Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! My computer won't let me download ANYTHING [Closed]


  • This topic is locked This topic is locked

#1
Tomc82d

Tomc82d

    New Member

  • Member
  • Pip
  • 8 posts
My computer literally will not let me download any files, Internet Explorer says the file always contains a virus, every time I try to download anything, run or save and run, it starts to download and then when it should be finished it pops up and says a virus was detected and download was canceled.
  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi Tomc82d,

That sounds like the ZeroAccess infection. Do you have a spare flash drive and computer where you can prepare the below for me?

  • Step 1
Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your flash drive.

'32-bit'
'64-bit'

  • Plug the flash drive into the infected computer.
  • Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
  • The program will initialize. Press Yes to accept the disclaimer.

    Posted Image

  • Press the Scan button.
  • It will produce a log (FRST.txt) on the flash drive once done. Additionally, Addition.txt would be included if this is your first time running it.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log(s) back here.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • Addition.txt (Farbar Recovery Scan Tool)
  • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#4
Tomc82d

Tomc82d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is the only .txt file that appeared.

Attached Files


  • 0

#5
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Do you mind if I ask you to kindly recheck whether or not the flash drive really only contains that? If you do not still see it, please follow the steps below in order to produce it.

  • Step 1
Download 'Farbar Recovery Scan Tool by Farbar' and save it to your flash drive.

  • Reboot with the flash drive plugged in.
  • Press and hold the F8 key immediately. You should do so before the Windows logo comes up.
  • If successful, you will see the Advanced Boot Options screen like below. Use the arrow keys to choose Repair Your Computer. Press Enter after.

    Posted Image

  • Select US as the keyboard setting and click Next.
  • Select the operating system you want to repair (Windows 7), and then click Next.
  • Select your user account if prompted and click Next. You will then see the following:

    Posted Image

  • Select Command Prompt.
  • In the black command window, type notepad and press Enter.
  • Notepad will pop-up. Select File > Open... > Computer.
  • Keep in mind the drive letter assigned to your flash drive. Close Notepad.
  • Back at the command window, type Z:\frst64 ("Z" should be replaced with your flash drive's letter) and press Enter.
  • When Farbar Recovery Scan Tool opens click Yes. Ensure the settings below are followed.

    Posted Image

  • Press Scan after.
  • It will produce a log (FRST.txt) on the flash drive once done. Reboot and turn off your computer.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#6
Tomc82d

Tomc82d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Worked this time.Attached File  FRST.txt   57.29KB   111 downloads
  • 0

#7
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Awesome. Allow me to get my fix checked by my professor. It won't take long.
  • 0

#8
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
If this goes well, you will be able to download files normally after the first step. There remains a lot to be cleaned after, however, so let's get started. :thumbsup: Please be reminded that the below steps should be done in normal mode (the usual way, and not the way I asked you to do so earlier).

  • Step 1
Download the attached file and save it to the same location on the flash drive as FRST64.exe.

Attached File  fixlist.txt   182bytes   151 downloads

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • When Farbar Recovery Scan Tool opens click Yes.

    Posted Image

  • Press Fix after.
  • It will produce a log (fixlog.txt) on the flash drive once done. Reboot your computer.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 2
Download 'AdwCleaner by Xplode' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 3
If you haven't already, download 'OTL by OldTimer' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    services.*
    explorer.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click Run Scan.
  • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • AdwCleaner[S*].txt (AdwCleaner)
  • Extras.txt (OTL)
  • fixlog.txt (Farbar Recovery Scan Tool)
  • OTL.txt (OTL)

  • 0

#9
Tomc82d

Tomc82d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Next set.

Attached Files


  • 0

#10
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Looks like we have quite a lot to do. Most of these are automatic, so you can listen to music or do something else while you wait for each one to finish. :lol: I believe you are able to download normally now, but the infection you acquired is one of the nastiest one in the wild. As such, please carefully read my warning below.

  • Warning
I would like to inform you that your machine has been infected with a file that is capable of stealing sensitive information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.

