I second that emotion!
8)
I’m baaack … How is the computer now ?
Hello Again, EssexBoy. Hope you had a great vacation. Sad to be here
again but grateful for your help. The recurrent infection has
reappeared immediately after formatting and installation of Windows
Upgrade from a legitimate factory disc.
CHRONOLOGY>
Less than two weeks ago, I submitted the FRST logs and a few others.
after which I witnessed a continuing degradation of my HP supplied
Windows 7 Home premium.
I used 'Partition Magic or something like it, and found Recycler on
all NFTS hard drives, Could not see it on USB FAT files. Using
SuperAntiSpyware Super Delete I managed to delete every RECYCLER I saw
from internal and external hard drives. Hooray!
But then I ran Rogue Killer from Bleeping Computer’s drection to
Adlice website, and it found at least SIX incidences of PUM virus that
it seemed to succesfully delete. But knowing there was corruption in
the registry I decided to use my Windows 7 Upgrade disk. I used it
to format D:Recovery for fear of contamination hidden there…then
installed the new operating system on C: leaving Recovery D: blank.
Start up went well and I am able to go online. Then I turned on my
two external hard drives and inspected both to make sure the RECYCLER
was gone. And it was. So I went to bleeping Computer to download
RogueKiller again, and immediately started to experience symptoms of
infection with pages redirected, and the inability to download the
latest version of RogueKiller.
Based on my experience I am convinced that the infection[s] are
resident and hiding on external HD’s and USB’s. This has been going
on for years now with NO ONE comitted to the complete removal of this
serious infection[s].
Despite the fact that I just reloaded the new OS, every time I boot up I see the black OS error screen.
I have 12,500 songs on my hard derives. So not having access to them
would SUCK. I really need someone to help me rid my
machine of these problems.
I would love it if we could dig down to the Bottom of this
thang…Please!
Sorry about the line through the description here. Another symptom of malware?
Humbly, Thanks!
Are the redirects happening in Chrome… Do you have chrome set to synch on sign in ?
If so then that is where the problem resides, in the synch files held online. As soon as you log in to chrome then it will reset chrome to what it was before, including any bad extensions
Dear EssexBoy…Based on your question, I am wondering if you are able to read my lengthy explanation which described two major infections: PUM and Recycler? I did not mention Chrome in the body of my explanation. I just now re-installed my Windows 7 Upgrade and Chrome [without turning on the ext drives] and so far so good I am fairly certain that their is a rootkit or something worse on my external hard drives and/or USB. And as I mentioned in my last post these external HD’s contain my 12,000 songs.
Can you look at the external drives with a log file program, and see if there is something bad hidden there?
Thanks!
PUM is a minor thing which could be based on how you use the system. The reference to Chrome was in response to your mention of redirects 
To check the external we can use AVZ
Connect the external drives
Open the folder and double click the AVZ icon
https://dl.dropboxusercontent.com/u/73555776/avz.JPG
Place a tick in the external drives only
When the tool opens select “File” > “Standards scripts”
https://dl.dropboxusercontent.com/u/73555776/avz1.jpg
Place a tick in :
3. Advanced System Analysis with malware removal mode enabled
Then press “Execute selected scripts”
https://dl.dropboxusercontent.com/u/73555776/avz2.JPG
There will be several warnings, OK them all and the system will reboot on completion of the analysis
After the reboot look in the folder AVZ4 on your desktop
Open the LOG folder
Attach KL_syscure.zip to your next post
Okay…sorry about the confusion. I ran the AVZ just as instructed. When I clicked scan, the program added C: to the check list. It finished scanning and I saw the report on the application. However in looking for the KL_syscure.zip, it was not in the log file. There four virusinfo_syscure files: TWO compressed: ONE xml doc: and one Chrome HTML DOC.
Here is a link to the Chrome page: file:///C:/Users/JUSTME/Desktop/avz4/avz4/LOG/virusinfo_syscure.htm
So thank you and NOW WHAT?
Could you rename this file to .txt please and then attach it C:/Users/JUSTME/Desktop/avz4/avz4/LOG/virusinfo_syscure.htm
Hi…okay I have to admit that I didn’t completely understand your request. So I opened the Chrome document of the scan, selected it all, and copied and pasted it into the Notepad attached Hope it works. BTW, I thought I saw something about FaceBook in the hosts file. I quit my Facebook account years ago.
I await your next message.
THANK YOU!
If you are too busy to help…I can try another forum.
Nothing apparent on the external drives. The only other alternative is to run a Dr Webb scan on them to see if it finds anything. But, the scan may take a while as it inspectcts every single file on the drive. Let me know if you wish to try this
SORRY i MISSED YOUR REPLY…But how is it possible that there is nothing there when I just tried to create the right permissions and got a message that said…“Access on $RecycleBin denied”? even listing me as Administrator???
$RecycleBin is a system folder and only trusted installer can kill it for a while
These are system folders, used by Windows. Even if you manage to delete them, Windows will create them again.On windows the main recycle bin on your desktop only links to a virtual folder that displays the recycle bin folder of each drive where the deleted contents on the drive are stored until the contents are completely deleted (Emptying the recycle bin)
This means if you delete something on your external HDD on computer A it is stored in the recycle bin of that drive. Then you unplug the HDD and take it to computer B and then the deleted contents are still accessable so you can restore them.
Okay…Thanks for everything!