michaelglew Posted January 11, 2015 ID:928456 Share Posted January 11, 2015 Hello Friends: Thank you for reading. I have had this is problem now for nearly a year. Anytime I attempt to click anywhere whether it be a link or a blank area on a page I am immediately assaulted with fraudulent "Your PC is Infected" pop ups. Sometimes I am allowed to exit out and continue working and other times I have to power off the PC just to regain control. It's now impossible to work around due to the constant disruptions. Scans performed usually locate a tracking cookie a two, but's that it. Meanwhile all my devices that connect to my home wireless now exhibit the same behavior. I need help! Thank you all in advance for any assistance. Michael Link to post Share on other sites More sharing options...
Blackbird Posted January 11, 2015 ID:928463 Share Posted January 11, 2015 Hi!Welcome to Malwarebytes' Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.An important WARNING to all individuals reading this topic:All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.General rules:From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware. Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours. Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.Rules about advices from me:The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer. It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs. Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop. If you have any problems while following my instructions, stop there and tell me the exact nature of the issue. Perform everything in the correct order. Sometimes one step requires the previous one. You can check here if you're not sure if your computer is 32-bit or 64-bit.Rules about posting results:Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me. Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer. Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.Things I want you to do before performing the steps below:Please enable your system to show hidden files: How to see hidden files in Windows. Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly. Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.-------------------------------------------------------------------------------------------------------------------------------------------------------Thanks in advance for keeping above rules in mind. Maybe they look like unnecessary rules, but practice teaches us they are needed to help.Now, let's continue with the steps you need to do:-------------------------------------------------------------------------------------------------------------------------------------------------------1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.Download Defogger and save it to your Desktop. Right-click Defogger.exe and select Run as Administrator. When the program has opened, click the Disable button. When Defogger asks for a confirmation, click Yes. Wait untill you get the "Finished" message. Click OK. When Defogger asks you to restart the system, please allow the program to do so immediately.When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply. You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.2. Download AdwCleaner and save it to your Desktop.Close all open windows. Right-click AdwCleaner.exe and select Run as Administrator. When the program has started, click the Scan button and wait untill the scan has finished. Make sure everything (on all tabs) is selected, and click the Clean button. It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this. After restart a logfile will appear. Please post the contents of that logfile in your next reply.3. Download Malwarebytes' Anti-Malware and save it to your Desktop.If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.Install the program, eventually using these instructions.3-A. Start Malwarebytes' Anti-Malware.On the Dashboard tab, click the Update Now button, to update the definitions to the latest version. Then click the Scan tab. Select Custom Scan and click the Start Scan button. In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan. Follow the instructions given by Malwarebytes' Anti-Malware. If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items. It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately. Save the logfile in txt-format and copy/paste it in your next reply. Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).4. Please read and perform the steps described on this page: I'm infected - What do I do now?.Post the logfile from Farbar Recovery Scan Tool into your next reply.5. Download GMER Rootkit Scanner and save it to your Desktop.NOTE: Windows 8 users can skip this step. GMER Rootkit Scanner isn't compatible with Windows 8. Don't run it.Right-click the GMER executable file (which's name will contain 8 digits/characters) and select Run as Administrator. If GMER warns you about possible rootkit activity and asks you to scan for rootkits, DON'T allow GMER to do so. Under "Files", put a checkmark next to Quick Scan. Remove the checkmark next to Show all. Now, click the Scan button. Note: This scan often provides False Positives in the scan results. Never fix anything found by Gmer, unless I instructed you to do so! If the scan's finished, click Save and save the log to your Desktop. Post GMER's logfile into your next reply.6. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6.Good luck! Link to post Share on other sites More sharing options...
michaelglew Posted January 11, 2015 Author ID:928553 Share Posted January 11, 2015 Hello Sir: Thank you for your help. I am compiling the logs for you now. One problem I am having is with GMER. I was not able to run the program, The windows error is cfo2ve76.ece has stopped working. I am running windows 7.Regards,Michael Link to post Share on other sites More sharing options...