Below are the steps that you should administer:

  • Disconnect from the Internet immediately and do not use it unless requested to and until we finish the cleaning process. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • Using a clean and private computer, change your passwords that concern accounts like PayPal, Amazon, banks and other personal accounts. The password(s) for your e-mail account(s) should also be modified.
Though the infection has been identified and can be removed, because of its nature, your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted. Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:

Though this machine can still be cleaned, there are no guarantees that it will be 100% secure after. Let me know of your decision. If you decide to go through the process, please proceed with the following steps.
  • Step 1
Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
    [2013/01/21 14:10:45 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\xhfqkibm.exe
    [2013/01/20 10:11:38 | 000,046,117 | ---- | C] () -- C:\Users\Owner\AppData\Local\sahjdmuc
    [2013/01/20 09:30:47 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\tuvspajb.exe
    [2013/01/20 09:28:11 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\kibnmxta.exe
    [2013/01/20 09:26:34 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\ntmvsnsv.exe
    [2013/01/20 09:24:51 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\jotqftps.exe
    [2013/01/20 09:23:15 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\hdsnopvm.exe
    [2013/01/20 09:21:08 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\lihnerlq.exe
    [2010/04/08 01:26:21 | 000,099,384 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    @Alternate Data Stream - 376 bytes -> C:\ProgramData\Temp:D4EEFCC4
    @Alternate Data Stream - 376 bytes -> C:\ProgramData\Temp:214562D2
    @Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:41C283B2
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:75EFCFC2
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:411E1BE2
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B9AB561D
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C1F4198F
    
    :Commands
    [emptytemp]
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After a the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy and paste (CTRL + A and CTRL + C) the content of that log in your next reply.
  • Step 2
Download 'ESET Services Repair by ESET' and save it to your desktop.

  • Double-click the file. It will ask for administrator privileges. Allow it by clicking Yes.
  • You will be asked to confirm. Press Yes to continue.
  • Once done, you will be asked to reboot. Press Yes once more.
  • Step 3
    Download 'TDSSKiller by Kaspersky Lab ZAO' and save it to your desktop.

    • Double-click TDSSKiller.exe to run it. It will ask for administrator privileges.
    • Click Start Scan to begin the scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now. If not, click Close.
  • The log will be made available at C:\TDSSKiller.*_*_*_log.txt. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 4
    Download 'Farbar Service Scanner by Farbar' and save it to your desktop.

    • Ensure the following options are checked:

      Internet Services
      Windows Firewall
      System Restore
      Windows Update
      Windows Defender
  • Press Scan.
  • A log will pop-up once done. Alternatively, you can find FSS.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 5
If you haven't already, download 'OTL by OldTimer' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

    Posted Image

  • Click Run Scan.
  • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • MMDDYYYY_HHMMSS.log (OTL)
  • Extras.txt (OTL)
  • OTL.txt (OTL)
  • FSS.txt (Farbar Service Scanner)
  • TDSSKiller.*_*_*_log.txt (TDSSKiller)

  • 0

Advertisements


#11
Tomc82d

Tomc82d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Next list.

Attached Files


  • 0

#12
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
A few more unwanted files left and your system will be a happy bunny. :thumbsup:

  • Step 1
Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.

