Jump to content

SweetTech

Trusted Malware Techs
  • Content Count

    23
  • Joined

  • Last visited

Posts posted by SweetTech


  1. Hello,

     

    Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

     

     

     

    NEXT:

     

     

     

    Remove Program

    We need to remove a program. To do this please do the following:

    • Click Start
    • Go to Control Panel
    • Go to Add/Remove Programs
    • Find and click Remove for the following (if present):

    • Adobe Reader 8.1.1

     

    NEXT:

     

     

     

    Time for some housekeeping

    The following will implement some cleanup procedures as well as reset System Restore points:

     

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

     

     

     

    NEXT:

     

     

     

    OTL Clean-Up

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.
    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

     

     

     

    NEXT:

     

     

     

    All Clean Speech

     

    ===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

      Strong passwords: How to create and use them

      then consider a password keeper, to keep all your passwords safe.

    • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/

      This will ensure your computer has always the latest security updates available installed on your computer.

    • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

    • Make Internet Explorer more secure

      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

    • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE
    • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here

      • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.

        • NoScript - for blocking ads and other potential website attacks
    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

      Think Prevention.

      PC Safety and Security--What Do I Need?.

    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

     

    Thank you for your patience, and performing all of the procedures requested.

     

    Please respond one last time so we can consider the thread resolved and close it, thank-you.

     

    Cheers,

    SweetTech.


  2. Hello,

     

    For IE issue:

     

    Copy the following bolded text below:

     

    "%programfiles%\internet explorer\iexplore.exe"

     

    On your desktop right-click on a blank space, point to New, and then Click Shortcut.

     

    In the Create Shortcut Wizard, right-click the Type the location of the item box, and then click Paste to paste the command that you copied in step 1.

    Click Next.

    In the Type a name for this shortcut box, type Internet Explorer.

    Click Finish.

     

    A shortcut to Internet Explorer is created on your desktop.

     

     

    Malwarebytes' Anti-Malware

     

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

     

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform quick scan, then click on Scan
    • Leave the default options as it is and click on Start Scan
    • When done, you will be prompted. Click OK, then click on Show Results
    • Checked (ticked) all items and click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

     

     

     

    NEXT:

     

     

     

    ESET Online Scanner

    I'd like us to scan your machine with ESET Online Scan

     

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

    Please don't go surfing while your resident protection is disabled!

    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

     

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

      ESET OnlineScan

    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option "Remove found threats" is Unchecked
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin

      scanning your computer. Please be patient as this can take some time.

    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as

      ESETScan. Include the contents of this report in your next reply.

    • Push the Posted Image button.
    • Push Posted Image

     

    NEXT:

     

     

     

    Security Check

    Download Security Check by screen317 from here or here.

    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

     

     

    NEXT:

     

     

     

    OTL Custom Scan

     

    We need to run an OTL Custom Scan

    • Please reopen Posted Image on your desktop.
    • Copy and Paste the following bolded text into the Posted Image textbox.

       

      netsvcs

      drivers32 /all

      %SYSTEMDRIVE%\*.*

      %systemroot%\system32\*.wt

      %systemroot%\system32\*.ruy

      %systemroot%\Fonts\*.com

      %systemroot%\Fonts\*.dll

      %systemroot%\Fonts\*.ini

      %systemroot%\Fonts\*.ini2

      %systemroot%\system32\spool\prtprocs\w32x86\*.tmp

      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

      %systemroot%\REPAIR\*.bak1

      %systemroot%\REPAIR\*.ini

      %systemroot%\system32\*.jpg

      %systemroot%\*.scr

      %systemroot%\*._sy

      %APPDATA%\Adobe\Update\*.*

      %ALLUSERSPROFILE%\Favorites\*.*

      %APPDATA%\Microsoft\*.*

      %PROGRAMFILES%\*.*

      %APPDATA%\Update\*.*

      %systemroot%\*. /mp /s

      CREATERESTOREPOINT

      %systemroot%\system32\*.dll /lockedfiles

      %systemroot%\Tasks\*.job /lockedfiles

      %systemroot%\System32\config\*.sav

      %systemroot%\system32\user32.dll /md5

      %systemroot%\system32\ws2_32.dll /md5

      %systemroot%\system32\ws2help.dll /md5

      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Push Posted Image
    • A report will open. Copy and Paste that report in your next reply.

