Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor.org opens at start up


  • Please log in to reply
16 replies to this topic

#1 Robb1e

Robb1e

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 16 September 2014 - 06:27 AM

Hi there,

 

I've got a problem with an ad popping up when i start up my computer.

I scanned my computer with pretty much every anti - virus and anti malware program, and they can't vind the source of the problem.

 

I hope you can help me.
 

Thanks in advance,

 

Rob

 

Edit: I am using windows 8.1 and i used bitdefender and malwarebytes (and some other anti malware/virus programs) to try and delete the problem.

And i used ADWcleaner.


Edited by Robb1e, 16 September 2014 - 06:41 AM.


BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 16 September 2014 - 06:41 AM

Hello, 

 

Please run the following programme. 

 

x6gkmKHQ.png.pagespeed.ic.KfXWJomU2Y.jpg Autoruns

  • Please download Autoruns and save the file to your Desktop.
  • Windows XP: Double-click Autoruns.exe to run the programme.
    Windows Vista/7/8: Right-Click Autoruns.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel, here.

Posted Image

#3 Robb1e

Robb1e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 16 September 2014 - 06:52 AM

Thanks for the quick response!

 

 

I have send the file!



#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 16 September 2014 - 07:08 AM

Hello, 
 
Please consider the following warning. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms,backdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

 

STEP 1
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Remove the checkmark next to the following items:
    • Remove disinfection tools
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 2
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Deleting Run Value... >"%userprofile%\desktop\fix.txt" 
    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CMD /f >>"%userprofile%\desktop\fix.txt" 2>&1
    echo.
    echo Deleting Temp Files/Folders...
    del %TEMP%\*.* /F /S /Q
    rd /S /Q %TEMP%
    echo. 
    echo Flushing Internet. Please wait... >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /release >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /renew >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /flushdns >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh winsock reset all >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh int ipv4 reset >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh int ipv6 reset >>"%userprofile%\desktop\fix.txt" 2>&1
    echo.
    echo Finished. Your computer will reboot. >>"%userprofile%\desktop\fix.txt" 2>&1
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file del.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate del.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • Your computer will reboot. 
  • A log (fix.txt) will be saved to your Desktop. Copy the contents of the log and paste in your next reply. 
     

Let me know if there are any outstanding issues after your computer reboots.


Posted Image

#5 Robb1e

Robb1e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 16 September 2014 - 07:37 AM

On reboot i did not see gameharbor popping up.

 

Thanks, here is the log:

 

Deleting Run Value...  
ERROR: The system was unable to find the specified registry key or value.
Flushing Internet. Please wait...

Windows IP Configuration

No operation can be performed on LAN-verbinding* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Windows IP Configuration

No operation can be performed on LAN-verbinding* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Toegang geweigerd.

Resetting , OK!
Restart the computer to complete this action.

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Toegang geweigerd.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

Finished. Your computer will reboot.
 



#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 16 September 2014 - 07:47 AM

Hello,

Can you open Autoruns, save a new log (name the file Autoruns Log2) and upload the file to my channel please?
Posted Image

#7 Robb1e

Robb1e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 16 September 2014 - 07:53 AM

Done and thanks once again!

 

You helped me out a lot.



#8 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 16 September 2014 - 08:31 AM

Good job. That log is clean. 
 
Lets fix a permission issue from your flush results. 
 
STEP 1
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    netsh int ip reset >"%userprofile%\desktop\query.txt" 
    reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi >>"%userprofile%\desktop\query.txt" 2>&1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
     

STEP 2
xWrdYuL9.png.pagespeed.ic.M4eHGcpcWH.png Farbar MiniRegTool

  • Please download MiniRegTool (x64) and save the ZIP file to your Desktop.
  • Right-Click the ZIP file and click Extract All. Select your Desktop as the location and click Extract.
  • Open the MiniRegTool64 folder on your Desktop. Right-Click the MiniRegTool icon and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi
  • Place a checkmark next to xkTazgft.png.pagespeed.ic.Avn36leXe2.png.
  • Click xHVJnpKx.png.pagespeed.ic.nxuTMeOnX_.png. A log will be created. Copy the contents of the log and paste in your next reply.
     

STEP 3
xgxJsKn9.png.pagespeed.ic.M4hykS4GUJ.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Ensure the following items are checked:
    • xH5woOOZ.png.pagespeed.ic.T3Pfzk_LLB.png.
    • xTA6BLVm.png.pagespeed.ic.sqmxnaDPxe.png.
    • xe1PK1mD.png.pagespeed.ic.55-up2Fsst.png.
    • xmQdJltp.png.pagespeed.ic.LswxcoOK3I.png.
    • 7wCHunX.png.pagespeed.ce.KZduXTGibJ.png.
    • wU6iCZ5.png.pagespeed.ce.r8ASNNqNd0.png.
  • Click YMLYaf6.png.pagespeed.ce.KGKSzJqO7G.png.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • query.txt
  • MiniRegTool log
  • FSS.txt

Posted Image

#9 Robb1e

Robb1e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 17 September 2014 - 04:01 AM

Sorry for the late response.

 

Here are the logs:

 

Query:

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Toegang geweigerd.

Resetting , OK!
Restart the computer to complete this action.


