Jump to content

extremeboy

Experts
  • Posts

    1,088
  • Joined

  • Last visited

Everything posted by extremeboy

  1. Hello. Due to Lack of feedback, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter. Everyone else please start a new topic. With Regards, Extremeboy
  2. Hello. Don't worry about it then, let's just take a new DDS scan to take a final look at your system. Download and run DDS We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pif [*]Double click on the DDS icon, allow it to run. [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running. [*]Notepad will open with the results soon. [*]Follow the instructions that pop up for posting the results and then click Ok. [*]The black and message box window shall then disappear. [*]Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
  3. See if it's in the C:\Program Files\ESET folder
  4. Hello. Due to Lack of feedback, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter. Everyone else please start a new topic. With Regards, Extremeboy
  5. Hello. Since the problem appears to be resolved, this topic is now Closed. Glad we can help. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter Everyone else please start a new topic. With Regards, Extremeboy
  6. Hello. Due to Lack of feedback, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter. Everyone else please start a new topic. With Regards, Extremeboy
  7. Hello. Since the problem appears to be resolved, this topic is now Closed. Glad we can help. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter Everyone else please start a new topic. With Regards, Extremeboy
  8. You're welcome. Glad to help out. Happy surfing again! ~Extremeboy
  9. Let me know how your computer is running and if you have any more problems, issues or symptoms left.
  10. Hello. That's looking good. Let's get an online scan done. Run ESET Online Scan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push You can refer to this animation by neomage if needed.
  11. That's good. All is looking good. Let's wrap up. First, run ATFCleaner... Download and Run ATFCleaner Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help. Double-click ATF-Cleaner.exe to run the program. Under Main Select Files to Delete choose: Select All. Click the Empty Selected button. If you use Firefox browser also... Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser also... Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Please follow/read the steps below to remove the tools we used and for some more information. Uninstall ComboFix Remove Combofix now that we're done with it. Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/") Please follow the prompts to uninstall Combofix. You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. This will uninstall Combofix and anything assoicated with it. Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big button. You will get a prompt saying "Being Cleanup Process". Please select Yes. Restart your computer when prompted. Congratulations! You now appear clean! Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here. If you would like, visit my http://computermalwaresecurity.blogspot.com/ and Subscribe/Follow along. If you have no more questions, comments or problems please tell us, so we can close off the topic. Thanks. With Regards, Extremeboy
  12. Hello again, Let's continue. Run ComboFix with CFScript We will run ComboFix again. This time it will be slightly different from the initial run. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:http://forums.malwarebytes.org/index.php?showtopic=50367 Driver:: 1ecfa6aa 785b8bb2 Collect::[68] c:\windows\system32\drivers\1ecfa6aa.sys c:\windows\system32\drivers\785b8bb2.sys c:\windows\qwingsvc.dll Registry:: [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.) Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at "C:\ComboFix.txt" Please post the contents of the Combofix log in your next reply. Upload Samples by ComboFix When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis. Important: Ensure you are connected to the internet before clicking OK on the message box. A blue-screen would appear auto-uploading the zipped file I requested. After the uploading is done you should see a message near the bottom saying "Upload was Succesfull". **NOTE** ================= IF for some reason Combofix fails to upload anything please do the following: Go to Start >> My Computer > C:\ Then Navigate to the C:\Qoobox\Quarantine folder. Find the archive zip file called "[68]-Submit_Date_Time.zip" Simply go to This Channel and upload the submit.zip archive file to me. Follow the instructions on that page to copy/paste/send the requested file. Let me know how it goes and if the upload went successfully or not in your next reply.
  13. Okay, that item in your C:\ drive was just a Java cache that was infected, that can be removed easily. How's your computer running at the moment?
  14. You didn't copy the full script. You forgot the: :files in the beginning. Please follow my previous instructions once more.
  15. Hello. Can you start off with Combofix for me, any problems let me know. Download and Run ComboFix Note to readers of this post other than the starter of this thread: ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert. Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Please refer to this page for full instructions on how to run ComboFix. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how. Double click ComboFix.exe to start the program. Agree to the prompts. When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it. Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so. Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
