Jump to content

LiquidTension

Staff
  • Posts

    4,192
  • Joined

  • Last visited

Everything posted by LiquidTension

  1. Hello Zeus154, Naathim will unfortunately be unavailable until tomorrow. After burning his HDD to his Home PC, he is need of a new Hard Drive and will not be able to purchase one until tomorrow. Thank you for your patience.
  2. Hello van692, Naathim will unfortunately be unavailable until tomorrow. After burning his HDD to his Home PC, he is need of a new Hard Drive and will not be able to purchase one until tomorrow. Thank you for your patience.
  3. Hello Nostromo, Naathim will unfortunately be unavailable until tomorrow. After burning his HDD to his Home PC, he is need of a new Hard Drive and will not be able to purchase one until tomorrow. Thank you for your patience.
  4. Hi King, Please do the following, and let me know if you have any outstanding issues afterwards. STEP 1 Farbar Recovery Scan Tool (FRST) Script Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document. startC:\Program Files (x86)\WinZip\Utils\WzSysScanC:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dllC:\Windows\Installer\213e517b.msiendClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System. Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. STEP 2 Update Outdated Software Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below. Adobe Flash Player (Uncheck the Optional Offer) Adobe Reader (Uncheck the Optional Offer) Mozilla Firefox Follow these instructions to check for download the latest Windows Updates. STEP 3 Remove Outdated Software Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.Search for the following programmes, right-click and click Uninstall one at a time.Adobe Reader XIFollow the prompts and reboot if necessary. STEP 4 Disable Java in Your Browser Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7). Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. Click on the Java Control Panel. Once opened, click the Security tab.Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. Click OK in the Java Plug-in confirmation window.Restart your browser(s) for changes to take effect.More information can be found here and here. STEP 5 Security Check Please download SecurityCheck and save the file to your Desktop.Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.A log (checkup.txt) will automatically open on your Desktop.Copy the contents of the log and paste in your next reply. ====================================================== STEP 6 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. checkup.txtHow is your computer performing? Any outstanding issues?
  5. Hi Martin, No, I did not receive your email. Please do not respond to emails notifying you of a new post; the emails are part of a "no reply" automated system. All responses should be posted directly in this thread. Why did you enter the BIOS? Did you change any settings? Please verify that the boot order in your BIOS is correct. The HDD with your OS should be first. If this does not solve your issue, I would continue as planned, and have someone take a look in person. Either way, I will keep this thread open for the time being. Please keep me informed.
  6. Looks good. Lets check for remnants, and we'll be almost done. STEP 1 Update/Remove Java Download the latest version of Java from here.Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.Search for and uninstall the following programmes (if present):Java 7 Update 65 STEP 2 Malwarebytes Anti-Malware (MBAM) Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. STEP 3 ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.Agree to the Terms of Use once more and click Start. Allow components to download.Place a checkmark next to Enable detection of potentially unwanted applications.Click Hide advanced settings. Place a checkmark next to:Scan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technologyEnsure Remove found threats is unchecked.Click Start.Wait for the scan to finish. Please be patient as this can take some time.Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something unique such as MyEsetScan.Push the Back button.Place a checkmark next to and click .Re-enable your anti-virus software.Copy the contents of the log and paste in your next reply. ====================================================== STEP 4 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Did Java update/remove successfully? MBAM Scan logESET Online Scan log
