I need some help

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Click to expand...

Hello fittens and welcome back to the Tech Support Guy Forums

My name is capnkrunch and I will be helping you with your malware problems. I'm an Undergraduate trainee at Malware Removal University, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

• The instructions being given are for YOUR computer and system only!
  Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
• You must have Administrator rights, permissions for this computer.
• DO NOT run any other fix or removal tools unless instructed to do so.
• DO NOT install any other software (or hardware) during the cleaning process.
• Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
• Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
• Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
  Remember, absence of symptoms does mean the infection is all gone.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Click to expand...

For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

• For Windows Vista/7 - How to back up or transfer your data on a Windows-based computer
• For Windows 8.1 - Set up a drive for File History
• For Windows 10 - Back up and restore your files
• If your computer won't boot - How to use Ubuntu Live CD to Backup Files from your dead Windows Computer

Before we begin I need you to run a scan for me.

FRST Scan

• Please download Farbar Recovery Scan Tool (FRST) by Farbar, and save it to your Desktop.
  • FRST <--- for 32bit systems
  • FRST64 <--- for 64bit systems
  Note: if you are unsure what your system is download and run both. Only the correct one will run.
• Close all open programs and windows so you are at your Desktop.
• Right click FRST.exe/FRST64.exe and select Run as administrator.
• When the tool opens click Yes to the disclaimer.
• Press the Scan button and wait while the scan finishes.
• Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
  The logs can also be found in the same directory where FRST was run from.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:

• Did you have any problems with the instructions?
• FRST.txt
• Addition.txt
• Are there any changes in computer behavior?

I was just about to do that until...this screen popped up. It's pretty fake.

Hello fittens

fittens said:

I was just about to do that until...this screen popped up. It's pretty fake.

Click to expand...

You are correct, that screen certainly fake. It sounds like you already know but Microsoft will never ask you to call them to solve an error. If you ever run into a situation like this and believe you do need tech support assistance it is always best to look up the company's customer service number yourself rather than calling one presented.

Step one...

Please answer these questions:

Is this computer ever connected to an educational institution's network, for example a University? I need to know to provide proper instructions.

What version of Windows are you running?

Step two...

Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.

• Download TCRB from HERE and save it to your Desktop.
• Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
• Launch TCRB.
• Click the Backup Registry tab and make sure all the boxes are checked.
• Click on Backup Now.
• Once the backup is finished you can now exit the program.

Step three...

RKill

• Please download RKill by BleepingComputer and save it to your Desktop.
• Right click RKill.exe and select Run as administrator.
  Note: if RKill.exe will not run try the other download links at the BleepingComputer download page.
• A command prompt will open and then close upon completion.
• When finished a log will open in Notepad. Please copy and paste the contents in your reply.
  The log can also be found at C:\rkill.log.

Warning: do not reboot your computer until told to do so. If you computer restarts you will need to rerun RKill.

Step four...

FRST Scan

• Please delete any copies of FRST64.exe and download a new one HERE.
• Close all open programs and windows so you are at your Desktop.
• Right click FRST64.exe and select Run as administrator.
• When the tool opens click Yes to the disclaimer.
• Press the Scan button and wait while the scan finishes.
• Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
  The logs can also be found in the same directory where FRST was run from.

Even if you are unable to run RKill and/or FRST please continue with this next step.

Step five...

RogueKiller Scan

• Please download RogueKiller by Tigzy and save it to your Desktop.
• Close all open programs and windows so you are at your Desktop.
• Right click RogueKiller.exe and select Run as administrator.
  • If the malware prevents RogueKiller from running, try executing it several times.
  • If it still won't run, rename the file to winlogon.exe and try again.
• When the prescan finishes, click Accept to agree to the EULA.
• Click the Scan button.
• Once RogueKiller is finished click the Report button.
• Copy and paste the contents of the log in your reply.
  The log can also be found in the same directory Roguekiller was run from. Look for the one with the current time and date.
• Exit RogueKiller by pressing the red [X] and replying Yes to the prompt.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:

• Did you have any problems with the instructions?
• Answers to my questions
• rkill.log
• FRST.txt
• Addition.txt
• RKreport[0]_S_MMDDYYYY_HHMMSS.txt
• Are there any changes in computer behavior?