Blackbird Posted January 11, 2015 ID:928555 Share Posted January 11, 2015 Hi, Just skip that step for now. Please go on with the other steps provided. Good luck! Link to post Share on other sites More sharing options...
michaelglew Posted January 11, 2015 Author ID:928571 Share Posted January 11, 2015 Hello: Here is what I have. Let me know if I missed anything. Thank you so much! Michael defogger_disable.logAdwCleanerR0.txtAdwCleanerS0.txtAddition_11-01-2015_14-05-05.txtFRST_11-01-2015_14-05-05.txtmalware1.txtmalware2.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 11, 2015 ID:928590 Share Posted January 11, 2015 Hi, 1. Go to Start > Control Panel.Once you're in Control Panel, click Uninstall a program.I advise you to delete the following programs as they can track your activities during browsing the internet:Bing BarGoogle Toolbar for Internet Explorer[*]Once removed, close all open windows. 2. Download RKill and save it to your Desktop.Right-click RKill.exe and select Run as Administrator.... If a Windows Security prompt shows up, please allow the program to start. The program will start immediately with it's tasks. When the program has finished, a logfile will appear.Please copy the contents of this logfile in your next reply. 3. Please download fixlist.txt to your Desktop.Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located! 4. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply. 5. Please delete fixlist.txt from your computer, if not already done by FRST. 6. Start Farbar Recovery Scan ToolIf asked, click Yes at the Disclaimer window. Click Scan once the program has opened. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. 7. Please give me an update on your PC problems. Also please include the logfiles from:RKillFarbar Recovery Scan Tool - using fixlist.txtFarbar Recovery Scan Tool - regular scan Good luck! Link to post Share on other sites More sharing options...
michaelglew Posted January 12, 2015 Author ID:928631 Share Posted January 12, 2015 Hi, Thanks again for the response. I receive numerous pop ups to upgrade flash and adobe, my screen is often locked while screen loads demanding immediate attention, navigating from page to page is nearly impossible, and my daughter received a new tablet and her new device already has similar problems as this one. MichaelRkill.txtFRST_11-01-2015_16-13-04.txtFRST_11-01-2015_16-17-19.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 12, 2015 ID:928634 Share Posted January 12, 2015 Hi, Those are not the reports created by FRST while using fixlist.txt... Please check if there is any 'fixlog.txt' in C:\FRST. If so, enclose it in your next reply. If not, please make sure fixlist.txt is located in the same location as FRST.exe/FRST64.exe is, and please run FRST again using fixlist.txt. Link to post Share on other sites More sharing options...
michaelglew Posted January 12, 2015 Author ID:928648 Share Posted January 12, 2015 Hello: Is this the log you are looking for? Thank you!FRST.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 12, 2015 ID:928649 Share Posted January 12, 2015 Not really, actually. Can you please do step 3 - 5 again, from post #6, please? Link to post Share on other sites More sharing options...
michaelglew Posted January 12, 2015 Author ID:928651 Share Posted January 12, 2015 Sorry Black Birdfixlist.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 12, 2015 ID:928655 Share Posted January 12, 2015 Hi, No problem! Nevertheless you uploaded the fixlist.txt file, which I created and already did see... Can you please upload the fixlog.txt textfile? (So, not the fixlist.txt.) Link to post Share on other sites More sharing options...
michaelglew Posted January 12, 2015 Author ID:928656 Share Posted January 12, 2015 Thank you for all your patience. Is this only closer to what you need? Fixlog.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 12, 2015 ID:928657 Share Posted January 12, 2015 Hi, That's indeed what I wanted to see. No problem at all! 1. Download ComboFix to your Desktop.WARNING: ComboFix is a very powerful tool that can damage your system when not used properly. ONLY use this tool under supervision of a trained Malware Analyst. Never use it on your own!!!NOTE: Don't use your computer for other purposes while running ComboFix. It may cause it to stall!Temporary disable your own anti-virus and other anti-malware programs. For instructions, take a look here. Close all open windows. Right-click ComboFix.exe and select Run as Administrator. Accept the Disclaimer. If you're asked to install the Recovery Console, allow the program to do so. The scan may take some time to finish. Wait for it, please. If ComboFix asks to restart the system, please allow so immediately. When finished, ComboFix will show you a logfile. Please copy/paste the contents of this logfile in your next reply.If somehow the logfile didn't open or if you can't find it anymore, it's saved as C:\ComboFix.txt. 2. Start Farbar Recovery Scan ToolIf asked, click Yes at the Disclaimer window. Click Scan once the program has opened. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. Also, please give an update on your PC problems. Good luck! Link to post Share on other sites More sharing options...
