[BrianDrab]

Go ahead and click Run. It will likely fail anyway since a reboot is going to happen. But it's safe to do.

[Advertisements]

Go ahead and click Run. It will likely fail anyway since a reboot is going to happen. But it's safe to do.

Brian,

 

I clicked "Run", it booted up, then rebooted and it looped to the same window I asked about in the prior post; a window asking to run the AVG remover again...

[carolinachris]

Go ahead and click Run. It will likely fail anyway since a reboot is going to happen. But it's safe to do.

Brian,

 

I clicked "Run", it booted up, then rebooted and it looped to the same window I asked about in the prior post; a window asking to run the AVG remover again...

[BrianDrab]

Do it one last time. Go ahead and run it and let the machine reboot and let me know if it comes up again.

[carolinachris]

Do it one last time. Go ahead and run it and let the machine reboot and let me know if it comes up again.

Brian,

 

It rebooted fine this time, without restarting again.

 

I ran the McAfee utility and rebooted.

 

I ran the JRT and rebooted.

 

I have attached two text files:

1.  A large text file from the avg remover.

2.  The text file from the JRT.

Attached Files

•  avgremover.log   806.98KB   385 downloads
•  JRT.txt   1.33KB   330 downloads

Edited by carolinachris, 11 September 2015 - 01:37 PM.

[BrianDrab]

Excellent. Do you know what you want to use as your Antivirus going forward? My recommendation is to use Microsoft Security Essentials as it's free, light on resources and can be as good as other paid alternatives. If you still want to use AVG or another product then feel free to download it to your desktop but don't install yet. I need to check for any remnants first. Please do the following.

 

Note: At the moment your machine has no Antivirus so please try to stay off the internet for anything unnecessary until we re-install one. The infection you had was severe so I had to do it this way.

 

Step#1 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post
1. FRST and Addition logs

[carolinachris]

Brian,

 

Step#1 - Fresh Set of Logs

1. FRST and Addition logs

 

See attached files; FRST912 and Addition912...

Attached Files

•  Addition912.txt   31.37KB   334 downloads
•  FRST912.txt   172.56KB   332 downloads

[BrianDrab]

Thank you. There were indeed remnants that needed cleaned up. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   4.47KB   351 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Install your Antivirus

Please install whichever antivirus you decided on.

 

Step#3 - Malwarebytes Scan

• Download Malwarebytes to your desktop from here.
• Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
• Select the appropriate language and click OK.
• Click Next.
• Select "I accept the agreement" and click Next.
• Click Next
• Change the install path if desired. Normally you will keep this as is. Click Next.
• Click Next again.
• Click Next again.
• Click Install.
• Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
• Click Finish
• If an update is found you will be prompted to download and install. Go ahead.
• Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
• 
   
• Click the Scan button at the top of the form and then click Start Scan button and let complete.
• If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
• 
• Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
• .

 
Step#4 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.

 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).

 

 

 

Items for your next post

1. FRST Fixlog

2. Malwarebytes log

 

[carolinachris]

Brian,

 

Step#1 - FRST Fix

 

Fixlog.txt attached.

 

Downloading Malwarebytes.

 

 

BTW, I have previously paid for a pro version of Malwarebytes. I guess I can use the free one now and get that version later...

Attached Files

•  Fixlog.txt   11.74KB   339 downloads

Edited by carolinachris, 14 September 2015 - 10:36 AM.

[BrianDrab]

BTW, I have previously paid for a pro version of Malwarebytes. I guess I can use the free one now and get that version later...

 

Apologies for missing that. Yes, please download/install your paid version if that's what you are entitled to. Thanks.

[carolinachris]

Brian,

 

When I downloaded Malwarebytes from your link, it automatically verified the premium version and installed it.

 

Step#4 - Retrieve Malwarebytes Log...

 

MWB log is attached

Attached Files

•  MWB log.txt   1.03KB   325 downloads

Edited by carolinachris, 14 September 2015 - 11:01 AM.

[BrianDrab]

Looks good. Let's uninstall comboxfix and plug a few vulnerabilities.

 

Step#1 - Uninstall Combofix
1. Please ensure that Combofix.exe is still on your desktop before proceeding.
2. Click your Start button and in the search box type Combofix /Uninstall and hit enter on your keyboard. (Note there is a space after Combofix and before /Uninstall).
3. Allow Combofix to run as it will perform the uninstall procedures.

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are outdated and vulnerable.

 

Adobe Flash Player 16 ActiveX            <<-----I wouldn't re-install this one until you find a need for it
Adobe Reader 9.5.2                             <<-----after uninstalling you may install the most current version from here.

cmd                                                       <<----this is an unknown program and should be uninstalled unless you are sure what it is

Step#3 - Windows Updates

Please make sure you go to Windows Updates and download, install all critical/important updates. Keep doing this until there are no more left.

 

 

We're almost done here. Thanks for hanging in there with me.

[carolinachris]

Brian,

 

Step#1 - Uninstall Combofix

Combofix uninstalled successfully...

 

Step#2 - Uninstalls

Adobe Flash Player 16 ActiveX (I have version Adobe Flash Player 18 ActiveX) uninstalled successfully...

Adobe Reader 9.5.2 uninstalled successfully...

cmd uninstalled successfully.

 

Rebooted successfully.

Edited by carolinachris, 14 September 2015 - 12:32 PM.

[BrianDrab]

Try pasting the following into the search box instead.

 

%UserProfile%\Desktop\Combofix /Uninstall

[carolinachris]

Try pasting the following into the search box instead.

 

%UserProfile%\Desktop\Combofix /Uninstall

Brian,

 

I had to manually set it to search the Desktop. It uninstalled successfully...

[carolinachris]

Brian,

 

Step#3 - Windows Updates:

Updating Windows and will report back when done.

 

This could take a while...

 

BTW, 230 updates is quite a bit to download and install.

 

Currently, it's installing - "update 125 of 230"...

Edited by carolinachris, 14 September 2015 - 02:44 PM.