I think I might need some help... - Infected computer once more.

[Naathim]

Sure thing

 

As it has been some time, post me a fresh FRST scan report

[Zeus154]

Here is the FRST.log.

FRST.txt

[Dakeyras]

Hi.

I will be assisting you for the duration of Naathim's absence...

Before we proceed any further can you provide myself with a brief update about your machines overall performance now and if any particular issues are remaining, thank you.

[Zeus154]

Well, my machine is working relatively fine. There

 

If I am going to talk about some minor quirks, there are audio issues though; If I were to play a game, in some cases, Windows media player cannot play music, and gives me an error. With the game launched, Youtube doesn't really play its audio, or even function properly. After I quit playing, both seem to work fine. This issue came recently, about a few days ago. Not sure if there are any underlying technical issues, but I am not sure if this is the correct forum to really post this.

 

Just throwing that out there. Again, the machine works fine, thanks to Naathim, and the Malwarebytes community.

[Dakeyras]

Hi.

Acknowledged and thanks for the update, lets proceed as follows shall we...

Next:

Do you have a Windows 7 64 Bit Installation DVD or not ? If the latter please follow the advise in this tutorial:-

How to create a Windows 7 Startup Repair Disk

As we may need to make use of the Installation DVD and or Startup Repair Disk...

TFC(Temp File Cleaner):

• Please download TFC to the desktop,
• Save any unsaved work. TFC will close all open application windows.
• Right-click on TFC.exe and select Run as Administrator to run the program.
• Click the Start button in the bottom left of the GUI(graphical user interface)'
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner and save to your desktop.

Alternate downloads are here and here.

• Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
• Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
• Please be patient as the scan may take some time to complete depending on your system's specifications.
• Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
• Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
• Save this to your desktop and post the contents in your next reply.
• Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

Topic reopened per user request

[Zeus154]

Hi.

Acknowledged and thanks for the update, lets proceed as follows shall we...

Next:

Do you have a Windows 7 64 Bit Installation DVD or not ? If the latter please follow the advise in this tutorial:-

How to create a Windows 7 Startup Repair Disk

As we may need to make use of the Installation DVD and or Startup Repair Disk...

TFC(Temp File Cleaner):

• Please download TFC to the desktop,
• Save any unsaved work. TFC will close all open application windows.
• Right-click on TFC.exe and select Run as Administrator to run the program.
• Click the Start button in the bottom left of the GUI(graphical user interface)'
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner and save to your desktop.

Alternate downloads are here and here.

• Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
• Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
• Please be patient as the scan may take some time to complete depending on your system's specifications.
• Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
• Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
• Save this to your desktop and post the contents in your next reply.
• Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.

 

 

No I have encountered another problem; when trying to make a recovery disc, I receive an error.

 

"System repair disc could not be created. The parameter is incorrect. (8x80070057)."

 

What should I do?

[Dakeyras]

Hi.

with regards to this you mentioned:-

 

System repair disc could not be created. The parameter is incorrect. (8x80070057).

This most likely will not be something malicious related but rather because your machine appears to be a HP modal and or something else is actually hindering recdisc.exe from working correctly. We will address this in due course once I am satisfied your machine is malware free.

So please proceed with my prior instructions from TFC(Temp File Cleaner): onwards and we will then go from there, thank you.

[Zeus154]

Here you go, Dakeyras.

 

The scan pulled in a couple malware objects. Will be awaiting further instructions.

PCloudCleaner.LOG

[Dakeyras]

Hi.

 

The scan pulled in a couple malware objects. Will be awaiting further instructions.

We will deal with some of the results as follows and perform a few checks also.

Custom FRST Script:

• Open notepad. P
• Now please copy the contents of the code-box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

  StartReg: Reg Delete "HKCU\SOFTWARE\INSTALLCORE" /FReg: Reg Delete "HKCU\SOFTWARE\INSTALLCORE." /FEnd

• Save it to your Desktop as fixlist.txt
• Now right-click on FRST.exe and select Run as Administrator to start FRST.
• Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
• A log will now open named Fixlog and it will also be on the desktop >> close FRST.
• Post the contents of the aforementioned in your next reply.