  16. Hello. Did you do a parallel install of Windows previously? I see a lot of temp files Kaspersky detected related to different infections. Download and Run OTM Please download OTM by OldTimer and save it to your desktop. Double click the icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator. Paste the following code under the area. Do not include the word "Code". :files C:\Users\mike\AppData\Local\Temp\* C:\Windows.old\Users\Mike\AppData\Local\Temp\* C:\Users\mike\AppData\Local\vrsbisaad\iwscqegtssd.exe C:\Users\Mike\AppData\Local\vrsbisaad\iwscqegtssd.exe C:\Windows.old\Users\Mike\AppData\Local\av.exe C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\cooper.mine C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\net.net C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1c54f7d3-791c06d2 C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6476c0a1 C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e C:\Windows.old\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5563938-broken social scene remixed by tiesto (omg, it really rocks!!).au C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5575156-05 50 cent - in da club.au C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5871753-teagan and sarah - hell.au C:\Windows.old\Users\Mike\Documents\FrostWire\Saved\arcade fire - wake up [extended concert version].mp3 C:\Windows.old\Users\Mike\ntload.dll C:\Windows.old\Users\Mike\AppData\Local\ave.exe C:\Windows.old\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNHOCMQM\video[1].exe C:\Users\mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7f7efc56-1704cadb C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RC9N9QW.zip C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RCDB5F3.zip C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RQKEC93.zip C:\Windows.old\Users\Mike\a.zip :commands [CREATERESTOREPOINT] [emptytemp] Click the large button. If OTM requires are reboot, please allow it to do so. Copy/Paste the contents under the line here in your next reply. Note: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  17. That should be good. Logs all look clean. Let's cleanup. Please follow/read the steps below to remove the tools we used and for some more information. Uninstall ComboFix Remove Combofix now that we're done with it. Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/") Please follow the prompts to uninstall Combofix. You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. This will uninstall Combofix and anything assoicated with it. Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big button. You will get a prompt saying "Being Cleanup Process". Please select Yes. Restart your computer when prompted. Congratulations! You now appear clean! Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here. If you would like, visit my http://computermalwaresecurity.blogspot.com/ and Subscribe/Follow along. If you have no more questions, comments or problems please tell us, so we can close off the topic. Thanks. With Regards, Extremeboy
  18. Hello. Due to Lack of feedback, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter. Everyone else please start a new topic. With Regards, Extremeboy
  19. Hello. Due to Lack of feedback, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter. Everyone else please start a new topic. With Regards, Extremeboy
  20. Hello. Due to Lack of feedback, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter. Everyone else please start a new topic. With Regards, Extremeboy
  21. Hello. Due to Lack of feedback, this topic is now Closed. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter. Everyone else please start a new topic. With Regards, Extremeboy
  22. Glad all worked out. Please note that what we did here may not work for every situation you are in and definitely, Combofix is not a tool to be used on a daily basis or be used as a scanning tool. It is a very powerful tool. --- Since the problem appears to be resolved, this topic is now Closed. Glad we can help. If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request. This applies only to the original topic starter Everyone else please start a new topic. With Regards, Extremeboy
  23. Hello. Yes, Kaspersky just scans. I would delete this installation file: C:\Documents and Settings\jokream\Desktop\PstPassword.exe The rest of the files in the LogMeIn folder shows that those files are "not-a-virus" meaning it's not something "bad" but could potentially be used for malicious/bad purposes as to remotely control your computer for instance. Your outlook folder also appears to be infected. You will need to manually go through your mails and delete any mails that have attachments as they are likely to be infected. I can't help you delete the file as that will delete your whole Outlook inbox/mail. Other than that how is your computer running? Any problems/symptoms left?
  24. Try GMER in Safe Mode, if it still doesn't work let me know. How to Boot into Safe Mode I suggest you read over the instructions on how to boot into Safe Mode and then print these instructions out or save them in Notepad because you won't have access to this page while in Safe Mode. Start in Safe Mode Using the F8 method: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears. Use your arrow keys to navigate and highlight Safe Mode. Hit Enter. You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP. Hit Enter. Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode. After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode. Additional instructions on booting into Safe Mode can be found here
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.