4 diff threats kept popping up on browser...

Welcome to Major Geeks!

You did not attach the requested log from Hitman Pro. Did you run it? Based on your logs you are still infected.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

Continue on with the FRST instructions because you definitely still have a ZeroAccess infection.

 

Re: frst.txt file attachment

It's of no use to us. It has to be run from System Recovery.

The only other way is with your Windows 7 Boot DVD. Do you have it? Most people do not. Let's try a different way of fixing it.


Now download and save a copy of combofix.exe and save it directly onto your Desktop folder.

• Then right click on it and select Run As Administrator. Do not disturb it by clicking in the window that opens or it may stall.
• After it finishes, it may reboot your PC. Attach the C:\combofix.txt log that it creates.
• If after running Combofix you discover none of your programs will open up because you receive the following error:
  • Illegal operation attempted on a registry key that has been marked for deletion
• Then you will need to reboot your computer which will normally fix this problem.

 

No!!!! The Zero Access infection you have ate it. When Combofix ran and removed the malware, this can break some services and registry entries related to your network interface. The fixes are typically quite easy. Your ISP has no idea what they were doing.

You should have attached the log here with a different computer so that we could have continued. Doing as system restore could likely have undone everything we fixed and could have the effect you are describing with slowing down your PC.

I'm going to need some new logs to better determine your status now after having performed a System Restore.

Please rerun Roguekiller and attach a new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

Re: getting a new set of system restore disks from Dell...

Was not a good idea and per our instructions in the READ & RUN ME, you should only be doing what we ask you to do and absolutely nothing else because it make removal more difficult and could cause many other additional problems.

Again this is not what was requested. You should not be deleting things on your own. These were normal system settings.

System Restore would not delete the C:\MGtools folder. It should still be there.

Of no use to us. You need a Windows 7 Boot DVD. Not reinstall disks unless you want to totally restore your PC to the way it was out of the box and lose all your personal data/files...etc. Also did your PC originally come with Vista on it? Your MBR shows as Vista. Did you upgrade to Win 7 later?

 

Re: Win7, never Vista

Sorry for the delay. Real work, real life and tax season have gotten in the way.

As stated earlier, unless you obtained Win 7 Boot DVD, they are of no use to use. System Restore disks are normally just disks to reinstall back to the way the PC was shipped and you probably already have a factory restore partitin for doing this. .... Well that is unless the infection you have broke it.

RogueKiller recognizes your MBR as a Vista MBR.

Multiple reason:

• We asked you not to do anything unless requested in the READ & RUN ME. As it typically only serves to get in our way and adds to confusion when unknown/unexpected files start showing up.
• You already had AVG installed and should not have multiple antivirus packages installed.
• McAfee will not fix your problems. Have you seen that it has fixed anything?

I need to see a new log from MGtools to determine what is currently running on your PC.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!