ArcadeFrontier
AVG SafeGuard Toolbar
Coupon Printer for Windows
Homepage Protection
MovieTrack
Rechips Ship V1.2
SendoriInform me if you encounter problems in the removal process.
  • Step 2
Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
    PRC - [2013/07/01 15:28:16 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
    PRC - [2013/07/01 15:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
    PRC - [2013/07/01 15:28:16 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
    PRC - [2013/07/01 15:28:14 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
    PRC - [2013/07/01 15:28:12 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
    SRV - [2013/07/01 15:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
    SRV - [2013/07/01 15:28:14 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
    SRV - [2013/07/01 15:28:12 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
    IE:64bit: - HKLM\..\SearchScopes\{271E6FE6-9A91-4FBD-9A41-9CC8350CCFE8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE:64bit: - HKLM\..\SearchScopes\{55A59039-4C17-4F98-8079-927417DEA22E}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{271E6FE6-9A91-4FBD-9A41-9CC8350CCFE8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{55A59039-4C17-4F98-8079-927417DEA22E}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
    IE - HKU\S-1-5-21-945422415-582677547-2944859164-1000\..\SearchScopes\{15E74859-A864-4F75-94CF-6AC0BA42A851}: "URL" = http://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms}
    IE - HKU\S-1-5-21-945422415-582677547-2944859164-1000\..\SearchScopes\{472D3000-2D1C-4EEF-9073-18556B4C852D}: "URL" = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
    IE - HKU\S-1-5-21-945422415-582677547-2944859164-1000\..\SearchScopes\{55A59039-4C17-4F98-8079-927417DEA22E}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IE
    IE - HKU\S-1-5-21-945422415-582677547-2944859164-1000\..\SearchScopes\{6461CD24-7157-4A8F-A61E-D6112344D3D7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
    IE - HKU\S-1-5-21-945422415-582677547-2944859164-1000\..\SearchScopes\{650B7F71-F3A0-4EC1-979D-13325C2034D1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
    IE - HKU\S-1-5-21-945422415-582677547-2944859164-1000\..\SearchScopes\{66DBA66A-59CE-4AFE-8670-A2084D92DE60}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=85C66280-A2C5-41A0-9FBB-E98CA4133B63&apn_sauid=D399EBF5-7559-4C78-9C9A-687F5316C1C6
    FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={4F8817D4-F8BF-4AF3-B457-EE6591C44382}&mid=8495942abde0fcc918d4a6d29dba2150-e00727f5367d1996ed4e7ab040d1625d451db508&lang=en&ds=AVG&pr=fr&d=2013-01-21 09:49:49&v=17.0.1.12&pid=safeguard&sg=34&sap=hp"
    FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.32
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/12 11:14:53 | 000,000,000 | ---D | M]
    [2013/08/23 14:08:02 | 000,000,000 | ---D | M] (ArcadeFrontier) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3sq8xw5.default\extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
    [2012/09/19 11:30:52 | 000,022,392 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3sq8xw5.default\extensions\staged\[email protected]
    [2013/10/15 14:20:44 | 000,003,735 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3sq8xw5.default\searchplugins\safeguard-secure-search.xml
    [2012/10/19 19:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/10/19 19:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (ArcadeFrontier Addon) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - C:\Users\Owner\AppData\Local\ArcadeFrontier\ArcadeFrontier.dll ()
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {7ACD7E2D-222F-46EC-B90D-C922ACD8A83A} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKU\S-1-5-21-945422415-582677547-2944859164-1000\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
    O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Sendori.dll (Sendori)
    
    :Files
    C:\Program Files (x86)\Sendori
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    
    :Commands
    [reboot]
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After a the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy and paste (CTRL + A and CTRL + C) the content of that log in your next reply.
  • Step 3
Download the following to your desktop:

'File 1'

  • Double-click on the file to open it. Click Run and Yes after.

    Posted Image

  • Don't be afraid as it is safe. Click Yes to proceed. A confirmation prompt will come up, to which you should click OK.
  • Repeat steps 1-2 as needed, depending on the number of files you were asked to download.
  • Step 4
Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 5
    Download 'Farbar Service Scanner by Farbar' and save it to your desktop.

    • Ensure the following options are checked:

      Internet Services
      Windows Firewall
      System Restore
      Windows Update
      Windows Defender
  • Press Scan.
  • A log will pop-up once done. Alternatively, you can find FSS.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • MMDDYYYY_HHMMSS.log (OTL)
  • JRT.txt (Junkware Removal Tool)
  • FSS.txt (Farbar Service Scanner)

  • 0

#13
Tomc82d

Tomc82d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Next list

Attached Files


  • 0

#14
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
The logs are looking great! :thumbsup: We've managed to get rid of ZeroAccess completely. However, I see possible system files that could have been patched. Could you check those for me by following the steps below? If my suspicions are untrue, our work would be nearing its end very soon.

  • Step 1
Download the attached file and save it to your desktop.

Attached File  Copy.bat   145bytes   65 downloads

  • Run the file as an administrator. Click Yes once prompted to confirm.
  • You will see a black pop-up window momentarily--files will appear on your desktop.
  • Go to 'VirusTotal' and open a number of tabs corresponding to the number of files listed below:

    afd.sys
    tcpip.sys
  • Press the Choose File button.
  • Select one of the files listed above and choose Open.
  • Press the Scan it! button.
  • Repeat the 4th step on the other tab(s) as necessary.
  • Once the scan is finished, copy and paste the URL of the tab(s) in your next reply.
  • Step 2
If you haven't already, download 'OTL by OldTimer' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    /md5start
    afd.sys
    tcpip.sys
    /md5stop
  • Click Run Scan.
  • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Step 3
You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.

Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • Extras.txt (OTL)
  • OTL.txt (OTL)
  • VirusTotal URL(s) (VirusTotal)

  • 0

#15
Tomc82d

Tomc82d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
https://www.virustot...sis/1382463775/
https://www.virustot...sis/1382464061/

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP