Need to remove Trojan Generic29.AJGE

Open RogueKiller once more click on Delete after you click on Scan . Upload that log file .

Do you have a USB flash drive ?

Ok run this tool

   Warning

You will need a USB FLASH DRIVE

   Tip

Download the Tool from a non infected PC

Download Farbar Recovery Scan Tool

Choose one that goes with your OS bit version . Save the file to the Flash drive

32-bit Version OS Farbar Recovery Scan Tool

64-Bit Version OS Farbar Recovery Scan Tool x64

   Note

Click the button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

   Note

Replace letter X with the drive letter of your flash drive.

   Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code:

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)

When you removed the USB did you use the Safety Hardware removal on the sys tray ? By the time . Icon has a green arrow

ClarenceA,

At this point, do not worry about a USB pendrive.

Please do the following:


Please go to the Farbar Recovery Scan Tool Download
Select the 64-bit version.
Save it to your Desktop.
Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---

The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txt in your reply. <<---



Next, download Farbar Service Scanner

Save to the Desktop

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

ClarenceA,


Please do the following...


Open Notepad (Start > All Programs > Accessories > Notepad)
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Quote').
Save it on the Desktop as: fixlist.txt

start
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
C:\$Recycle.Bin\S-1-5-21-31044135-2246990735-4103398003-1001\$afe5cd08687288fde4c4ba765766f9c0
end

WARNING: This script is written specifically for ClarenceA, for use on this particular computer.
Running the script on another computer may cause damage to the Operating System!!

Run FRST again, but this time press the Fix button just once, and wait.

FRST should reboot to finish removing ZeroAccess.

When done, the tool makes a log on the Desktp.
This time it is called: Fixlog.txt
Please post Fixlog.txt in your reply.




Next, please go to the TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool creates a log on the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_06.02.2013_15.31.43_log.txt

Please attach the TDSSKiller log in your reply.


There are several toolbar and junkware entries on the FRST report.
We'll be take care of that later, when done with the malware.