michaelglew Posted January 12, 2015 Author ID:928681 Share Posted January 12, 2015 Hello Blackbird: Thanks again for your kind help. Are these logs helpful? Regards,Michael log.txtFRST.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 12, 2015 ID:928809 Share Posted January 12, 2015 Hi, Please download CFScript.txt and save it to your Desktop.Make sure CFScript.txt is located in the same location as ComboFix.exe!!Make sure you save it with it's original name!! Other filenames won't work, only "CFScript.txt" will!!Please drag-and-drop CFScript.txt on to ComboFix.exe as shown here:ComboFix will start and will perform some deletions. Please don't use your PC for other purposes while ComboFix is running, or it may cause your system to stall!!Once completed, please include the contents of the logfile that opens into your next reply. Good luck! Link to post Share on other sites More sharing options...
michaelglew Posted January 13, 2015 Author ID:928985 Share Posted January 13, 2015 Hi Blackbird, Thanks a million. I hope I am attaching the right file. You know how it is with me. Regards, Michaellog.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 13, 2015 ID:928987 Share Posted January 13, 2015 Hi, Please go to VirusTotal.Upload the following file: C:\Windows\system32\drivers\wdmaud.drvPlease post the results in your next reply. Also please do a new scan with Farbar Recovery Scan Tool and post the FRST.txt logfile into your next reply. Please give me an update on your PC problems. Link to post Share on other sites More sharing options...
michaelglew Posted January 13, 2015 Author ID:928989 Share Posted January 13, 2015 Hello Again: Thanks for the quick response. I was not able to locate the file: C:\Windows\system32\drivers\wdmaud.drv Thank you Michael Link to post Share on other sites More sharing options...
Blackbird Posted January 13, 2015 ID:928992 Share Posted January 13, 2015 Hi, Allright, please continue with the Farbar Recovery Scan Tool then, please. Link to post Share on other sites More sharing options...
michaelglew Posted January 13, 2015 Author ID:928998 Share Posted January 13, 2015 Hello: I hope these are helpful. Thank you. Michael FRST_12-01-2015_18-11-54.txtFRST.txt Link to post Share on other sites More sharing options...
Blackbird Posted January 13, 2015 ID:928999 Share Posted January 13, 2015 Hi, Can you give me an update on your pc problems? Link to post Share on other sites More sharing options...
michaelglew Posted January 13, 2015 Author ID:929224 Share Posted January 13, 2015 Hello: Well, the performance seems slightly better, but the non stop security pop ups and warning redirects are still prevalent. A typical occurrence may take up to 7-10 mouse clicks just for a link to work properly. Most times any mouse click on any website or any tool that is web based will launch multiple pops to call 800 numbers to fix my pc and all the works. Thank you for your help. Michael Link to post Share on other sites More sharing options...
Blackbird Posted January 13, 2015 ID:929243 Share Posted January 13, 2015 Hi, 1. Please reboot your PC and boot up into safe mode (Please use the F8 Key method). 2. Once in Safe Mode, please run ComboFix and Farbar Recovery Scan Tool (both regular scans). Save both logfiles. 3. When you finished scanning with both tools, please reboot back into Normal Mode, and post both logfiles into your next reply. Good luck. Link to post Share on other sites More sharing options...
michaelglew Posted January 16, 2015 Author ID:929830 Share Posted January 16, 2015 Hello: Sorry for the delay. I was attempting to run Combo in safe mode and had no luck. I just received error after error about a failure to run this or that. Anyways here is the Farbar log. Michael FRST.txt Link to post Share on other sites More sharing options...
Recommended Posts