Is someone sharing Windows 7 with me?

[VistaKing]

Before you run off and get a Mac they to get viruses .

 

[nottaclue9]

Apparently the tablets don't.

 

[cottonball]

Tablets have their use, however, personally, would not trade my laptop for a tablet. My tablet is fine for 'light' use, but cannot do all that the laptop does.

Use a clean computer, and change your passwords. <<--- Important

If you are not quite ready to throw the laptop over the fence, please follow Post #39.
Make sure you post the new Rkreport (Mode: Delete) in your reply.

These are not Microsoft Security Essentials alerts.
Trojan.PSW.Win32launch
HacToolWin32/Welevate.A
Adware.Win32.Fraud

Your computer is infected by a fake security program.
If you click the alert to clean the infection, you will download more malware.

Next, please use Malwarebytes Anti-Rootkit Download
Save to the Desktop (easy to find)
Right-click the file and select: Extract here...
In the MBAR folder that appears on the Desktop, open it, and double-click the MBAR application.

At the program console, follow the prompts to update and allow the program to SCAN the computer for threats.

If any threats are reported, DO NOT click on the Cleanup button to remove them!!!
At this point go back to the MBAR folder on the Desktop, and look for two reports:
1. system-log.txt
2. mbar-log-2013-04-22 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)

Please provide the mbar-log and the system-log in your reply.
Exit: MBAR

 

[nottaclue9]

Incredibly, I cannot save the RK report. The window opens that says I've saved it, but it is nowhere in my documents, which is where the first RK report is. Not anywhere I can find it. I went through the same exact steps.

 

[VistaKing]

nottaclue9

Check in your desktop .

C:\Users\useraccountname\Desktop

 

[nottaclue9]

OK. So when I tried to save the report on my desktop instead of the report in my tray to "my documents," I got a window that said more or less, "You can't save it here," which is where I saved the other one.

Also, there was a window on the screen which said, "Revocation information for the security certificate for this site in not available. Do you want to proceed?" I had RK on the screen behind the window. Too late for that information as I have already run the scan.

Can someone recommend a reliable Windows 7 laptop to me? The Amazon reviews are confusing as are the CNET reviews. My life is such that I can't devote so much time to this, and I've already spent $200 for a fix that didn't get things fixed.

 

[cottonball]

To get the RogueKiller report...

Press the Start globe, and in the Search Programs and Files box right above the Start globe, type: RKreport

Above the search box you will see a list with Programs, Documents or Files.
Look for any RKreport there. Double-click to open any found.

In the upper lines of the report, you will see: Mode : Remove -- Date : 04/28/2013 23:49:34 (date will differ)

That is the report I need for you to post.

 

[nottaclue9]

It pulled up the first report, not the one I just ran. You want me to post that one again? It's several days old, before the fake security infection.

And I cannot find Mode: Remove on this report, either.

 

[nottaclue9]

This is the new one:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judy [Admin rights]
Mode : Scan -- Date : 04/29/2013 13:55:21
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : aefbfeaead (C:\Users\Judy\AppData\Roaming\ae70f096-0091-4777-bf93-94615e57a0e6ad\aefbfeaead.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2438601110-3927464551-1267722977-1000[...]\Policies\Explorer\Run : aefbfeaead (C:\Users\Judy\AppData\Roaming\ae70f096-0091-4777-bf93-94615e57a0e6ad\aefbfeaead.exe) [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$e753789c7b028571c64e689ed4db51bd\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$e753789c7b028571c64e689ed4db51bd\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST500DM0 02-1BD142 SATA Disk Device +++++
--- User ---
[MBR] 65448ab472fbcfd6f689b590a0e5436e
[BSP] bc8352d5af846e1bd0127f659f7692ae : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 7ff2a1acbc680c812ef961808b542c37
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2192 | Size: 15274 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_S_04292013_02d1355.txt >>
RKreport[1]_S_04262013_02d0124.txt ; RKreport[2]_S_04292013_02d1355.txt

 

[cottonball]

Good! That is a newly run report (Mode : Scan -- Date : 04/29/2013 13:55:21), so let's do the following:

Please run RogueKiller once again:

Close all windows and browsers
Right-click RogueKiller and select: Run as Administrator
Wait until the Prescan finishes
The Status box shows: PreScan Finished


Press: Scan


When done, on the right, click: Delete
Wait until the Status box shows: Deleting Finished


Click on Report and provide the content of the new Rkreport (Mode: Delete) in your reply.

Hopefully, you downloaded RogueKiller to the Desktop, and the new report Mode Delete (or Remove) will also show up on the Desktop.

If not, please do a search for it.

 

[nottaclue9]

Do you mean right-click on the RK icon?

 

[VistaKing]

Yes to open the RogueKiller application right-click on it and click Run as administrator

 

[nottaclue9]

OK. I figured that was the case but didn't want to do something (else) dumb!
I have a small RK window open, but I don't think I should close it since when I try to, it tells me nothing has been deleted. Is this correct? I should leave that one alone?

 

[VistaKing]

Good! That is a newly run report (Mode : Scan -- Date : 04/29/2013 13:55:21), so let's do the following:

Please run RogueKiller once again:

Close all windows and browsers
Right-click RogueKiller and select: Run as Administrator
Wait until the Prescan finishes
The Status box shows: PreScan Finished


Press: Scan


When done, on the right, click: Delete
Wait until the Status box shows: Deleting Finished


Click on Report and provide the content of the new Rkreport (Mode: Delete) in your reply.

Hopefully, you downloaded RogueKiller to the Desktop, and the new report Mode Delete (or Remove) will also show up on the Desktop.

If not, please do a search for it.

This what Cottonball said . On his earlier post

 

[nottaclue9]

So, to be sure, I close the RK window that asks me if I'm sure I want to quit?

 

[VistaKing]

Did you click on Delete button ? It should also create a log

 

[nottaclue9]

I just clicked on "delete," and it is searching for "CLSID," but making absolutely no progress. There is a red triangle that says "Zero Access."

 

[VistaKing]

Can you post a screenshot ?

 

[nottaclue9]

Oh, dear god. I don't know how to do it, and it is too complicated for me to learn at 2 AM. If there are three steps or less, I'll try it for you. What is it that you need to see?

PS The scan that started when I clicked on the "delete" button is now searching for "Service" and the green status bar has moved a little bit more. It has apparently deleted one item.

 

[VistaKing]

It's ok we will wait for Cottonball's instructions .