  Note: If FRST advises there is a new update to be downloaded, do so/allow this.

  Check Hard Disk For Errors:

• Open notepad.
• Now please copy the contents of the code-box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

  @Echo offcmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"del %0

• Go to File >> Save As
• Save File name as Dakeyras.bat
• Change Save as Type to All Files and save the file to your Desktop.
• It should look similar to this:

  Now right-click on the desktop CHD.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

  A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

  Windows 7 - System File Checker:

• Click on Start(Windows 7 Orb).
• Click on All Programs >> Accessories
• Right click on Command Prompt and select Run as Administrator.
• Click on Continue/Yes at the UAC prompt.
• At the Command Prompt C:\Windows\System32> type in the following exactly:
• cd c:\
• Then depress the Enter/Return key, then type in the following exactly:
• sfc /scannow
• Then depress the Enter/Return key.

  Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing exit then depress the Enter/Return key.

  Next:

  When completed the above, please post(do not attach any logs) back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• FRST Log from the Custom Script.
• Check Hard Disk For Errors Log.

[Zeus154]

Here are the results.

 

 

FRST Fix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01

Ran by unruh at 2014-10-07 22:34:38 Run:7

Running from C:\Users\unruh\Desktop

Loaded Profile: unruh (Available profiles: unruh)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

Reg: Reg Delete "HKCU\SOFTWARE\INSTALLCORE" /F

Reg: Reg Delete "HKCU\SOFTWARE\INSTALLCORE." /F

End

*****************

 

 

========= Reg Delete "HKCU\SOFTWARE\INSTALLCORE" /F =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= Reg Delete "HKCU\SOFTWARE\INSTALLCORE." /F =========

 

ERROR: The system was unable to find the specified registry key or value.

 

 

========= End of Reg: =========

 

 

==== End of Fixlog ====

 

CheckHD

The type of the file system is NTFS.

Volume label is HP.

 

WARNING!  F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

File verification completed.

  6641 large file records processed.                                   

 

  0 bad file records processed.                                     

 

  4 EA records processed.                                           

 

  61 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 3)...

Index verification completed.

  0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

Security descriptor verification completed.

  75786 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

The Volume Bitmap is incorrect.

Windows found problems with the file system.

Run CHKDSK with the /F (fix) option to correct these.

 

 963724287 KB total disk space.

 860234832 KB in 640125 files.

    322460 KB in 75787 indexes.

       224 KB in bad sectors.

    922339 KB in use by the system.

     65536 KB occupied by the log file.

 102244432 KB available on disk.

 

      4096 bytes in each allocation unit.

 240931071 total allocation units on disk.

  25561108 allocation units available on disk.

[Dakeyras]

Hi.

If I may ask why the prolonged delays between a posted response from your good self ?

Next:

Going back to the problem creating a Start-Up Repair Disk. Whilst this is not malicious and most likely due to your machines vagaries as mentioned prior, trying to pinpoint the exact issue blocking recdisc.exe could be akin to attempting to find the proverbial needle in a haystack. So if the need we can access the aforementioned via the Advanced Boot Options.

However if you have never created any form of Recovery Media my friendly advice would be to do so as explained in this HP Consumer Support Topic.

Next:

Your machine's main hard-drive could do with some in-depth maintenance which we will address...

Hard-Drive Maintenance/Repair:

Run TFC again as per my prior instructions in post #30, then...

• Click on Start(Windows 7 Orb).
• Click on All Programs >> Accessories
• Right click on Command Prompt and select Run as Administrator.
• Click on Continue at the UAC prompt.
• At the Command Prompt C:\Windows\System32> type in the following exactly:
• CD C:\
• Then depress the Enter/Return key, then type in the following exactly:
• DEFRAG C: -F
• A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
• This may take some time, when completed the Command Prompt C:\ > will appear.
• Now type in CHKDSK C: /R and hit the Enter/Return key.
• When prompted with:

CHKDSK cannot run because the volume is in use by another process

Would you like to schedule this volume to be checked next time the system

restarts (Y/N)

• Hit the Y key then at the Command Prompt C:\ >
• Type in EXIT and hit the Enter/Return key.
• Now Reboot(Restart) your computer.

