Computer completely taken over... takes away priveledges, snap-ins , everyt

everything imaginable… tried to fix for over 6 dang months…!!!

and btw, i’m not a win7tech but respect them absolutely.

tyvm and

JT

Instructions >> https://forum.avast.com/index.php?topic=194892.0

Awesome… I have read some of your documents, recoveries, system saves… I feel quite fortunate. Would you prefer to be addressed respectfully as Pondus or Chief Wigam? just let me know pls…

… just wanted to reply to let you know that I am actively following your initial instructions, and also that I am very good at following directions… by that I mean that I understand that I am not to run this or run that cuz I think it will help, etc… I absolutely won’t. drives me crazy when i read about other people doing it… I might not do everything perfectly, but I will genuinely try.

I do think this one ( my issue(s)) will be not so easy, but I’m sure most people say that… this is like nuthin I’ve ever experienced, or heard of… more details to follow… i am grateful to an extent you could not know.

( estimated next submission: Mon Feb 19, 5:00 pm PST )

Right out of the gate, issues…

Already had MalwareBytes (MB) installed, unchecked self protect as stated by MB to update, reattempted to update and got the msg in the attachment… ( along with one before that remembered as I was typing … thought it best to wait for your orders…

attachment 2 pics

standing by…

2nd pic, actually the first

( can only send one at a time?? )

move to next step in instructions Farbar Recovery Scan tool (FRST)

attach the two diagnostic logs

Attached

2018-02-07 22:52 - 2018-02-07 22:52 - 003199995 ____R C:\Users\08-16\Downloads\NetGuard-Pro-2.131 [CrackedApk.Net].apk
2018-02-07 22:38 - 2018-02-07 22:38 - 000000000 ____D C:\Users\08-16\Downloads\Windows Firewall Control 4.8.5.0 + KeyGen - Crackingpatching.com
2018-02-07 22:37 - 2018-02-07 22:37 - 001964441 ____R C:\Users\08-16\Downloads\Windows Firewall Control 4.8.5.0 + KeyGen - Crackingpatching.com.zip
2018-02-07 22:36 - 2018-02-07 22:38 - 000000000 ____D C:\Users\08-16\Downloads\NETGATE FortKnox Personal Firewall 2017 21.0.170 + Patch [CracksMind]
2018-02-07 22:35 - 2018-02-08 06:01 - 000000000 ____D C:\Users\08-16\Downloads\Outpost Firewall Pro 9.1.0.4652.701.1951 Multilingual + Key
2018-02-07 22:35 - 2018-02-07 22:35 - 000000000 ____D C:\Users\08-16\Downloads\Comodo Firewall 2012 v5.10.228257.2253 + COMODO Internet Security Premium 2012

So… I have to ask. That might be a problem. How much of your security is cracked?

I don’t endorse torrenting - but if there is something you definitely should not do… is torrent your protection software ;D ;D ;D ;D

it didn’t start that way, just started trying everything after the others didn’t work.
I even tried cujo, totally legit… didn’t work for me

I figured you guys would want the real deal real world instances… so I didn’t pull any punches ( or remove certain things like I have no doubt many do )

We really don’t work on systems that use cracked software. :frowning:

That will be @Sass Drake to deside if he want or not

Malware expert @Sass Drake is notified, it may take hours befor he is online

Not Forum policy. We don’t support or condone the use of cracked software.

and that’s Good Policy… and it is being removed.

OK, when you’re done removing the cracked software, rescan with FRST and upload the results.

Also, did you try Malwarebytes Chameleon yet?

https://www.malwarebytes.com/chameleon/

Pondus… clearly on another more evolved level. Able to see so much more than most… just a hunch.

Perhaps a statement, not an entire scrolling lengthy description; but a sentence something like…

Do not ask for help if you have cracked, hacked or torrent programs and or files of any sort still on your machine. { Forum Policy }

… to make a blanket statement along the lines of “we don’t work on computers with torrent software” or similar is just not sensible, or accurate. I should say realistic rather than sensible.

thanks for the good work you all do… seriously mean that.

Just get rid of the cracked software.
There’s plenty of free stuff out there if you can’t afford the expensive stuff.
You’ll also feel a lot better. :slight_smile:

Please uninstall COMODO leftovers:

Comodo Dragon
COMODO GeekBuddy
Internet Security Essentials

Then,

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-400536322-2617188177-2686510977-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-400536322-2617188177-2686510977-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-400536322-2617188177-2686510977-1000\...\Policies\Explorer: [NoThemesTab] 1
HKU\S-1-5-21-400536322-2617188177-2686510977-1000\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-400536322-2617188177-2686510977-1000\...\MountPoints2: {4dac3891-1477-11e8-8dd1-e297a8182654} - D:\Autorun.exe
HKU\S-1-5-21-400536322-2617188177-2686510977-1000\...\MountPoints2: {4dac38a0-1477-11e8-8dd1-c2a3756fed69} - D:\Autorun.exe
HKU\S-1-5-21-400536322-2617188177-2686510977-1000\...\MountPoints2: {99712bbc-14b3-11e8-854d-bdda4ae89b51} - D:\Autorun.exe
2018-02-19 12:01 - 2018-02-19 12:01 - 000032768 ___HT C:\Users\08-16\etilqs_bgFedF4xa8IBfTA
2018-02-19 12:01 - 2018-02-19 12:01 - 000000512 ___HT C:\Users\08-16\etilqs_CT7aEINr0Ey6qZK
2018-02-19 08:38 - 2018-02-19 12:06 - 001753088 _____ C:\Users\08-16\904D57F61A9D7FE5185C01B47D54C2FB
HKLM\...\.reg: txtfile => %SystemRoot%\system32\NOTEPAD.EXE %1 <==== ATTENTION
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Sass Drake,

If The Respected Pondus defers to you, then you must be of considerable Rank and Skill…
also, forgive the time it has taken to reply… I will have complete updated scenario at latest,
late tonight… within 6 hrs…

P & SD

  [   pooof   ]        

               
     and it's   ...   gonzo