Jump to content

aliB

Honorary Members
  • Posts

    329
  • Joined

  • Last visited

Everything posted by aliB

  1. hi Congratulations your logs appear clean :thumbsup: Reset and Re-enable your System Restore The following will implement some cleanup procedures as well as reset System Restore points: Click START then RUN Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there. NEXT Open OTL to run it. (Vista users, right click on OTL and "Run as administrator") Click on the CleanUp button. Click Yes to begin the cleanup process and remove tools, including this application You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes Recommendations See Here for a list of recommendations for free Antivirus\AntiSpyware applications. Keep Your windows up to date by regularly checking their website at: http://windowsupdate.microsoft.com/ SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secureClick Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling [*]Click Here to learn how to keep a backup of your important files [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws. Stay safe :wave:
  2. In short svchost.exe is a legit process and there is nothing to worry about, its a windows file. further reading here: http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/
  3. Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  4. hi Step 1 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253 IE - HKU\S-1-5-21-3699800534-3267415249-1966578606-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253 O33 - MountPoints2\{a8f90f4e-ac67-11e1-9228-002185996bd1}\Shell - "" = AutoRun O33 - MountPoints2\{a8f90f4e-ac67-11e1-9228-002185996bd1}\Shell\AutoRun\command - "" = H:\setup.exe -a O33 - MountPoints2\{d6ae36f2-36eb-11e1-bd97-002185996bd1}\Shell - "" = AutoRun O33 - MountPoints2\{d6ae36f2-36eb-11e1-bd97-002185996bd1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a [2012/02/16 15:52:50 | 000,002,048 | --S- | C] () -- C:\Users\John Beck\AppData\Local\444dfd5c\@ :Files C:\Users\John Beck\AppData\Local\444dfd5c ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Step 2 Download and Install Combofix Download ComboFix from one of the following locations: Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts. Accept the disclaimer and allow to update if it asks When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it. Things I would like to see in your reply: OTL log Combofix.txt
  5. hi lets do some cleanup Reset and Re-enable your System Restore The following will implement some cleanup procedures as well as reset System Restore points: Click START then RUN Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there. NEXT Open OTL to run it. (Vista users, right click on OTL and "Run as administrator") Click on the CleanUp button. Click Yes to begin the cleanup process and remove tools, including this application You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes Recommendations See Here for a list of recommendations for free Antivirus\AntiSpyware applications. Keep Your windows up to date by regularly checking their website at: http://windowsupdate.microsoft.com/ SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secureClick Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling [*]Click Here to learn how to keep a backup of your important files [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws. Stay safe :wave:
  6. hi Download RogueKiller and save it on your desktop. Quit all programs Start RogueKiller.exe. Wait until Prescan has finished ... Click on Scan Wait for the end of the scan. The report has been created on the desktop. Click on the Delete button. The report has been created on the desktop. Next click on the ShortcutsFix The report has been created on the desktop. Please post: All RKreport.txt text files located on your desktop. THEN[/b[ Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Select All Users Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\*.exe %systemdrive%\$Recycle.Bin|@;true;true;true /md5start services.* explorer.exe winlogon.exe Userinit.exe svchost.exe qmgr.dll /md5stop HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s CREATERESTOREPOINT Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs
  7. Please post the OTL log, do not attach the logs unless instructed to do so did you change the proxy settings ?
  8. hi Download RogueKiller and save it on your desktop. Quit all programs Start RogueKiller.exe. Wait until Prescan has finished ... Click on Scan Wait for the end of the scan. The report has been created on the desktop. Click on the Delete button. The report has been created on the desktop. Next click on the ShortcutsFix The report has been created on the desktop. Please post: All RKreport.txt text files located on your desktop. THEN[/b[ Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Select All Users Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\*.exe %systemdrive%\$Recycle.Bin|@;true;true;true /md5start services.* explorer.exe winlogon.exe Userinit.exe svchost.exe qmgr.dll /md5stop HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s CREATERESTOREPOINT Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs
  9. hi Go to here Click the download button under Kaspersky Security Scan Download and run the file It will start to download the Kaspersky Security Scan program data Once downloaded the installer will begin Click Next Accept the License Agreement Click Install The program will now install Click Finish Kaspersky Security Scan will now start Click the Full Scan button The scan will take about an hour or two depending on the amount of data on your hard drive If the scan detects problems it will open a Problems found window Click Details to generate a scan results report Once the scan is complete do the following: For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder Attach the HtmlReport zipped folder to your next post [*]You can now close Kaspersky Security Scan
  10. Ok I've decided its best to leave this partition and not delete it. What are your current problems ? Update me on your system status
  11. hi Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL [2011/11/30 09:15:52 | 000,069,120 | ---- | M] (SmartDraw.com) -- C:\Users\rmanickam.HERSEYMETERS\AppData\Local\Temp\sdcode.dll [6 C:\Users\rmanickam.HERSEYMETERS\AppData\Local\Temp\*.tmp files -> C:\Users\rmanickam.HERSEYMETERS\AppData\Local\Temp\*.tmp -> ] :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. NEXT Download AdwCleaner from here to your desktop Run AdwCleaner and select Delete Once done it will ask to reboot, allow this On reboot a log will be produced please attach that
  12. is this occurring when browsing a specific site or its irrelevant ?
  13. Run OTL Under the Custom Scan box paste this in C:\Users\rmanickam.HERSEYMETERS\AppData\Local\Temp\*.* Click the Quick Scan button. Post the log it produces, if its too large to post please attach it.
  14. In Disk Management right click the third partition (7.94GB) do you have the option delete ?
  15. The picture is not clear please write down the location of the infected files
  16. hi Congratulations your logs appear clean :thumbsup: Reset and Re-enable your System Restore Open OTL Under the Custom Scans/Fixes box at the bottom, paste the following: :Commands [clearallrestorepoints] [createrestorepoint] Click the Run Fix button at the top It might ask you to reboot, if so click YES NEXT Open OTL to run it. (Vista users, right click on OTL and "Run as administrator") Click on the CleanUp button. Click Yes to begin the cleanup process and remove tools, including this application You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes Recommendations See Here for a list of recommendations for free Antivirus\AntiSpyware applications. Keep Your windows up to date by regularly checking their website at: http://windowsupdate.microsoft.com/ SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secureClick Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling [*]Click Here to learn how to keep a backup of your important files [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws. Stay safe :wave:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.