blade81

Volunteer Security Advisor
  • Content Count

    6,559
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by blade81

  1. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  2. Good. Let's see the final steps then THESE STEPS ARE VERY IMPORTANT Let's reset system restore Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points. A To disable the System Restore feature: 1. Click on the Start button. 2. Hover over the Computer option, right click on it and then click Properties. 3. On the left hand side, click Advanced Settings. 4. If asked to permit the action, click on Allow. 5. Click on the System Protection tab. 6. Select c: drive and click Configure... 7. Select Turn off protection 8. Press OK. Repeat steps 6-8 for each hard drive. B. Reboot. C Turn ON System Restore. Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option. Now lets uninstall ComboFix: Click START then RUN Now copy-paste Combofix /uninstall in the runbox and click OK Just a final reminder for you. I am trying to stress these two points. UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks. Make sure all of your security programs are up to date Once again, please post and tell me how things are going with your system... problems etc. Have a great day, Blade
  3. Hi, Sorry for a delayed reply. Uninstall old Adobe Reader versions and get Adobe Reader 11.0 (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) and update 11.0.06 for it. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 7 Update 51. Click the Download button to the right. Select Windows on platform combobox and check the box that says: Accept License Agreement. Click continue. The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u51-windows-i586.exe to install the newest version. How's the system running?
  4. Hi, Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully first. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link Remember to re-enable them afterwards. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New dds log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
  5. Hi, Please read this topic and follow the step #2 to create DDS logs (dds.txt & attach.txt). Copy-paste their contents in your reply.
  6. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  7. Hi, If no problems left let's see the final steps then THESE STEPS ARE VERY IMPORTANT Let's reset system restore Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points. A To disable the System Restore feature: 1. Click on the Start button. 2. Hover over the Computer option, right click on it and then click Properties. 3. On the left hand side, click Advanced Settings. 4. If asked to permit the action, click on Allow. 5. Click on the System Protection tab. 6. Select c: drive and click Configure... 7. Select Turn off protection 8. Press OK. Repeat steps 6-8 for each hard drive. B. Reboot. C Turn ON System Restore. Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option. Now lets uninstall ComboFix: Click START then RUN Now copy-paste Combofix /uninstall in the runbox and click OK You may delete TDSSKiller too. UPDATING WINDOWS AND INTERNET EXPLORER IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates. Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too. Just a final reminder for you. I am trying to stress these two points. UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks. Make sure all of your security programs are up to date. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Once again, please post and tell me how things are going with your system... problems etc. Have a great day, Blade
  8. Hi, 1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller). 2. Execute the file TDSSKiller.exe. 3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot). 4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
  9. Hi again, Open notepad and copy/paste the text in the quotebox below into it: Suspect:: c:\users\Garin\AppData\Local\Microsoft\Apps\gbbjgadofc.dll c:\users\Garin\AppData\Local\Adobe\nvdxgiwrap.dll Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use. Disable antivirus protection. Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted). Then post the resultant log.
  10. Hi, Sorry for a delay. * Go here to run an online scanner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked. Click Scan Wait for the scan to finish. Copy-paste results back here.
  11. Hi Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully first. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link Remember to re-enable them afterwards. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New dds log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
  12. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  13. Good. Let's see the final steps then THESE STEPS ARE VERY IMPORTANT Let's reset system restore Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points. A To disable the System Restore feature: 1. Click on the Start button. 2. Hover over the Computer option, right click on it and then click Properties. 3. On the left hand side, click Advanced Settings. 4. If asked to permit the action, click on Allow. 5. Click on the System Protection tab. 6. Select c: drive and click Configure... 7. Select Turn off protection 8. Press OK. Repeat steps 6-8 for each hard drive. B. Reboot. C Turn ON System Restore. Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option. Now lets uninstall ComboFix: Click START then RUN Now copy-paste Combofix /uninstall in the runbox and click OK Just a final reminder for you. I am trying to stress these two points. UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks. Make sure all of your security programs are up to date. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Once again, please post and tell me how things are going with your system... problems etc. Have a great day, Blade
  14. Hi, Open notepad and copy/paste the text in the quotebox below into it: Folder:: c:\programdata\fsil Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{f0e59437-6148-4a98-b0a6-60d557ef57f4}"=- [-HKEY_CLASSES_ROOT\clsid\{f0e59437-6148-4a98-b0a6-60d557ef57f4}] Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use. Close all browser windows, turn off protection software and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted). Then post the resultant log.
  15. Hi again, Open notepad and copy/paste the text in the quotebox below into it: DirLook:: C:\ProgramData\fsil Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use. Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted). Then post the resultant log. Uninstall old Adobe Reader versions and get Adobe Reader 11.0 here and update 11.0.03 for it or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here. * Go here to run an online scanner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked. Click Scan Wait for the scan to finish. Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
  16. Hi, Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully first. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link Remember to re-enable them afterwards. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New dds log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
  17. Good. Let's continue Download DDS and save it to your desktop from here or here or here. Disable any script blocker (disabling your antivirus protection should be enough), and then double click dds file to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. Include the contents of those reports to your post. Please, do not zip Attach.txt even if the message box says that.
  18. Hi, Important warning: In case after the fix the system booted don't run any scan or cleaning tool or you may loose some important functions. Please wait for the next instruction. Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt HKU\Bev\...\Winlogon: [Shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now please enter System Recovery Options. Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Also restart and let the computer boot normally and tell me how it went. I'll provide next set of instructions after that.
  19. Hi, For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.