Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is someone sharing Windows 7 with me?

24 Apr 2013   #31
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

You're missing the FRST.log . Upload that log as well.

Here is a link that will show you how to upload a photo and a file onto the forum

Screenshots and Files - Upload and Post in Seven Forums


My System SpecsSystem Spec
.
24 Apr 2013   #32
nottaclue9

Windows 7 Home Premium 64-bit, service pack 1
 
 



My System SpecsSystem Spec
24 Apr 2013   #33
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

nottaclue9

I notice you still have some files left over from the FBI randsom ware virus you had . Lets wait until Cottonball comes on and tells you the next steps .
My System SpecsSystem Spec
.

24 Apr 2013   #34
cottonball

Windows 7 Home Premium
 
 

nottaclue9,

Thanks for the FRST reports.

There are entries showing in them that need removed from your computer.
So, here is what we need to do...

We need to make sure that FRST is on the >>Desktop<<, and not in the Temporary Internet Files Folder where it is now:
Running from C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD5UOB86
Otherwise, what we are going to do will not work.


To get FRST on the Desktop, let's delete it, and download a new file, as follows:
Press the Start globe, and in the Search Programs and Files box right above the Start globe, type: FRST
Above it you will see a list with Programs, Documents or Files.
Right-click the FRST icon, and select: Delete
You can also right-click and Delete any Document or File that has FRST in its name.

Now, please download the program once again: Farbar Recovery Scan Tool Download
Select the 32-bit version

When you see the download on the screen, press the drop arrow by Save, and select: Save as...
In the Save as prompt, the blank space right at the top needs to have the Desktop selected.
If there is something else there, click in the space, and use the Backspace key to remove it. Then, type: Desktop
At the bottom of the prompt, press: Save

Now, check the Desktop, and make sure you see FRST there.
If there are any FRST or Addition reports on the Desktop, right-click and: Delete

Double-click FRST to run it once again, and press: Scan

Please post the new FRST.txt that appears on the Desktop.

I will be able to tell if the program is in the right location, and then we will engage in fixing things.
My System SpecsSystem Spec
25 Apr 2013   #35
nottaclue9

Windows 7 Home Premium 64-bit, service pack 1
 
 

Life has gotten interesting, so I'll probably wait till the week-end to try this. Just didn't want y'all to think I was being an ingrate; I just need a chunk of time to myself when I can think.
My System SpecsSystem Spec
25 Apr 2013   #36
cottonball

Windows 7 Home Premium
 
 

Whenever you are ready!!

That is fine with us.
My System SpecsSystem Spec
25 Apr 2013   #37
cottonball

Windows 7 Home Premium
 
 

Do you think you can provide the RogueKiller log (RKreport.txt) you provided in Post #18, and instead of an image, copy/paste the text in a reply?

Would like to work with that, and make all this easier for you, if possible.
It would be the easiest thing yo do at this point.
My System SpecsSystem Spec
26 Apr 2013   #38
nottaclue9

Windows 7 Home Premium 64-bit, service pack 1
 
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judy [Admin rights]
Mode : Scan -- Date : 04/26/2013 01:24:43
| ARK || FAK || MBR |
Bad processes : 0
Registry Entries : 4
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : aefbfeaead (C:\Users\Judy\AppData\Roaming\ae70f096-0091-4777-bf93-94615e57a0e6ad\aefbfeaead.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2438601110-3927464551-1267722977-1000[...]\Policies\Explorer\Run : aefbfeaead (C:\Users\Judy\AppData\Roaming\ae70f096-0091-4777-bf93-94615e57a0e6ad\aefbfeaead.exe) [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$e753789c7b028571c64e689ed4db51bd\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$e753789c7b028571c64e689ed4db51bd\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\L --> FOUND
Driver : [NOT LOADED]
Infection : ZeroAccess
HOSTS File:
--> C:\windows\system32\drivers\etc\hosts

MBR Check:
+++++ PhysicalDrive0: ST500DM0 02-1BD142 SATA Disk Device +++++
--- User ---
[MBR] 65448ab472fbcfd6f689b590a0e5436e
[BSP] bc8352d5af846e1bd0127f659f7692ae : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 7ff2a1acbc680c812ef961808b542c37
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2192 | Size: 15274 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_04262013_02d0124.txt >>
RKreport[1]_S_04262013_02d0124.txt

I have a feeling this isn't right.
My System SpecsSystem Spec
26 Apr 2013   #39
cottonball

Windows 7 Home Premium
 
 

That's it.

Please run RogueKiller once again:

Close all windows and browsers
Right-click RogueKiller and select 'Run as Administrator'
Wait until the Prescan finishes
The Status box shows: PreScan Finished

Press: Scan

When done, on the right, click: Delete
Wait until the Status box shows: Deleting Finished

Click on Report and provide the content of the new Rkreport (Mode: Delete) in your reply.
My System SpecsSystem Spec
28 Apr 2013   #40
nottaclue9

Windows 7 Home Premium 64-bit, service pack 1
 
 

So I sat down tonight to try to do the removal procedure when Windows Security Essentials sent me a red pop-up saying that it had detected suspicious items and that my computer needed to be cleaned. So I clicked on the proper button and then restarted as instructed. I then had a red window in the center of my screen (not lower right-hand like the first warning) that listed these three threats:

Trojan.PSW.Win32launch
HacToolWin32/Welevate.A
Adware.Win32.Fraud

Again, I was told I needed to clean my computer. But when I clicked on the button, I got the ribbon notice at the bottom of my screen, telling me that running the program would harm my computer. I didn't know whether to trust anything that had happened, and I didn't feel safe going on line to contact you guys, so I ran a full Malware Bytes scan. It detected two items:

Trojan.agentKB
Trogan.agentKD

Meanwhile, there has been activity I didn't allow on my third credit card in the last two months. I am about to give up, as dealing with this and the fallout from it has taken immense amounts of my time and made me really paranoid. I am ready to drop-kick the HP over my back fence & get a Mac.
My System SpecsSystem Spec
Reply

 Is someone sharing Windows 7 with me?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows 7 mkv sharing.
I have a Windows 7 computer that I have a shared folder setup on. I have a Windows 7 laptop that I'm accessing that shared folder on. All the files in that shared folder is showing up except for one folder that contains MKV files. That folder isn't showing up at all on the laptop. Anyone have any...
Network & Sharing
File Sharing and Homegroup Sharing Problem
Hi, I have been going crazy trying to get my PC to share files with a couple of laptops. I am running Windows 7 64 Bit and the laptops are running Windows 7 64 bit and Windows XP. I have enabled file sharing but The Windows 7 Laptop keeps giving me an unknown error when trying to join a...
Network & Sharing
Have a problem to make sharing with Windows 7 64bit and windows 7 32bi
the computes reside on the same network, and connected with wireless to the network. i already add them to the same Workgroup, and turn off windwos firewll, but unfortently, they ca't see each other on the home network. I have TPLink router, and have access to the internet from both computers....
Network & Sharing
sharing between windows xp and 7
so i have two desktops and one has xp and another 7...they are connected via LAN and are under same network.. they are in same workgroup..both my computers can see the other device... in my xp, i can even access the shared folders and files in 7.... but when i try to access the shared files of...
Network & Sharing
Windows 7 Sharing
Hi, I have to pcs running Windows 7 Home Premium. I am trying to network without Homegroup. I am using workgroup, both computers are members of the same workgroup name. From PC2 I can access PC1, without password. I try to access pc2 from pc1 and I am stopped with a box Enter Network Password. I...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App