PC health kit

[TwinHeadedEagle]

I don't know how were you able to provide FRST reports. Please download fresh copy of FRST from the link above and try again. If it fails, please procede with ComboFix...

 

[sahh]

Me either. I expected it to run just fine. Would you mind sending me that link again?

 

[TwinHeadedEagle]

Here you go --> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

[sahh]

Right. I have downloaded that four times. I can go to Programs to check if it is there> It is not.

 

[TwinHeadedEagle]

Ok, procede with Combofix

 

[sahh]

Got that done. See attached. Sorry for the trouble.

 

[TwinHeadedEagle]

Very good


Open notepad and copy/paste the text present inside the code box below:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Folder::
c:\program files (x86)\Mega Browse
c:\program files (x86)\Linkey
c:\program files (x86)\MyPC Backup
c:\programdata\~0
c:\program files (x86)\Settings Manager
c:\programdata\systemk
c:\users\hogan\AppData\Roaming\Activeris
c:\programdata\Activeris
c:\program files (x86)\Activeris AntiMalware
c:\progra~2\Linkey

File::
c:\windows\system32\acrisnative64.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4e6cd411-ce62-4584-97ff-6afbcf6900af}]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Driver::
hlnfd
Updater Service
Update Mega Browse
Util Mega Browse

ClearJavaCache::

Save this as CFScript.txt

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns;b

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

***** NEXT *****​

Tell me how is the situation now?


==========================================================================================================
Things I need you to do:
- ComboFix report
- Zoek report
- How is the situation now?
=======================================================================================================================

 

[sahh]

How is the situation now? Nervewracking. I got a lot of warnings from our malware friends about zoek. After this, I open up a browser and still the malware is smiling at me. It seems endless, but probably to you, too.

 

[TwinHeadedEagle]

> Re-run zoek with the script below and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Linkey for Firefox;ff
Snap.Do;ff
Settings Manager;ff
Mega Browse;ff
Addons Engine;ff
SySaver;ff
autoclean;
emptyalltemp;
emptyclsid;
ipconfig /flushdns;b

 

[sahh]

Mozilla looks good. Chrome does not. I tried to capture the picture of the baseball player but had trouble for some reason. I no longer have Activerius antimalware on my computer. How else can I check to see how we are doing?

 

[sahh]

I don't really need all these web browsers if that would help. Internet Explorer seems ok too

 

[sahh]

here it is afterall

 

[TwinHeadedEagle]

Try to set it this way

https://support.google.com/chrome/answer/95314?hl=en

https://support.google.com/chrome/answer/95426?hl=en

 

[sahh]

I did that, but still didn't work so I defaulted to original settings and it looks good. Where does this leave us, kind sir?

 

[TwinHeadedEagle]

This leads to the end

How is the situation now?

 

[sahh]

It seems just fine. Unbelievable that you helped me and I could follow thru, barely at times. Do we not need to run something to make sure all those malware threads are gone? Or do you already know that?

I have taken 'Total Defense " off my machine because it was interfering and it seems like a joke now. Any recommendations? I think I have the Windows Firewall on, but I have never really used it. Do you think I am vulnerable now?

 

[sahh]

It seems just fine. Unbelievable that you helped me and I could follow thru, barely at times. Do we not need to run something to make sure all those malware threads are gone? Or do you already know that?

I have taken 'Total Defense " off my machine because it was interfering and it seems like a joke now. Any recommendations? I think I have the Windows Firewall on, but I have never really used it. Do you think I am vulnerable now?

 

[sahh]

I see there is a six free license for Bitdefener on your website. I got a license number and says I can download it. BUT I am very nervous about downloading anything.

 

[TwinHeadedEagle]

We will clean all used tools in the last step. About Total Antivirus, I've never heard about it, but it seems like a decent one. Never use more than one antivirus. You can uninstall Spybot, because it is useless. Much better product is MalwareBytes, that you can use for occasional scan.


I can recommend you this software to avoid Adware in the future:

http://unchecky.com/

Read here how it works --> http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[sahh]

It was Total Defense. I THOUGHT I had already uninstalled SPYBOT. Bitdefender?