Jump to content

jeffce

Trusted Malware Techs
  • Content Count

    253
  • Joined

  • Last visited

Everything posted by jeffce

  1. Hi, Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: ClearJavaCache:: DDS:: uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: MRI_DISABLED - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File:: c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe.config RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.----------
  2. Hi, I am very sorry for your loss. Take your time with the responses if need be. --------- Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review.
  3. CKScanner has detected illegal software on your system. Besides being illegal, it's the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal. If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime. I have worked up a fix for their removal. If you do not agree to this then this thread will be closed and no further help will be offered. Please let me know if you wish to continue.
  4. Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. IMPORTANT NOTE : Please do not delete anything unless instructed to.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data. Vista and Windows 7 users: These tools MUST be run from the executable (.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator") Stay with this topic until I give you the all clean post. First we need to make all files and folders VISIBLE: Go to start>control panel>folder options>view Choose to "show hidden files and folders," Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes. Close the window with OK Download CKScanner by askey127 from Here & save it to your Desktop.Right-click and Run as Administrator CKScanner.exe then click Search For Files When the cursor hourglass disappears, click Save List To File A message box will verify the file saved Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply ---------- Please download aswMBR to your desktop. Right click and Run as Administrator the aswMBR icon to run it. Click the Scan button to start scan. When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply. Click the image to enlarge it ---------- In your next reply please post the logs made by ckscanner and aswMBR.
  5. Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. ----------
  6. Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. ----------
  7. Hi Lorrea, I think you are making a good decision. The infection that I found is one of the worst ones out right now and the damage that may have been done could still be hiding. I think you would be best served by either posting for help in the User to User forum here or go to What the Tech and post into the Windows forum (after registering for free). The techs at What the Tech are exceptional and will be ready to help you.
  8. Hi Lorrea, I just want to make sure I understand what you want to do...Are you wanting to reinstall your operating system?
  9. Hi, Ok...first thanks for letting me know about the programs you are having problems with. ---------- Let's remove Norton completely. Use the tool found here to do so. Once complete reboot your system and then continue with the following instructions. --------- Please do the following: Hold down the Windows key and press R to open a run box type the following text into the run box appwiz.cpl This will open your Programs And Features. A list of installed programs will populate Remove the following programs: Sub Sidekick ---------- Download the latest version of Kaspersky Virus Removal Tool Close all other applications and double-click and run the installer. When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings. In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats. Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK. Select all the scanable items except for CD-ROM drives and click the Start scan button. If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active). After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active). If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window. In the Scan window click the Reports button and select Save to file. Name the report AVPT.txt, and save it to the Desktop. Close AVPTool. You will be prompted if you want to uninstall the program; click Yes. You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system. Copy and paste the first part of the report (Detected) that you saved in your next reply. ---------- Now run another scan with OTL. ---------- In your next reply please post the logs created by Kaspersky Virus Tool and OTL.
  10. Hi, I see that we have some more work to do. I noticed that you have both Norton and McAfee on your system. Which antivirus is it that you are actively using? We need to remove the other so there are no conflicts.
  11. Hi yoyocool2, Nothing is jumping out at me related to malware. I think that this may be a software issue. I believe that you may be better served by going here at What the Tech in the Windows forum. The techs there are exceptional and are better able to help you with the problems you have remaining. Please post a new topic there and be sure to post a link to the topic here so that they can see what we have done. If they recommend you come back we can dig a little deeper. I will leave this topic open so when you return we can remove our tools and I can give you some computer security information.
  12. Download OTL to your desktop. Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
  13. Ok...thanks for letting me know that. I thought you were having problems after you opened it. Sorry about that. Go ahead and run the OTL fix like I posted for you previously and I will look into Chrome.
  14. Hi yoyocool, Sorry about the delay in response. For your problems with Chrome you may need to remove any extensions that you have running manually. Open Chrome >> press on the Wrench icon in the top right corner >> go to Tools >> Extensions and then then disable all the add-ons and see if that helps. ------ Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator. ---------- Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :Services :OTL IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 7B 5D E8 38 C8 CC 01 [binary data] FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found [2011/12/06 15:53:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Hayleee\AppData\Roaming\Mozilla\Firefox\Profiles\54hjis6t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} O18:64bit: - Protocol\Handler\wlpg - No CLSID value found :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [emptyflash] [emptyjava] [clearallrestorepoints] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time ) ---------- In your next reply please let me know if that helped your problems with Firefox and Chrome. What other symptoms are you experiencing?
  15. Did you post in the wrong topic??
  16. Hi, How is your system running? ---------- You have an older version of Adobe Reader. You can download the current version HERE You may want to consider Foxit Reader instead. It may be a bit lighter on resources. Visit their support forum Foxit Forum In either case you should uninstall Adobe Reader 9.4.4 first. Be sure to move any PDF documents to another folder first though. ---------- Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. ---------- Please run a new scan now with DDS and post both of the logs that are created into your next reply. How is your system running?
  17. Hi, Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: File:: C:\Users\lorrea\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3d3fb229-5a78481c C:\Users\lorrea\Downloads\CouponPrinter.exe C:\Users\lorrea\Downloads\videora-ipod-504-setup.exe Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.---------- In your next reply please post the log created by ComboFix and let me know how your system is running.
  18. Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. ----------
  19. Thank you for the kind words. I am glad that I could help.
  20. IT APPEARS THAT YOUR LOGS ARE NOW CLEAN SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! Everything that I have had you run, that you did not already have, is not a tool to use on your own...especially ComboFix. We will be cleaning these up though. None of them are antivirus programs to be run on a regular basis but specialty tools to be used at specific times. ---------- This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection. --------- The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following text into the Run box as shown and click OK. Combofix /Uninstall (Note: There is a space between the ..X and the /U that needs to be there.) ---------- Clean up with OTL: Right-click and Run as Administrator OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer. ---------- Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. Here are some tips to reduce the potential for spyware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Make your Mozilla Firefox more secure - This can be done by adding these add-ons: NoScript AdBlockPlus 2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:Open Internet Explorer Click on Tools > Internet Options Press Security tab Select Internet zone then place check next to Enable Protected Mode if not already done Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled. 3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below: Online Armor Free Agnitum Outpost Firewall Free 5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file. 7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome. 8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
  21. Hi, Download OTL to your desktop. Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
  22. Great Job!! I was looking at having you do just the same thing. I will review the ComboFix log and get back as quickly as I can.
×
×
  • Create New...