[RESOLVED AND CLOSED]Problems with removing windows processes accelerator

[Igorica]

Hi guys!
I received an e-mail from my friend and when I started to open it I got the message that it could be something harmful to my laptop, but despite the warning I opened it and got windows processes accelerator. I stopped fake alarms that I was getting from windows processes accelerator by entering registration code but the virus is still on computer and I want to remove it safely. I started to follow steps from http://malwaretips.com/blogs/windows-processes-accelerator-removal/ in order to remove it from my laptop but I have some problems with it. When I turn my laptop on Safe mode networking I don't have access to the internet, so I cannot download RKill and the other programs which I need for removing this virus. Does anyone know how to remove this?

---

As I said above I started to use MalwareTips blog for removing windows processes accelerator. Problem is I don't have internet connection when my laptop is on safe mode networking. Also, I have Avira AntiVir installed but now in my security center I have "Virus protection - not found", and I cannot turn it on. Is this something serious? Does anyone know how remove this? And I made mistake, architecture is 32 bit, not 64 like I wrote on my profile.
Sorry for my English and thank you in advanced!

Merged duplicate threads -Earth

 

[Jack]

RE: Problems with removing windows processes accelerator

Did you check for proxy servers??
When you're in Normal Mode does you internet connection work?

 

[Igorica]

RE: Problems with removing windows processes accelerator

In Normal Mode my internet connection works perfectly, I have no problems with that. And yes, I checked for proxy servers, actually I did everything what I need to do according to http://malwaretips.com/blogs/windows-pro...r-removal/ . When in safe mode networking I tried to go to internet with internet explorer, and Mozilla Firefox, but without success. When using Mozilla in options I choose "no proxy".

 

[Jack]

RE: Problems with removing windows processes accelerator

Great, while in Normal Mode download Rkill and run it and then start a Full System scan with Malwarebytes scan.... You have all the instructions here : http://malwaretips.com/blogs/windows-processes-accelerator-removal/
Next please post a OTL log.

1. Please download OTL and save it to your Desktop.
   
2. Right-click on OTL.exe and select Run as Administrator to start OTL.
3. Double click on OTL.exe to run it.
4. Under Output, ensure that Minimal Output is selected.
5. Under Extra Registry section, select Use SafeList.
6. Click the Scan All Users checkbox.
7. Click on Run Scan at the top left hand corner.
8. When done, two Notepad files will open.
   • OTListIt.txt <-- Will be opened
   • Extra.txt <-- Will be minimized
9. Save the scan log somewhere that you can find it.

What's next?

Attach the OTL logs and MBAM log to your post (You can find here details on how to use the Attachment System).

 

[Igorica]

RE: Problems with removing windows processes accelerator

I am confused a little. Should I do all of this in normal mode? In the instructions it says that I need to download RKill while in safe mode networking? Is it safe to do this in normal mode?

 

[Jack]

RE: Problems with removing windows processes accelerator

I am confused a little. Should I do all of this in normal mode? In the instructions it says that I need to download RKill while in safe mode networking? Is it safe to do this in normal mode?

Yes, this threat acts more like an adware so it shouldn't block you from running this tools..
If you have problems running them you can download the tools and then boot into safe mode with Networking and run them.

 

[Igorica]

RE: Problems with removing windows processes accelerator

Ok! Malwarbytes is now scanning my system and after that I will attach those logs in my post. But now while malwarbytes is scanning my system I don't see "windows processes accelerator" virus on my laptop. Is it deleted or what? Sorry if I am annoying and thank you, U R very helpful.

 

[Jack]

RE: Problems with removing windows processes accelerator

If you previously run RKILL than this program temporary killed this rogue.. however it didn't remove it.
Please let the Malwarebytes scan to complete and then remove all the detected items...

 

[Igorica]

RE: Problems with removing windows processes accelerator

[attachment=1120]

[attachment=1121]

[attachment=1122]

 

[malwarekiller]

RE: Problems with removing windows processes accelerator

Your helper is currently offline i would give u a fix for now and then u will have to wait until your helper returns and gives you further instruction.