  7. Hi Martin, Your logs indicate you have been running the requested tools from your Downloads folder (Running from C:\Users\Martin\Downloads). As per the instructions, all tools must be run directly from the Desktop from now on please. Please delete your current copy of JRT (right-click + Delete). Re-download the programme and try again. Let me know how you get on. Good. No problem. We still have a little more work to do. STEP 1 Uninstall Software Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.Search for the following programmes, right-click and click Uninstall.ZoneAlarm Security Toolbar on IE and ChromeFollow the prompts.Reboot if necessary. STEP 2 Farbar Recovery Scan Tool (FRST) Script (!) Navigate to your Downloads folder. Right-click FRST64.exe and click Cut. Navigate to your Desktop, right-click your Desktop and click Paste.Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document. start() C:\Program Files (x86)\wrapper_inst\file_to_run.exeHKLM-x32\...\Run: [] => [X]HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [] => [X]HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [VoiceMaster] => [X]HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: D - D:\Launch.exeHKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: {cc559e94-5585-11e1-9a14-1c6f65c60541} - H:\LaunchU3.exe -aGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-2497641722-1424367119-3422776657-1005\User: Group Policy restriction detected <======= ATTENTIONSearchScopes: HKLM - {B0C31C54-4775-48C9-9045-7D46E172A44B} URL = SearchScopes: HKLM-x32 - {9EC485FA-C11E-474E-8E6F-DD5C55EFC99C} URL = Toolbar: HKLM-x32 - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONR2 pcregservice; C:\Program Files (x86)\wrapper_inst\file_to_run.exe [31344 2013-09-20] ()C:\Program Files (x86)\wrapper_inst\2014-08-26 13:45 - 2013-09-20 22:03 - 00000000 ____D () C:\Program Files\wrapper_inst2014-08-25 16:49 - 2014-08-25 16:49 - 01296096 _____ (VideoPerformer) C:\Users\Martin\Downloads\VideoPerformerSetup.exeTask: {3B642E53-27B9-4B28-8287-4503C5BBB5A3} - \pricemeterwatcher No Task File <==== ATTENTIONTask: {2627A67C-55B4-400B-9F0D-EA04FA709680} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exeTask: {F0ED12D6-CE9C-4527-A7FF-B7114287EC95} - \BackgroundContainer Startup Task No Task File <==== ATTENTIONTask: {FB9FC6E2-FE96-49C6-A5FB-8828D8557930} - \pricemetertask No Task File <==== ATTENTIONTask: {038140A9-D0DA-4B00-B3EB-C6B53B7BD2C0} - System32\Tasks\IHUninstallTrackingTASK => CMD2014-07-27 20:57 - 2014-07-27 20:57 - 00056375 _____ () C:\Users\Callum\Downloads\EuroTruckSimulator2_1_10_1_setup.exe.torrent2014-07-27 20:47 - 2014-07-27 20:47 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (7).exe2014-07-27 20:43 - 2014-07-27 20:43 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (6).exe2014-07-27 20:42 - 2014-07-27 20:42 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (5).exe2014-07-27 20:38 - 2014-07-27 20:38 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (4).exeFolder: C:\Users\Martin\AppData\Local\{BBD73DC1-3AF5-4DC4-AEFD-1DF4104BFCA8}Folder: C:\Users\Martin\.nbiFolder: C:\ProgramData\ShoppingDealFactoryFolder: C:\ProgramData\ffd8e8a8a13f665bCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetCMD: bitsadmin /reset /allusersEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System. Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. STEP 3 VirusTotal Upload Please go to VirusTotal.com.Click Choose File and locate the following file:C:\Windows\System32\Tasks\{48F43E3A-9C7A-4535-87A1-033D6EE7FF1F}​Click Scan it!.If you receive the following notification: File already analysed click Reanalyse.Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. Please do the same for the files below:C:\Windows\System32\Tasks\{9D4A2211-7B31-4A21-8019-D4F06E80C889} STEP 4 SystemLook Please download SystemLook (x64) and save the file to your Desktop.Right-Click SystemLook_x64.exe and select Run as administrator to run the programme.Copy the entire contents of the codebox below and paste into the textfield. :filefind*mywebsearch*​:folderfind*mywebsearch*:regfindmywebsearch Click the button to start the scan.Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.Click the button. ====================================================== STEP 5 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Could you run JRT?Fixlog.txtVirusTotal ResultsSystemLook.txt
  8. Hello Martin7365, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems. If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible. Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions. ====================================================== STEP 1 AdwCleaner Please download AdwCleaner and save the file to your Desktop.Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 2 Junkware Removal Tool (JRT) Please download Junkware Removal Tool and save the file to your Desktop.Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted. Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. STEP 3 Farbar Recovery Scan Tool (FRST) Scan Right-Click FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ====================================================== STEP 4 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. AdwCleaner[s0].txtJRT.txtFRST.txtAddition.txt
