if offered... Next, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Upgrading Java: Go to http://java.com/en/ and click on "Do I have Java" It will check your current version and then offer to update to the latest version Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it. ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. Make sure the following outdated versions are removed: Java™ 6 Update 22 Java™ 6 Update 31 Java 7 Update 25 When those steps complete do this: We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Kevin....