Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.
DO NOT RUN ComboFix unless requested to.
Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.
When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.
Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
My name is Gringo and I'll be glad to help you with your computer problems.
Somethings to remember while we are working together.
Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.
In order for me to see the status of the infection I will need a new set of logs to start with.
Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
Please disable any anti-malware program that will block scripts from running before running DDS.
Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply
information and logs:
In your next post I need the following
.logs from DDS
let me know of any problems you may have had
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
It has been more than 48 hours since my last post.
do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
Run Combofix:
You may be asked to install or update the Recovery Console(Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<
Combofix may need to reboot your computer more than once to do its job this is normal.
You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
"information and logs"
In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
It has been more than 48 hours since my last post.
do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I'm very sorry for the delayed reply. I've been very busy with work but I'll try to get back to you as soon as I can.
Here's the log from combofix. I'm not sure if anything went wrong, but here a few things that may have altered the report: upon the second restart (following the initial scan) I logged back into windows and received an error: [C:\Windows\system32\GfxUI.exe: A device attached to the system is not functioning.] Combofix prepared the log, but the window displayed several lines of "Access denied." Also, since Windows restarted McAfee also reset itself to turn real time scanning on. McAfee tried to block combofix twice but I allowed the programs and things seemed to proceed normally.
Open Notepad and copy/paste the text in the box into the window:
File::
c:\windows\SysWow64\oxmsnswmknuxibk.exe
Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again. Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
"information and logs"
In your next post I need the following
report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
These logs are looking alot better. But we still have some work to do.
Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
uninstall some programs
1. click on start 2. then go to settings 3. after that you need control panel 4. look for the icon add/remove programs
click on the following programs
Adobe Reader 9.4.1
McAfee Security Scan Plus
Performance Solution Brincome.
and click on remove
Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
Your Java is out of date.
It can be updated by the Java control panel
click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
An update should begin;
follow the prompts
Clear your Java Cache
click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files
Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.
Note:Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
"information and logs"
In your next post I need the following
Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
Not Mcafee antivirus it is McAfee's security scan it is a scan that checks if you have things like an antivirus and other things then it promotes its products
gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
It has been more than 48 hours since my last post.
do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
Hey, here is my report from MBAM. Hijack this reported an error: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may not be able to fix this. If that happens, you need to edit the file yourself. To do this, click start, run, and type: notepad C:\Windows\System32\drivers\etc\hosts
and press enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.
I tried to follow the instructions and the only thing the notepad file displayed was "127.0.0.1 localhost"
Sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
DDS.txt (26.79K)
<-- Don't worry every little bit helps.
Help
This topic is locked
Back to top