Jump to content

dan12

Members
  • Posts

    119
  • Joined

  • Last visited

Everything posted by dan12

  1. welcome to malwarebytes forum My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan
  2. welcome to malwarebytes forum My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan
  3. welcome to malwarebytes forum My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan
  4. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Rootkit::c:\windows\TEMP\TMP0000006CF7EC81760B04637C Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Post a fresh HJT log and let me know how things are with the pc.
  5. Clearing Java Cache There's some malware in your Java cache so lets clear it. Press StartGo to Control Panel Click Java Under Temporary Internet Files click Settings... Now click Delete files... Select both options and click OK The temporary files will now be deleted. When done click OK twice and close Control Panel Can I see a further HJT log and let me know how things are. dan
  6. Things are looking a lot better, I will need to look over the returned reports and will get back to you at some point tomorrow as it's late here.
  7. Hi, before you continue with below, please move combofix exe onto the desktop as the scripts will only work from there. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Update malwarebytes do me a quick scan. Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu. Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX. Check (tick) this box: YES, I accept the Terms of Use. Click on the Start button next to it. When prompted to run ActiveX. click Yes. You will be asked to install an ActiveX. Click Install. Once installed, the scanner will be initialized. After the scanner is initialized, click Start. Uncheck (untick) Remove found threats box. Check (tick) Scan unwanted applications. Click on Scan. It will start scanning. Please be patient. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply. Post combofix report malwarebytes report Eset report
  8. Ok, did you uninstall PunkBuster Services as detailed? 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Can you update malwarebytes and do me a full scan please. Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu. Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX. Check (tick) this box: YES, I accept the Terms of Use. Click on the Start button next to it. When prompted to run ActiveX. click Yes. You will be asked to install an ActiveX. Click Install. Once installed, the scanner will be initialized. After the scanner is initialized, click Start. Uncheck (untick) Remove found threats box. Check (tick) Scan unwanted applications. Click on Scan. It will start scanning. Please be patient. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
  9. Download and run Combofix This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper Please download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log. If you need help, see this link: http://www.bleepingcomputer.com/combofix/how-to-use-combofix ---------------------------------------------- GMER Download GMER by GMER from hereUnzip it to a folder on your desktop Double click on gmer.exe to launch GMER If asked, allow the gmer.sys driver load If it warns you about rootkit activity and asks if you want to run scan, click OK If you don't get a warning then Click the rootkit tab Click Scan [*]Once the scan has finished, click copy [*]Paste the log into notepad using Ctrl+V [*]Save it to your desktop as gmerrk.txt [*]Click on the >>> tab [*]This will open up the rest of the tabs for you [*]Click on the Autostart tab [*]Click on Scan [*]Once the scan has finished, click copy [*]Paste the log into notepad using Ctrl+V [*]Save it to your desktop as gmerautos.txt [*]Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic Post back: Gmer reports Combofix report. A new HijackThis log.
  10. Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Double-click GooredFix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet. Please download DDS from Tech Support Forum and save it to your desktop. Double click on dds to run it. If you receive a UAC prompt, please allow it. When done, DDS.txt will open. Another file, Attach.txt will open after a short while. Please save these 2 files to your desktop as they will be deleted once you close them. Please attach Attach.txt in your next reply by scrolling down to Upload attachment and clicking on Browse.... An image is below for your reference: In your next reply, please post: DDS.txt Attach.txt (attached to this topic) Post gooredlog.txt and the dds reports.
  11. Start > Run, type appwiz.cpl and click OK. Uninstall the following: PunkBuster Services Now close Control Panel. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: File::c:\windows\Tasks\nnirjndf.jobc:\windows\system32\ssqOfGwv.dll c:\\WINDOWS\\system32\\iIBqPJBQ.dllRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=-RegLockDel::[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}] Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Can yo update malwarebytes and do me a quick scan. Post malwarebytes report and a fresh HJT log Thanks
  12. Start Root Repeal and click on the Drivers tab and then click the Scan button. Then right click on this file: gaopdxsprbwnwxmcttbnfcyiqvcxmcceydeqhp.sys and select Dump File This will bring up a Dump to file dialog box. Browse or select your Desktop where you created the BadFiles folder. Then type in the name gaopdxsprbwnwxmcttbnfcyiqvcxmcceydeqhp.sys and save it in that folder. You can quit Root Repeal now. Then zip up that file and upload it to: uploads.malwarebytes.org How To Use Compressed (Zipped) Folders in Windows XP Compress and uncompress files (zip files) in Vistahttp://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">--------------------- Now can you update malwarebytes as you need the latest definitions then do a quick scan. Post the malwarebytes scan
  13. So these are not your works domain? The ip address checks out to..
  14. Let me know who your service provider is? I will look over logs shortly. B)
  15. IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer. Vuze I'd like you to read the MRU policy for P2P Programs. Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). ------------------- Please create a BOOTLOGRestart the computer and press F8 when Windows start booting. This will bring up the startup options. Select "Enable Boot Logging" option and press enter. Windows prompts you to select a Windows Installation (even if there is only one windows installation) This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows If you're already running inside Windows you can enable it the following way. Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG Click on OK and you will be prompted to RESTART Windows. Please do restart now. After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad From the Edit menu choose Select All then Edit, COPY and post that back on your next reply. Note: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator The tab is called BOOT on Vista. Then choose Boot log RootRepeal - Rootkit Detector Please download the following tool: RootRepeal - Rootkit DetectorDirect download link is here: RootRepeal.rar If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRARhttp://rarlabs.com/' rel="external nofollow"> Extract the program file to a new folder such as C:\RootRepeal Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button Select ALL of the checkboxes and then click OK and it will start scanning your system. If you have multiple drives you only need to check the C: drive or the one Windows is installed on. When done, click on Save Report Save it to the same location where you ran it from, such as C:\RootRepeal Save it as your_name_rootrepeal.txt - where your_name is your forum name This makes it more easy to track who the log belongs to. Then open that log and select all and copy/paste it back on your next reply please. Quit the RootRepeal program. Post both logs
  16. Did you set these domains? Punkbuster warning I see you have Punkbuster installed. This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following: Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers. Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that it is spyware. Another option is to not clean this computer at all. This ensures Punkbuster will continue to function. Please let me know what you would like to do. Please download JavaRa and unzip it to your desktop. ***Please close any instances of Internet Explorer before continuing!*** Double-click on JavaRa.exe to start the program. From the drop-down menu, choose English and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location and post it into the thread. Then download and install Java Runtime Environment (JRE) 6 Update 12. Download and run Combofix This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper Please download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log. If you need help, see this link: http://www.bleepingcomputer.com/combofix/how-to-use-combofix ---------------------------------------------- Post back: Combofix report. A new HijackThis log. Java report ps, no need to quote my post in your reply. dan
  17. welcome to malwarebytes forum My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan
  18. welcome to malwarebytes forum My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan
  19. welcome to malwarerebytes forum My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Download and Run HijackThis Download HJTInstall.exe to your Desktop. * Doubleclick HJTInstall.exe to install it. * By default it will install to C:\Program Files\Trend Micro\HijackThis . * Click on Install. * It will create a HijackThis icon on the desktop. * Once installed, it will launch Hijackthis. * Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. * Copy/Paste the log to your next reply please. Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. please post new HJT log Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.