think ive got a rootkit :(

[virusesscareme]

should i just remove the last line:C:\Windows\System32\msgPop.exe ?

[gringo_pr]

lets try it - I have removed that line

gringo

[virusesscareme]

still getting the message sadly

[virusesscareme]

ok i removed C:\Windows\System32\bcdboots.exe from the script and it worked ill try and delete C:\Windows\System32\msgPop.exe now

[virusesscareme]

no luck getting the error again

[gringo_pr]

Hello virusesscareme

:Avenger by Swandog:

• Download

Avenger by Swandog and unzip it to your Desktop.
Note: This program must be run from an account with Administrator priviledges.
Open the Avenger folder and double click Avenger.exe to launch the programme.
Copy the text in the code box below and Paste it into the Input script here: box.

Files to replace with dummy:
C:\Windows\System32\ProgramlicenseRequired.exe
C:\Windows\System32\bcdboots.exe
C:\Windows\System32\msgPop.exe

• Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  
• Ensure the following:
  
  • Scan for Rootkits is checked.
    
  • Automatically disable any rootkits found is Unchecked.
    

  [*]Press the Execute key.

  [*]Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.

  [*]Post the log back here please. (it can also be found at C:\avenger.txt)

Gringo

[virusesscareme]

wont let me do it getting errors.

I tried running combofix again and got up to deleting folders then the windows home and support tab opened up then it stopped i think maybe the tab that opens up maybe stalling combofix any idea how to disable it ?

[gringo_pr]

Hello virusesscareme

I want you to run FRST again but run it this way please

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• 
  
• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.

[*]It will make a log (FRST.txt)

Gringo

[virusesscareme]

Im not seeing any of this after tapping f8

• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

[virusesscareme]

I apologize i'm not too computer savvy

[virusesscareme]

when i click on repair computer it just loads windows like normal none of the options you mentioned above

[gringo_pr]

Hello

Lets try this and see if it will work.

Download the following three programmes to your desktop :

1. WiNTBootIc

2. Windows Vista RC

3. Farbar Recovery Scan Tool

Extract wintoboot to your desktop

Insert a USB drive of at least 1GB

Run Wintoboot

Drag and drop the Windows Vista ISO to the programme in the space indicated

Tick the Format box and accept the warnings

Press Do It

You will see it progressing

It will let you know when it is done

Then copy FRST to the same USB

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB

Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this.

Click repair my computer

Select your operating system

Select Command prompt

At the command prompt type the following :

notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[virusesscareme]

Hi Gringo no luck it says flashing failed

[gringo_pr]

Hello virusesscareme

first download FileASSASSIN and run the program

• copy and paste the following text into the text field
  

C:\Windows\System32\ProgramlicenseRequired.exe
C:\Windows\System32\bcdboots.exe
C:\Windows\System32\msgPop.exe

• Under "Attempt FileASSASSIN's method of file procesing" make sure all four boxes are checked
  Click on "execute"
  

restart the computer and let me know how things are

Gringo

[virusesscareme]

Hey Gringo

I ran it and it deleted C:\Windows\System32\ProgramlicenseRequired.exe and C:\Windows\System32\msgPop.exe no worries but got an error when trying to delete bcdboots.exe

An error occurred in function Delete file

FindRemoteFileHandles returned NULL value. This may affect deletion

of file. Please report this error to the FileASSASSIN support team.

[gringo_pr]

hello

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

• Download and save a copy of the latest Puppy ISO file
  
• Download and save a copy of Unetbootin for Windows.
  
• Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  
• Launch Unetbootin ....
  
• Ensure that Disk Image is selected.
  
• Using the browse button ... browse to and select the Puppy ISO file.
  
• Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  
• Click OK
  

Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

• Read HERE for instructions how to do this.
  

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

now navigate to this file and delete it

C:\Windows\System32\bcdboots.exe

gringo

[virusesscareme]

Hi Gringo im so sorry but im not sure which puppy thing to download it has all these different options

Parent Directory - devx_slacko_5.5.sfs 04-Mar-2013 12:40 104M devx_slacko_5.5.sfs.md5.txt 04-Mar-2013 12:40 54 puppylogo96.png 04-Mar-2013 21:41 17K release-Slacko-5.5.htm 04-Mar-2013 22:43 49K slacko-5.5-4G.iso 05-Mar-2013 00:24 165M slacko-5.5-4G.iso.md5.txt 05-Mar-2013 14:10 52 slacko-5.5-PAE.iso 05-Mar-2013 01:00 165M slacko-5.5-PAE.iso.md5.txt 05-Mar-2013 14:09 53 slacko96.png 02-Oct-2012 00:34 17K

[gringo_pr]

download this one - http://distro.ibiblio.org/pub/linux/distributions/puppylinux/puppy-5.2.8/lupu-528.005.iso

[virusesscareme]

also what am i taking a screen shot of ?

[gringo_pr]

don't worry about the screen shot - just try and delete the file

[virusesscareme]

Hi Gringo

I did it but when i try to boot from the usb its telling me that theres no os on there im sorry im terrible with computers

[gringo_pr]

is it still asking for access?

gringo

[virusesscareme]

Hi Gringo umm not sure what you mean nothing was asking for access it was just saying cannot boot from usb no os available also the usb i formatted and put the puppy iso files onto wont play movies in my dvd player anymore would it be because the unetbootin changed the usb ?

[gringo_pr]

Hello

ok but im still having a problem a when im disconnected from the internet my firewall blocks a program called bcdboots.exe from running its saying it want unlimited access to the pc it hasnt been digitally signed so it doesnt know where its come from i tried to delete it but it said the file is no longer there

is bcdboots.exe still trying to get access?

[virusesscareme]

Yes unfortunately. i had a thought i'm booting the pc from cd even though there's no cd in the drive because it freezes at the bios screen when i try to boot from hdd could that be what it is ?