Solved I give up ..... I think I need that help

[TIA]

I don't have any logs for you as i can't get scans to work now but i was told to C&P my other thread and put it here, so here goes:

think I may be in a world of trouble now:

There are some things my laptops refuse to do, and that is either run or install malwarebytes, GMER, or spybot. (among a couple of others) Whereas only recently i could get them to run by changing their names.

The ones that were already installed no longer work and if I try to re-run them from my download folder, it says it can't because the files already exist.

If I try to download them again says C:\WINDOWS\system32\config\system.
The process cannot access the file because it is being used by another process.

Gmer will run, but again on start up it says 'C:\WINDOWS\system32\config\system: The process cannot access the file because it is being used by another process'.

I have tried TDSSKiller and It said 0 threats found, but so did these too: sonova, aswmbr, F-secure online scanner, Emsisoft, MBRL scan etc

So it seem as though it lets me run software that knows won't find it, or am I being paranoid?

But my main problem now is trying to get the good stuff running. I'm in a mad loop because I can't delete the disabled software and i can't re-run or download them.

I have tried changing security permission to allow me to change files, so I could delete the old ones before reinstalling but it changes back, or tells me I don't have access or permission.

I have tried Rkill first and then malwarebytes, GMER & spybot.... ....but no luck

I have tried the run command but it says it can't find it and when i browse to it, it says it still can't find it.

I have tried task manager and asking it for a new task ... this one almost gets me there .... but then fails.

what else did I try? Oh yeah....: I tried to Use Malwarebytes Chameleon ... no luck
Also Run Malwarebytes Anti-Malware from Safe Mode with Networking ... no luck

I have already changed the folder settings to Show Hidden Files and Folders.

So, what the hell do I do now?

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[TIA]

I MUST STRESS THAT EVERYTHING I WRITE ABOUT BELOW WAS DONE BEFORE YOU POSTED YOUR HELP .... I DIDN'T JUST GO OFF WILLY NILLY AFTER READING THIS!!

I didn't want to send in this log and waste your time, so I thought i had better explain:
Because the night before last, I came across the Malwarbytes BETA, and as I had tried everything else I thought why not.

Well, that little darling found things no other software had found even its big brother malwarebytes failed to find.
And because i couldn't care less now if i have to reinstall, I clicked on 'fix it' and i think it did.

I have been testing my computer since and everything works, the antivirus & fire wall is on, and i can go where I like on the computer .... except ... The name rubbi_000 is still there as User but my name is now there too?
I have scanned it three times with the same tool and also a mixture of other tools and they all come up clean.

But, i'm not 100% sure and wondered if you could still look at the log for me? .. Just to double check?
I haven't got the addition log because I have used this tool before.
Before I leave you to decide if you will still check for me, I must tell you that the BETA found 77 infected and most of them were trojans, the ones that popped out straight away were:

MSIL GEN MALLICIOUS-DA (Trojan)

WIN32 FAKEMAIL -E (TROJAN)

WIN32 DOWNLOADER-UEO (PUP)

WIN32 INJECTOR-BUP which is a Trojan-Dropper

WIN32 DROPPER - GEN (DRP) TROJAN

WIN32 AWARE PUP (BRM)

MSIL/INJECTOR - GEN-G ****

Which sounds nasty and May have been what i thought was a rootkit? Because it has rootkit features, hides from security products allowing other malicious infections to run without the user noticing anything.
It injects malicious codes into legitimate system processes. It is a constituent part of various types of malware written in Microsoft Intermediate Language. IT CHANGES PERMISSION AND BLOCKS USER!
I have hunted down as much info as i can about each trojan. (there were over 50 of them) But I won't bore you as you would know their history already.

So, if I'm not putting you out, could you just see if it really has gone? Oh and this is important to note.

After i found my computer running as normal i tried the other two so i could run the BETA on them ... but the HP was clean, BETA found nothing! And then I tried turning on the dead Vaio but it wasn't dead! It was alive and clean... could you explain for me as I'm finding this very WEIRD!

 

[TwinHeadedEagle]

You're still missing Addition.txt report.

 

[TIA]

I'm not getting a Addition.txt because when i first found this site I tried the scan and indeed, I had an addition txt ... but not now. Now it is only giving me the one report.
I down loaded the tool fresh yesterday thinking I would then get the addition ... but no!
any advice?

 

[TIA]

I have just found the original Addition. text from 17-08-2014 .... would this still be any good?

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[TIA]

Sorry for being a bimbo, i never spotted the addition option

Here we go:

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[TIA]

here is the fixlog .... just had to restart so doing the rest now.

 

[TIA]

The tool wouldn't run ... i got this Error
Setup
Internal error: Expression error 'Runtime Error (at 79:177):
External Exception E06D7363

 

[TIA]

I tried again a couple of times but got this error:
C:\ProgramDaata\Malwarebytes\Malwarebytes Anti-Malware\Configutation\net.conf
An error occured while trying to create a file in the destination directory:
Setup waas unabble to create the directory
"C:\ProgramDaata\Malwarebytes\Malwarebytes Anti-Malware\Configutation".

Error 5: Access is denied.
Click retry again, Ignore to skip this file etc

This is the problem I was having before, the program is already installed but not working, i can't delete the un-working one so I can replace it with new download.
It says I can overwrite it but when it comes to doing that, i get the error report.

 

[TwinHeadedEagle]

Let's try to uninstall it:

Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

• Right-click on mbam-clean.exe icon and select
  
  Run as Administrator to start the tool.
• It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[TIA]

I downloaded it and it asks are you sure, i click yes ... then nothing! tried it twice ... nothing!

 

[TwinHeadedEagle]

Try to install MalwareBytes now.

 

[TIA]

Nope! same error message

 

[TIA]

I'm getting Desktop.ini all over the desktop? is that normal?

 

[TIA]

I downloaded the trial hope it will be the same kind of report?

 

[TIA]

This is the log after it quarantined the PUP but it was saved in XML and I asked for TXT.

 

[TIA]

only way to upload it....