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}

Mini reg:

MiniRegTool64 by Farbar Version:21-07-2014
Ran by Robbie Roeten (administrator) on 2014-09-17 at 10:53:38

===============================================
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi

   Owner: NULL SID

   DACL(PP):
   INGEBOUWD\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   INGEBOUWD\Netwerkconfiguratieoperators   read+KEY_CREATE_SUB_KEY+KEY_SET_VALUE+KEY_WRITE+DELETE   ALLOW   (CI)(OI)
   NT AUTHORITY\NETWORK SERVICE   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\LOCAL SERVICE   FULL   ALLOW   (CI)(OI)
   Iedereen   READ   ALLOW   (CI)(OI)
   Toepassingspakketinstantie\Alle toepassingspakketten   READ   ALLOW   (CI)(OI)
   NT SERVICE\WwanSvc   FULL   ALLOW   (CI)(OI)
   NT SERVICE\BFE   FULL   ALLOW   (CI)(OI)
   NT SERVICE\Dhcp   FULL   ALLOW   (CI)(OI)

FSS:

Farbar Service Scanner Version: 21-07-2014
Ran by Robbie Roeten (administrator) on 17-09-2014 at 10:54:39
Running from "C:\Users\Robbie Roeten\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 17 September 2014 - 06:40 AM

Hello, 
 

Sorry for the late response.

Not a problem.
 

STEP 1
fuv55DC.png Creating System Restore Point (W8)

  • Press the windows key Windows_Logo_key.gif.pagespeed.ce.cUFoqr + on your keyboard at the same time. Type Restore in the search bar.
  • Click Create a restore point.
  • Click Create.
  • Enter a name and click Create.
  • Upon completion, close the window.
     

STEP 2
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: netsh int ip reset
    CMD: netsh winsock reset
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved to your Desktop. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt

Edited by LiquidTension, 17 September 2014 - 07:15 AM.

Posted Image

#11 Robb1e

Robb1e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 17 September 2014 - 07:26 AM

Done here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Robbie Roeten at 2014-09-17 14:25:34 Run:1
Running from C:\Users\Robbie Roeten\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh int ip reset
CMD: netsh winsock reset
end
*****************

"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.

=========  netsh int ipv4 reset =========

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ip reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


==== End of Fixlog ====


#12 Robb1e

Robb1e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 17 September 2014 - 07:27 AM

Can I ask what you made me "fix"?



#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 17 September 2014 - 07:33 AM

Good job. We fixed a permission issue common to Windows 8 machines. By fixing the permissions, we were able to successfully reset/flush your ipv6 configuration; which is sometimes responsible for various networking issues. 

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Toegang geweigerd.

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , OK!
Resetting , OK!

 

If you wish to check for remants and confirm your machine appears free of malware, I suggest working your way through the following steps.
 
STEP 1
iAdP9bf.png.pagespeed.ce.8g8Nr7tAKx.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Right-Click MBAR.exe and select Run as administrator to run the programme.
  • Follow the prompts to update the programme and scan your computer. 
  • Upon completion, click Cleanup and reboot your computer. 
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more. 
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder
     

STEP 2
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click List of found threats.... If no threats were found, skip the next two bullet points. 
  • Click Export to text file... and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to Uninstall Application on Close and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 4
rzqZvBe.png.pagespeed.ce.PBqTwa5eBH.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the programme.
  • Check the following items:
    • xnjvAG80.png.pagespeed.ic.gZ68caRLlk.png
    • x6N6QY9z.png.pagespeed.ic.RZLy3aMroe.png
    • xzmWTIXg.png.pagespeed.ic.jk5F8RLnO0.png
    • xVAFn5gg.png.pagespeed.ic.5odCA8V0sB.png
    • xAtULTyM.png.pagespeed.ic.DLOr6jzxBm.png
    • x4roTXa5.png.pagespeed.ic.YRGpo_xJAR.png
    • xkLju9nY.png.pagespeed.ic.vNxMEjiYIj.png
    • xchxHkm0.png.pagespeed.ic.PM6HDRTaQH.png
    • x6KiAnDw.png.pagespeed.ic.p9_-awFSHr.png
    • xbKYHfhP.png.pagespeed.ic.La9FPmBOhl.png
    • xrO2mCup.png.pagespeed.ic.D0lIj8O5zz.png & xIi0HSu5.png.pagespeed.ic.XpaRxlE4dr.png
    • xfd89mAB.png.pagespeed.ic.erhJ8_tz4r.png
    • xvz7b54X.png.pagespeed.ic.MtNqlsmi0q.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 5
xgxJsKn9.png.pagespeed.ic.M4hykS4GUJ.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select Run as administrator to run the programme.
  • Ensure there is a checkmark next to each item.
  • Click Scan.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • mbar-log.txt
  • system-log.txt
  • MBAM log
  • ESET log
  • Result.txt
  • FSS.txt

Posted Image

#14 Robb1e

Robb1e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 17 September 2014 - 07:36 AM

I will all those steps tonight because i need my computer.

 

Thanks and you will see the logs tomorrow.



#15 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 17 September 2014 - 07:38 AM

No problem. I will look out for your post tomorrow. 


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users