Jump to content

mowman

Honorary Members
  • Posts

    45
  • Joined

  • Last visited

Reputation

0 Neutral

About mowman

  • Birthday 11/04/1969

Profile Information

  • Location
    Stoke,England
  1. A space is required between x and /, if still doesn't work do this. Right click on the combofix icon, select rename, change it to uninstall and press enter, double click it.
  2. You appear clean of infections,please do the following. ComboFix - Cleanup Time for some housekeeping Click Start...select Run from the menu. Copy and paste the following into the text entry box: Combofix /Uninstall Click the OK button. (See image below as reference.) Clean up with OTL: Double-click OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer. Here are some recommendations to help you stay clean. Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. Visit Microsoft often to get the latest updates for your computer. http://www.update.microsoft.com/ Make sure you are running a FIREWALL.The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must. Please read this article 'Safe Computing Practices'. So how did I get infected in the first place. please take a moment to read quietman7's excellent prevention tips in post 3 here Click >>>> Tips to protect yourself against malware and reduce the potential for re-infection: Preventing Infections in the Future Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection: So How did I get infected? Miekies' prevention suggestions Hardening Windows Security - Part 1 & Part 2. Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology. Update Non-Microsoft Programs It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Thats it you are good to go.Safe surfing
  3. You appear clean of infections,please do the following. ComboFix - Cleanup Time for some housekeeping Click Start...select Run from the menu. Copy and paste the following into the text entry box: Combofix /Uninstall Click the OK button. (See image below as reference.) Clean up with OTL: Double-click OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer. Here are some recommendations to help you stay clean. Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. Visit Microsoft often to get the latest updates for your computer. http://www.update.microsoft.com/ Make sure you are running a FIREWALL.The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must. Please read this article 'Safe Computing Practices'. So how did I get infected in the first place. please take a moment to read quietman7's excellent prevention tips in post 3 here Click >>>> Tips to protect yourself against malware and reduce the potential for re-infection: Preventing Infections in the Future Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection: So How did I get infected? Miekies' prevention suggestions Hardening Windows Security - Part 1 & Part 2. Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology. Update Non-Microsoft Programs It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Thats it you are good to go.Safe surfing
  4. You did delete some things that were not in my post but they are no problem, the flash you mentioned is just a registry entry from Flash_Disinfector program, nothing to do with flash player. Any more problems?
  5. It should have produced a log, post that please.
  6. Just a few harmless registry entries we can remove then we should be done here. Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :Services :reg [-HKEY_CURRENT_USER\Software\AppDataLow\Software\SearchElf_1.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchElf_1.1 Toolbar] [-HKEY_USERS\S-1-5-21-1221820996-1903880267-534926233-1000\Software\AppDataLow\Software\SearchElf_1.1] :Commands [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  7. Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind *searchelf* :regfind searchelf Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  8. Run RogueKiller again and click Scan When the scan completes > click on the Registry tab Put a check next to all of these and uncheck the rest: (if found) [TASK][sUSP PATH] 11fb2480 : C:\Users\Liz\AppData\Local\Temp\\setup886260736.exe [x] -> FOUND [TASK][sUSP PATH] 16ca0f00 : C:\Users\Liz\AppData\Local\Temp\\setup3642224640.exe [x] -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND Logs look clean now, any more problems?
  9. Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :Services :Otl O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKCU..\Run: [sqoXnmCuXYw] "C:\ProgramData\sqoXnmCuXYw.exe" File not found :Commands [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time ) Try this to remove searchelf toolbar. In the Firefox browser menu, select Add-ons > Extensions. Select the SearchElf 1.1 Community Toolbar. Click Remove. In the Google Chrome browser, go to chrome://extensions/. Find SearchElf 1.1 in the list. Click Uninstall.
  10. Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under Custom Scan paste this in netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop C:\Windows\assembly\tmp\U\*.* /s CREATERESTOREPOINT Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
  11. Please remove any usb or external drives from the computer before you run this scan! Please download and run RogueKiller to your desktop. Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop.
  12. Please download AdwCleaner from here and save it to your desktop. Right click on AdwCleaner.exe and click "Run as Administrator" to run the tool. Click on Delete. A logfile will automatically open after the scan has finished. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[Rn].txt as well - (n is the scan number.) Next ESET Online Scanner I'd like us to scan your machine with ESET Online Scan Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the Start button. Accept any security warnings from your browser. Check Make sure that the option "Remove found threats" is not checked Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the Back button. Push Finish http://www.eset.com/onlinescan/ Also tell me how the computer is running now.
  13. Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review. NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error
  14. Hello, Welcome . My name is mowman, and I will be helping you fix your problems. If you do not make a reply in 3 days, we will have to close your topic. Please take note of some guidelines for this fix: •Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. •If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. •Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. •Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review. NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.