     

     

     

     

    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

    2. The log that is produced after running the MalwareBytes' Anti-Malware scan.

    3. The log that is produced after running the ESET Online Virus Scanner.

    4. The log that is produced after running the SecurityCheck scan.

    5. The log that is produced after running the OTL scan.

    6. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

     

    Cheers,

    SweetTech.


  3. Running ComboFix

    Download ComboFix from one of the following locations:

    Link 1

    Link 2

     

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

     

    * IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

     

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

     

    Posted Image

     

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

     

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


  4. Can you please attempt to re-run the OTL script above. You will want to ensure that you run it as a fix rather than as a scan.

     

    Are you saying that Trend Micro is detecting TDSSKiller.exe as being infected? If that's the case please delete the current copy you have. Download a new copy, and then disable your Trend Micro, run TDSSKiller, reboot your machine, and re-enable Trend Micro.


  5. Hello,

     

    OTL Fix

     

    We need to run an OTL Fix

    • Please reopen Posted Image on your desktop.
    • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

       

      :Services
      :OTL
      FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,127.0.0.1"
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not found
      O4 - HKCU..\Run: [Sonic RecordNow!] File not found
      O4 - HKLM..\RunOnceEx: [] File not found
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.veri...pdate_1-0-0.cab (Reg Error: Value error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O33 - MountPoints2\{2b450097-e026-11dc-96e3-0007e9540d2b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
      O33 - MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [start explorer]
      [Reboot]
    • Push Posted Image
    • OTL may ask to reboot the machine. Please do so if asked.
    • Click Posted Image.
    • A report will open. Copy and Paste that report in your next reply.
    • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

     

    NEXT:

     

     

     

    Running TDSSKiller

     

     

    Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.

     

     

    Download TDSSKiller from one of the links below:

     

    Zipped Version or Executable (Not Zipped) Version

     

     

    Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.

     

     

    Please ensure that you save the TDSSKiller file to you desktop.

     

     

    If TDSSKiller asks you to close all programs please allow it to do so.

     

     

    If you see the following:

    To finalize removal of infection and avoid loosing of data program will reboot your PC now.

    Close all programs and choose Y to restart or N to continue.

     

    Please enter Y and allow TDSSKiller to reboot your computer.

     

     

    Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

     

     

    Please post the content of the TDSSKiller log.

     

     

     

    NEXT:

     

     

     

    Java Outdated

    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 21 (JDK or JRE)".
    • Click the "Download JRE" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
    • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

     

    Note:

    The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

    To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.

    Click Ok and reboot your computer.

     

     

    NEXT

     

     

     

    Clean Java Cache & Temporary Files

    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
    • Click OK on Delete Temporary Files Window

       

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

     

    NEXT:

     

     

     

    Please download JavaRa and unzip it to your desktop.

     

    ***Please close any instances of Internet Explorer before continuing!***

     

    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

  6. Hello,

     

    My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

     

    If you have already received help elsewhere please inform me so that this topic can be closed.

     

    If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

     

    • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
    • Please make sure to carefully read any instruction that I give you.

      Reading too lightly will cause you to miss important steps, which could have destructive effects.

    • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
    • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
    • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
    • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
    • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
    • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

      Because of this, you must reply within three days

      failure to reply will result in the topic being closed!
    • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. ;)
    • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.

      Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

    ____________________________________________________

     

     

    OTL Custom Scan

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs

      drivers32 /all

      %SYSTEMDRIVE%\*.*

      %systemroot%\system32\*.wt

      %systemroot%\system32\*.ruy

      %systemroot%\Fonts\*.com

      %systemroot%\Fonts\*.dll

      %systemroot%\Fonts\*.ini

      %systemroot%\Fonts\*.ini2

      %systemroot%\system32\spool\prtprocs\w32x86\*.tmp

      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

      %systemroot%\REPAIR\*.bak1

      %systemroot%\REPAIR\*.ini

      %systemroot%\system32\*.jpg

      %systemroot%\*.scr

      %systemroot%\*._sy

      %APPDATA%\Adobe\Update\*.*

      %ALLUSERSPROFILE%\Favorites\*.*

      %APPDATA%\Microsoft\*.*

      %PROGRAMFILES%\*.dat

      %APPDATA%\Update\*.*

      %systemroot%\*. /mp /s

      CREATERESTOREPOINT

      %systemroot%\system32\*.dll /lockedfiles

      %systemroot%\Tasks\*.job /lockedfiles

      %systemroot%\System32\config\*.sav

      %systemroot%\system32\user32.dll /md5

      %systemroot%\system32\ws2_32.dll /md5

      %systemroot%\system32\ws2help.dll /md5

      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

     

    NEXT:

     

     

     

    Scanning with GMER

     

    Please download GMER from one of the following locations and save it to your desktop:

    • Main Mirror

      This version will download a randomly named file (Recommended)

    • Zipped Mirror

      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

       

      Posted Image

    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
    -- If you encounter any problems, try running GMER in safe mode.

    -- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning

    .

     

     

     

    NEXT:

     

     

     

    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

    2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)

    3. The log that was produced after running GMER

    4. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

  7. Your logs were showing me a few left over entries in your registry, I wasn't really seeing too much.

     

    There was something else that I wanted to mention to you.

     

    In Gmail there is a feature that allows you to see what IP Addresses are logged into your account at the moment.

     

    This feature is towards the bottom of the page and will read something like the following:

     

    Last account activity: 0 minutes ago at this IP (xx.xx.xx.xx). Details

     

    Where x denotes your IP Address. If you click on Details it will bring up a page that shows you the time and date of a log in to your account as well as the IP Address. I'm not sure if your aware of this or not, but thought I'd mention it to you anyways.


  8. You are more than welcome. I think that it might have been a coincidence, but if you haven't already done so I'd make sure that you change your Gmail password. The best advice I can give you is to make sure that you don't open up e-mail attachments from people you don't know, don't visit dodgy websites, and make sure you keep your security programs up-to-date.

     

    Sorry about giving you the wrong instructions.


  9. Hello juno340,

     

    No I have not heard anything in regards to the Starbucks wifi so I'm afraid I can't be of too much help there. Sorry.

     

     

    NEXT:

     

     

     

    OTL Clean-Up

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    NEXT:

     

     

     

    Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections.

    • System restore:

      We will now clear your existing system restore points and establish a new clean restore point:

    o Click on the Start button to open your Start Menu.

    o Click on the Control Panel menu option.

    o Click on the System and Maintenance menu option.

    o Click on the System menu option.

    o Click on System Protection in the left-hand task list.

    o Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.

    o Type in a title for the manual restore point and press the Create button.

    o Close the System window after you have been advised that the procedure has been successfully completed.

     

    o Next, go to Start > Run and type in cleanmgr

    o Select the More options tab

    o Choose the option to clean up system restore and OK it.

     

    This will remove all restore points except the new one you just created.

    Make sure you do this now, as your System Restore currently has infected files in it.

     

     

     

    NEXT:

     

     

     

    All Clean Speech

     

    ===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

    Below I have included a number of recommendations for how to protect your computer against malware infections.
    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

      Strong passwords: How to create and use them

      then consider a password keeper, to keep all your passwords safe.

    • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/

      This will ensure your computer has always the latest security updates available installed on your computer.

    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

    • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE
    • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
      • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
        • NoScript - for blocking ads and other potential website attacks
    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:Think Prevention.

      PC Safety and Security--What Do I Need?.

