Search:

Everything done. Thanks again for all the help. Appreciated.

Seems ok. Probably run better without that erunt program annoying me at every bootup lol

# AdwCleaner v3.015 - Report created 21/12/2013 at 21:54:58
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Thor - THOR-PC
# Running...

Uninstalling system optimizer seems to have taken it with it. I considered doing that at the start but now that I have zero use for that program again, which was recommended by a zillion sites and...

2013-12-07 06:49 - 2013-12-07 06:49 - 00000000 ____D C:\Users\Thor\AppData\Local\{E2E4E388-7322-4AE9-BD3D-CB5B3D1DD7A7}
2013-12-06 17:32 - 2013-12-06 17:32 - 00000000 ____D...

For whatever reason I cant seem to find a roboot64.exe on my system. Also the malware came up with nothing after the scan.






Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64)...

Nothing in there unfortunately.

Not listed either.

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========...

Cleaned through and also did the registry option as well. It still keeps coming back. I'm in the middle of grabbing a bunch of programs in readiness of a system format lol. I'll wait to see if you...

After a gruelling 4 hour scan lol EST didnt find anything. And Revo I had played previously too. It doesnt list the program sadly. It seems the only 2 programs that can find it are malwarebytes...

My pc is starting to act different since that last thing. Any USB device I put in will be picked up but it'll hang for a few minutes before opening. Also opening my browser keeps asking to restore...

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows...

SystemLook 30.07.11 by jpshortstuff
Log created at 03:52 on 20/12/2013 by Thor
Administrator - Elevation successful

========== regfind ==========

Searching for "HKEY_LOCAL_MACHINE\SOFTWARE"...

Unfortunately still crashing 3/4 into the scan. Only manages to pick up 3 entries before it explodes.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC...

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ProgramData\Systweak\Advanced System...

SystemLook 30.07.11 by jpshortstuff
Log created at 01:02 on 20/12/2013 by Thor
Administrator - Elevation successful

========== folderfind ==========

Searching for "Advanced System Protector"...

The program finds a few things but then crashes before it can finish scanning. Does it each time.

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]...

O1 HOSTS File: ([2013/12/19 22:12:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) -...

OTL logfile created on: 19/12/2013 11:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type =...

File attached

ComboFix 13-12-18.01 - Thor 19/12/2013 22:05:15.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6026 [GMT 9.5:30]
Running from:...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]...

I'd like to mention that I've done this step multiple times and it always picks it up and never actually gets rid of it which is weird when it says its quarantined.






Malwarebytes...

I've given it my best shot but it doesnt appear any where on my system to remove. But its always there in the bottom corner loading up. I do have Advanced System Optimizer installed so I'm unsure...

I've been trying to remove this thing but its proving difficult. At first I thought it was part of the Advanced system optimizer I installed so I didnt pay attention to it.



DDS...

I've completed most of the steps. OCT seems to not have been installed so theres no uninstall option. Otherwise all good thanks.

Windows appears to load up slower than usual. The black screen hangs for a while which is weird since I had an SSD drive. Might have to look into reinstalling at some point. Aside from that no...

03:44:09.0449 4172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:44:09.0454 4172 PEAUTH - ok
03:44:09.0468 4172 [...

No objects were found during the scan






03:44:01.0587 8904 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
03:44:02.0855 8904 ...

Its still showing after a scan.

Yes. It gives a green tick after but when I rescan they pop up all over again.

Yes all the same things in that screenshot keep popping up even after a fix and rescan. New screenshot attached

Screenshot attached

All my scanning comes up clean except for spybot which gives me a few things. One is listed as some sort of registry key trojan.





Search results from Spybot - Search & Destroy
...

All processes killed
========== FILES ==========
C:\Users\Thor\AppData\Local\Temp\ICReinstall_vlc-setup.exe moved successfully.
F:\Downloads\goldwave setup.exe moved successfully....

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]...

========== Files/Folders - Created Within 30 Days ==========

[2013/08/10 03:21:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/10 03:15:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT...

OTL logfile created on: 10/08/2013 3:24:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type =...

Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CD71B418-03FC-4A2C-B488-94242CBE3C6F}
Successfully deleted: [Empty Folder]...

Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A5D9827C-3689-4985-BE96-D92E1FDF4A06}
Successfully deleted: [Empty Folder]...

Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{5127AE4B-EAA1-4003-84D1-26937EFBBA9A}
Successfully deleted: [Empty Folder]...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.9 (08.09.2013:1)
OS: Windows 7 Ultimate x64
Ran by Thor on Sat 10/08/2013 at ...

Thanks for the help.

Sorry, I wasnt sure. Should I paste them up now or wait for different instructions?

Forgot I could compress them. Files attached.

The OTL and Extra files are too huge to paste or attach. Should I paste them into 2 replies for each?

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 14:14:56
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Thor - THOR-PC
# Boot Mode :...

I'm having trouble running the Junkware Removal Tool. It keeps saying its not a 7-zip archive for whatever reason. Its coming up as an exe file and not associated with 7-zip. I even uninstalled...