  9. Very good. The items found in RogueKiller are false-positives. However, to be certain, please confirm if you installed Workspace Desktop by Starfield Technologies or not. STEP 1 AdwCleaner Please delete your current copy of AdwCleaner (right-click AdwCleaner.exe + Delete). Download AdwCleaner and save the file to your Desktop.Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 2 Junkware Removal Tool (JRT) Please download Junkware Removal Tool and save the file to your Desktop.Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted. Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. ====================================================== STEP 3 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Did you install the programme?AdwCleaner[s0].txtJRT.txt
  10. Hi King, Please provide an update on your computer after carrying out the following steps. Are there any outstanding issues? Your logs indicate both McAfee Anti-Virus and McAfee Firewall are disabled. Is this still the case? If so, please ensure you enable both your Anti-Virus and Firewall. STEP 1 Farbar Recovery Scan Tool (FRST) Script Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document.startSearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Groupc:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMPCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetCMD: bitsadmin /reset /allusersEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System. Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. STEP 2 RogueKiller Please download RogueKiller (x64) and save the file to your Desktop.Close any running programmes.Right-Click RogueKiller.exe and select Run as administrator to run the programme.Allow the Prescan to complete. Upon completion, a window will open. Click Accept.A browser window may open. Close the browser window.Return to RogueKiller and click . Upon completion, click .Close the programme. Do not fix anything!A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply. STEP 3 SystemLook Please download SystemLook (x64) and save the file to your Desktop.Right-Click SystemLook.exe / SystemLook_x64.exe and select Run as administrator to run the programme.Copy the entire contents of the codebox below and paste into the textfield.:filefind*BrowserHumble*:folderfind*BrowserHumble*:regfindBrowserHumbleClick the button to start the scan.Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.Click the button. ====================================================== STEP 4 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Is your AV/Firewall enabled?Fixlog.txtRKreportSystemLook.txtUpdate on computer
  11. Hi King, I see you have run ComboFix. This is a powerful first-responder malware removal tool, designed to remove some of the toughest infections - including rootkits, bootkits, backdoors and boot sector viruses. The tool should not be used unless under trained supervision; doing so without supervision may cause serious issues, such as an unbootable computer. Please post the contents of the ComboFix log in your next reply. The log can be found at C:\ComboFix.txt.
  12. Hello kingtalent, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems. If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible. Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions. ====================================================== STEP 1 Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. STEP 2 TDSSKiller Scan Please download TDSSKiller and save the file to your Desktop.Right-Click TDSSKiller.exe and select Run as administrator to run the programme.Click Change parameters. Place a checkmark next to Detect TDLFS file system.​Click Start Scan. Do not use the computer during the scan.If objects are found, change the action to skip.Click Continue and close the window.A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. FRST.txtAddition.txtTDSSKiller log
  13. Hello ManGuy, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems. If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible. Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions. ====================================================== STEP 1 Malwarebytes Anti-Malware (MBAM) If you have not downloaded and installed the updated Malwarebytes Anti-Malware 2.0 please do so now. Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. STEP 2 TDSSKiller Scan Please download TDSSKiller and save the file to your Desktop.Right-Click TDSSKiller.exe and select Run as administrator to run the programme.Click Change parameters. Place a checkmark next to Detect TDLFS file system.​Click Start Scan. Do not use the computer during the scan.If objects are found, change the action to skip.Click Continue and close the window.A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. MBAM logTDSSKiller log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.