    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

     

    Thank you for your patience, and performing all of the procedures requested.

     

    Please respond one last time so we can consider the thread resolved and close it, thank-you.


  10. I'm not really seeing to much in your logs. Lets see what the scans below come up with.

     

     

     

    OTL Fix

    Run OTL.exe

    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

       

      :Services
      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O4 - HKLM..\Run: [M3000Mnt] File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      :Commands
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    NEXT:

     

     

     

    Malwarebytes' Anti-Malware

     

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

     

    • Open Malwarebytes' Anti-Malware

    • Select the Update tab

    • Click Check for Updates

    • After the update have been completed, Select the Scanner tab.

    • Select Perform quick scan, then click on Scan

    • Leave the default options as it is and click on Start Scan

    • When done, you will be prompted. Click OK, then click on Show Results

    • Checked (ticked) all items and click on Remove Selected

    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

     

     

    NEXT:

     

     

     

    ESET Online Scanner

    I'd like us to scan your machine with ESET Online Scan

     

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

    Please don't go surfing while your resident protection is disabled!

    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

      ESET OnlineScan

    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option "Remove found threats" is Unchecked
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin

      scanning your computer. Please be patient as this can take some time.

    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as

      ESETScan. Include the contents of this report in your next reply.

    • Push the Posted Image button.
    • Push Posted Image
    NEXT:

     

     

     

     

    Re-Running OTL

    • Please double click on the OTL icon which should be located on your desktop. This will run OTL. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open up a notepad window called OTL.txt.

      Note: This log can be located in the OTL folder on you C:\ drive if they fail to open automatically.

    • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt file, and post it with your next reply.
    NEXT:

     

     

     

    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

    2. The log that was produced after running the OTL fix.

    3. The log that was produced after running the MalwareBytes' Anti-Malware.

    4. The log that was produced after running the ESET Online Scanner.

    5. The log that was produced after running the new OTL scan.

    6. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

  11. My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

    • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
    • Please make sure to carefully read any instruction that I give you.

      Reading too lightly will cause you to miss important steps, which could have destructive effects.

    • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
    • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
    • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
    • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
    • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
    • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

      Because of this, you must reply within three days

      . I will post a reminder should you seem to fail to do this, however, if you fail to reply within two days then,

      unless I have been notified of your absence in advance, the topic shall be closed!

    • Please do not PM me directly for help. If you have any questions, post them in this topic.
    • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.

      Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

    ____________________________________________________

     

     

    OTL Custom Scan

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs

      %SYSTEMDRIVE%\*.exe

      /md5start

      eventlog.dll

      scecli.dll

      netlogon.dll

      cngaudit.dll

      sceclt.dll

      ntelogon.dll

      logevent.dll

      iaStor.sys

      nvstor.sys

      atapi.sys

      IdeChnDr.sys

      viasraid.sys

      AGP440.sys

      vaxscsi.sys

      nvatabus.sys

      viamraid.sys

      nvata.sys

      nvgts.sys

      iastorv.sys

      ViPrt.sys

      eNetHook.dll

      ahcix86.sys

      KR10N.sys

      nvstor32.sys

      ahcix86s.sys

      nvrd32.sys

      symmpi.sys

      adp3132.sys

      mv61xx.sys

      /md5stop

      %systemroot%\*. /mp /s

      CREATERESTOREPOINT

      %systemroot%\system32\*.dll /lockedfiles

      %systemroot%\Tasks\*.job /lockedfiles

      %systemroot%\system32\drivers\*.sys /lockedfiles

      %systemroot%\System32\config\*.sav

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

    NEXT:

     

     

     

    Please download GMER from one of the following locations and save it to your desktop:

    • Main Mirror

      This version will download a randomly named file (Recommended)

    • Zipped Mirror

      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection

      so your security programs will not conflict with gmer's driver.

    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

       

      Posted Image

    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    NEXT:

     

     

     

    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

    2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)

    3. The log that was produced after running GMER

    4. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
×
×
  • Create New...