Jump to content

dan12

Members
  • Posts

    119
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u You can delete RootRepeal just need to reverse what you did earlier for me when you checked BOOTLOG it may well be done already ,like to ake sure. Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and uncheck BOOTLOG Click on OK and you will be prompted to RESTART Windows. Please do restart now. Let me know when done and can you tell me how things are now.
  2. My apology for delay, did you address this file c:\mfe <<Just delete this file manually at all? (find and delete) As it's been a few days can I see a further HJT log as things can change on a daily basis. dan
  3. Hi, did you remove limewire after my advice earlier, reference p2p ? will get to file removal don't worry
  4. Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present) O4 - HKLM\..\RunOnce: [GooredFixCleanup] C:\WINDOWS\system32\cmd.exe /Q /C "del C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\_gooredcleanup.bat" WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit Your good to go. Congratulations you are clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each. However you can have several Antimalware programs Create a new System Restore Point This is a good time to clear your existing system restore points and establish a new clean restore point: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and Ok it. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and OK it. This will remove all restore points except the new one you just created. Here are some free programs I recommend that could help you improve your computer's security. Spybot Search and Destroy 1.6.2 Download it from here. Just choose a mirror and off you go. Find here the tutorial on how to use Spybot properly here Find here changes from older version 1.4 here Install Spyware Guard Download it from here Find here the tutorial on how to use Spyware Guard here Install SpyWare Blaster Download it from here Find here the tutorial on how to use Spyware Blaster here Install WinPatrol Download it from here Here you can find information about how WinPatrol works here Install FireTrust SiteHound You can find information and download it from here Install MVPS Hosts File from here The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Visit Microsoft often to get the latest updates for your computer. http://www.update.microsoft.com Please check out Tony Klein's article here Read some information here how to prevent Malware. Stand Up and Be Counted! Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions. >> Here << you can see how you can help us. Happy safe surfing! Dan
  5. I noticed firfox is out of date Mozilla Firefox (3.0.7) I believe it's 3.0.8 now boot up in SAFE MODE Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present) O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit Boot into normal mode ------------------------ The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u Click Start >> Run and then copy/paste the following into the box and hit Enter: "%userprofile%\Desktop\GooredFix.exe" /uninstall If any of your security programs query a new Registry/AutoStart value being added please allow the changes. You can delete RootRepeal and javara post a fresh HJT log and let me know if above went ok.
  6. If you don't use mirc it's just taking up space, so uninstall it. can I see a fresh HJT log as it's been a couple of days since I saw one. dan
  7. Hi, can I ask do you use mirc? as this could be a false positive
  8. c:\mfe <<Just delete this file Now run the kaspersky scan. Don't worry about jotti's typo error on my part
  9. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: KILLALL::File::c:\windows\system32\drivers\uhzzdvnk.sysDriver:: xrxyv Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. ------------------------------- Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA Then run this tool to help cleanup any left over Java Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please download JavaRa and unzip it to your desktop. ***Please close any instances of Internet Explorer (or other web browser) before continuing!*** Double-click on JavaRa.exe to start the program. From the drop-down menu, choose English and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location and post it back when you reply Then look for the following Java folders and if found delete them. C:\Program Files\Java C:\Program Files\Common Files\Java C:\Documents and Settings\All Users\Application Data\Java C:\Documents and Settings\All Users\Application Data\Sun\Java C:\Documents and Settings\username\Application Data\Java C:\Documents and Settings\username\Application Data\Sun\Java ------------------------ Download and Update Java Runtime The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 13. Go to http://java.sun.com/javase/downloads/index.jspGo to Java Runtime Environment (JRE) 6 Update 13 about half way down the page and click on the Download button. In Platform box choose Windows. Check the box to Accept License Agreement and click Continue. Click on Windows Offline Installation, click on the link under it which says jre-6u12-windows-i586-p.exe and save the downloaded file to your desktop. Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions. Uncheck the Toolbar button (unless you want the toolbar) Reboot your computer ---------------------- Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Post combofix log java report kaspersky report
  10. My apology Masterguy, for not getting back to you, for some reason this was my first notification that I received after my last post to you. As advancesetup has mentioned we try our best but we lose the odd one in the system, we are human too I will leave you in the capable hands of advancesetup Kind regards dan
  11. Mcafee was only doing it's job. Items flagged are quite safe as I have them in a secure place and will deal with them when I'm happy were clean. c:\mfe <<You can delete this folder Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Post: jotti's report kaspersky report fresh HJT log
  12. Submit a File For Analysis We need to have the files below Scanned by Uploading them/it to Jotti Please visit Jotti Copy/paste the the following file path into the window c:\program files\dMC-r10.exe Click Submit/Send File Please post back, to let me know the results. Please do the same for the following file c:\windows\system32\10E31F1BA8.sys If Jotti is too busy please try Virustotal ----------------------------- ATF Cleaner Download ATF Cleaner here by Atribune. Double-click ATF-Cleaner.exe to run the program Under Main choose: Select All Click the Empty Selected button If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button NOTE: If you would like to keep your saved passwords, please click No at the prompt If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button NOTE: If you would like to keep your saved passwords, please click No at the prompt Click Exit on the Main menu to close the program. ---------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: File::c:\windows\system32\uactmp.dbC:\register.batc:\documents and settings\Raven\register.batFolder::c:\program files\LimeWireDirLook::c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}C:\mfeC:\e51e30ab8bb3b01752a8c619c942Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{148dd71f-040f-11dc-95e1-00038a000015}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. ------------------------------ : Malwarebytes' Anti-Malware : Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware [*] then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select Perform full scan, then click Scan. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Be sure that everything is checked, and click Remove Selected. [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this: C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt Post: combofix log malwarebytes report jotti's report
  13. You did fine ,I will start to look over the logs soon
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.