Note: The above commands to be entered are not case sensitive. Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Next:

Let myself know when completed the above/answer to my query and if any further issues remaining, thank you.

[Zeus154]

Everything is scanned.

 

What is the next step? I'll be awaiting for further instructions.

[Dakeyras]

Congratulations your computer appears to be malware free!

Clean-Up with DelFix:

Please download DelFix to your desktop

• Right-click on delfix_10.8.exe and select Run as Administrator to launch the application.
• Referring to the image below, select all available options:

• Then click on Run.
• Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
• The log can also be located at the root of the system drive, C:\DelFix.txt.
• After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.

Now some advice for on-line safety:

The below is worth reading/bookmarking for future reference:

Computer Security - a short guide to staying safer online

Next:

Any questions? Feel free to ask, if not stay safe!

[Zeus154]

Here you go.

 

# DelFix v10.8 - Logfile created 15/10/2014 at 15:39:22

# Updated 29/07/2014 by Xplode

# Username : unruh - UNRUH-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\Qoobox

Deleted : C:\JRT

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\unruh\Desktop\FRST-OlderVersion

Deleted : C:\ComboFix.txt

Deleted : C:\TDSSKiller.2.8.16.0_28.06.2013_15.42.55_log.txt

Deleted : C:\TDSSKiller.2.8.16.0_28.06.2013_21.39.39_log.txt

Deleted : C:\TDSSKiller.3.0.0.40_03.09.2014_18.05.49_log.txt

Deleted : C:\TDSSKiller.3.0.0.40_03.09.2014_18.11.13_log.txt

Deleted : C:\Users\unruh\Desktop\Addition.txt

Deleted : C:\Users\unruh\Desktop\AdwCleaner(1).exe

Deleted : C:\Users\unruh\Desktop\AdwCleaner[s2].txt

Deleted : C:\Users\unruh\Desktop\Defogger.exe

Deleted : C:\Users\unruh\Desktop\defogger_disable.log

Deleted : C:\Users\unruh\Desktop\defogger_enable.log

Deleted : C:\Users\unruh\Desktop\Fixlog.txt

Deleted : C:\Users\unruh\Desktop\FRST.txt

Deleted : C:\Users\unruh\Desktop\FRST64 (1).exe

Deleted : C:\Users\unruh\Desktop\JRT.exe

Deleted : C:\Users\unruh\Desktop\JRT.txt

Deleted : C:\Users\unruh\Desktop\tdsskiller.exe

Deleted : C:\Users\unruh\Desktop\TFC.exe

Deleted : C:\Users\unruh\Downloads\adwcleaner.exe

Deleted : C:\Users\unruh\Downloads\ComboFix.exe

Deleted : C:\Users\unruh\Downloads\Defogger.exe

Deleted : C:\Users\unruh\Downloads\esetsmartinstaller_enu(1).exe

Deleted : C:\Users\unruh\Downloads\esetsmartinstaller_enu.exe

Deleted : C:\Users\unruh\Downloads\FRST.txt

Deleted : C:\Users\unruh\Downloads\FRST64.exe

Deleted : C:\Users\unruh\Downloads\FSS.exe

Deleted : C:\Users\unruh\Downloads\FSS.txt

Deleted : C:\Users\unruh\Downloads\rkill.com

Deleted : C:\Users\unruh\Downloads\tdsskiller.exe

Deleted : C:\Windows\grep.exe

Deleted : C:\Windows\PEV.exe

Deleted : C:\Windows\NIRCMD.exe

Deleted : C:\Windows\MBR.exe

Deleted : C:\Windows\SED.exe

Deleted : C:\Windows\SWREG.exe

Deleted : C:\Windows\SWSC.exe

Deleted : C:\Windows\SWXCACLS.exe

Deleted : C:\Windows\Zip.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #1066 [scheduled Checkpoint | 10/12/2014 13:07:13]

Deleted : RP #1067 [installed DirectX | 10/12/2014 17:50:01]

Deleted : RP #1069 [Windows Update | 10/15/2014 06:14:49]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

 

I think that I am good to go! Thank you both for your help!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!