P2P warning...u have p2p programs which are a open gate for malware and would remove them from your system for your safety


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.5 or better installed please disable it for the duration of this run

Run OTL

1. Under the Custom Scans/Fixes box at the bottom, paste in the following
   

   :OTL
   IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=00000000000000000000002243271beb&tlver=1.4.19.19&ss=1&affID=17981
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - E:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - E:\Program Files\AskSearch\bin\DefaultSearch.dll ()
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\URLSearchHook: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - E:\Program Files\Peer2Peer-EN\prxtbPee2.dll (Conduit Ltd.)
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - E:\Program Files\PHPNukeEN\tbPHP1.dll (Conduit Ltd.)
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - E:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.)
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
   IE - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=00000000000000000000002243271beb&tlver=1.4.19.19&ss=1&affID=17981
   FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
   FF - prefs.js..browser.search.defaultthis.engineName: "ToggleEN Customized Web Search"
   FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}"
   O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - E:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
   O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - E:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
   O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
   O2 - BHO: (Brothersoft Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - E:\Program Files\PHPNukeEN\tbPHP1.dll (Conduit Ltd.)
   O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - E:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.)
   O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - E:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
   O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
   O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - E:\Program Files\facemoods.com\facemoods\1.3.61.8\facemoodsTlbr.dll (facemoods.com)
   O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - E:\Program Files\PHPNukeEN\tbPHP1.dll (Conduit Ltd.)
   O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - E:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.)
   O3 - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - E:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
   O3 - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
   O3 - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\Toolbar\WebBrowser: (Shareware.Pro-EN Toolbar) - {DA21BD13-CA22-42E3-A071-98F08F1CA1E7} - E:\Program Files\Peer2Peer-EN\prxtbPee2.dll (Conduit Ltd.)
   O3 - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - E:\Program Files\PHPNukeEN\tbPHP1.dll (Conduit Ltd.)
   O3 - HKU\S-1-5-21-854245398-1844823847-1801674531-1003\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - E:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.)
   
   
   :Files
   ipconfig /flushdns /c
   E:\Program Files\ConduitEngine
   E:\Program Files\BabylonToolbar
   E:\Program Files\ToggleEN
   E:\Program Files\AskBarDis
   E:\Program Files\Brothersoft
   E:\Program Files\PHPNukeEN
   E:\Program Files\iMesh Applications
   E:\Program Files\uTorrent
   
   :Commands
   [purity]
   [resethosts]
   [emptytemp]
   [EMPTYFLASH]
   [CLEARALLRESTOREPOINTS]
   [Reboot]

2. Then click the Run Fix button at the top
3. Let the program run unhindered, reboot the PC when it is done
4. Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[Igorica]

RE: Problems with removing windows processes accelerator

I am not sure if I did it right. What did you mean by "If you have malwarebytes 1.5 or better please disable it". I downloaded malwarbytes trial version and used it for removing windows processes accelerator rogue. How do u mean "disable it"? Should I remove it from my laptop or what? I don't understand that.
Anyway, I did all those steps that you were talking about without removing malwarebytes and here is my next log...

Also I have problems with my security alerts. In security center virus protection is not found and I cannot turn it on. Why is that?

 

[malwarekiller]

RE: Problems with removing windows processes accelerator

Hi go back to the previous page and re-run the fix please...it seems it didnt do correctly...run it again and attach the log produced after fix completion

 

[Igorica]

RE: Problems with removing windows processes accelerator

Hi go back to the previous page and re-run the fix please...it seems it didnt do correctly...run it again and attach the log produced after fix completion

Should I remove mawarbytes from my system or what? And what were you talking about p2p programs, what should I do about them? Can you be more specific please because I didn't understand you very well?

 

[malwarekiller]

RE: Problems with removing windows processes accelerator

i have taken care of P2P stuff in my fix....just ensure malwarebytes is not in your system tray before running the fix.just run it then.

 

[Igorica]

RE: Problems with removing windows processes accelerator

Is it ok now?

 

[malwarekiller]

RE: Problems with removing windows processes accelerator

Ok snap! thats MBAM again:wacko:...uninstall it from the control panel for now.

 

[malwarekiller]

RE: Problems with removing windows processes accelerator

OK...we need combofix to work now....Uninstall malwarebytes for now.

Download and Install Combofix 
 
Download ComboFix from one of the following locations: 
Link 1  
Link 2  
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here  

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
  
  
  
  
• When finished, it shall produce a log for you. 
  [*]Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

 

[Igorica]

RE: Problems with removing windows processes accelerator

I did it! The log is below. What should I do next?

 

[malwarekiller]

RE: Problems with removing windows processes accelerator

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Folder::
e:\Program Files\ConduitEngine
e:\Program Files\BabylonToolbar
e:\Program Files\ToggleEN
e:\Program Files\AskBarDis
e:\Program Files\Brothersoft
e:\Program Files\PHPNukeEN
e:\Program Files\iMesh Applications
e:\Program Files\uTorrent
e:\Program Files\LimeWire

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• Combofix may ask u for permission to update itself before the process click yes and allow it to continue.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Attach the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

In your next reply please attach the ComboFix log and let me know how your system is running.

 

[Igorica]

RE: Problems with removing windows processes accelerator

I have some problems with this.