@chanwhk
Hello and Wellcome
Your computer is full with crapware softwere and is infected with ZeroAcces Rootkit.
- I will be working on your Malware issues this may or may not solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine.
- If you don't know or understand something, please don't hesitate to ask.
- Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
- Please DO NOT run any other tools or scans whilst I am helping you.
- It is important that you reply to this thread. Do not start a new topic.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- Absence of symptoms does not mean that everything is clear.
--------------------------------
Step#1 Please download
zoek.exe and save it to your desktop.
- Close any open browsers.
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Select "Combined fix"options
(bottom right)
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
startupall;
C:\Windows\assembly\GAC_32\Desktop.ini;f
C:\Windows\assembly\GAC_64\Desktop.ini;f
filesrcm;
{D4027C7F-154A-4066-A1AD-4243D8127440};c
resetIEproxy;
iedefaults;
emptytemp;
C:\Windows\Installer\{9a7f898e-7e01-2f44-c634-28e8c5054e92};f
emptyclsid;
emptyiecache;
emptyjava;
emptyflash;
emptyIEcache;
- Click on Run script button
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
**********************************
Step#2 > Download
ComboFix from here and save it to your
Desktop.
If you are unsure how ComboFix works please read this guide carefully.note: ComboFix must be downloaded to your Desktop.> Temporarily disable your
AntiVirus program.
If you are unsure how to do this please read this or this Instruction.How to disable avast:- Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
- In the window that opens on the top right corner, click Settings.
- In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
- Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note:
Do not forget to turn on this option after the cleaning.> Run
ComboFix. Click on
I Agree!ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.
> When the tool is finished, it will produce a log report for you. (typical location: C:\
ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
*************************
> Check USB storage devices / removable drives for malware
Download
MCShield from one of the following links:
MyCity - Official download link Softpedija - Mirror download link - Double click MCShield-Setup to install the application.
- Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.- Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start -> All Programs -> MCShield -> Logs
Attach here ->
AllScans.txtExplanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
