TheDarkKnight

Trusted Advisors
  • Content count

    1,123
  • Joined

  • Last visited

About TheDarkKnight

  • Rank
    Elite Member
  • Birthday 08/01/1991

Profile Information

  • Location
    Gotham City
  • Interests
    Malware Hunting, sport and of course listening to music ^_^
  1. Hey NeoX12, Just before I give you recommendations. Please run a free online scan with the ESET Online Scanner. Note: You can use Internet Explorer or Mozilla Firefox for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start. When asked, allow the ActiveX control to install. Click Start. Make sure that the option Remove found threats is checked and the option Scan unwanted applications is checked. Click Scan. Wait for the scan to finish. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt. Copy and paste that log as a reply to this topic.
  2. Hey NeoX12, What current issues are on your computer?
  3. Please run it again. Don't worry about the BSOD files at the moment.
  4. Hey NeoX12, You may not be able to edit your post. Please download to your Desktop: TDSSKiller.zip from here and extract it (right click on it => "Extract here"). >>> TDSSKiller: Double-click on TDSSKiller.exe to run the application. Click Change parameters. Make sure you check the box Loaded modules. A window will popup and say Reboot is required. Please click Reboot now. Then click Change parameters again. Check the box Detect TDLFS file system. Click on the Start Scan button. If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. If you are asked to reboot the computer to complete the process, click on the Reboot Now button. Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply. Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).
  5. Hello NeoX12, Thank you for the logs. Please do not swear or use vulgar language, as it can be offensive to some people. I would appreciate it if you please edit your earlier post. Your logs are coming back in the clear. What issues are on your computer currently?
  6. Good morning NeoX12, Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL IE - HKCU\..\SearchScopes\{3420F484-E627-4C38-B8B4-C269EEADF2DA}: "URL" = http://search.us.com/serp?guid={E8FDBADB-36C8-4FD5-97B3-32E1C7F14ECA}&action=default_search&serpv=5&k={searchTerms} :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ===== Also, please download to your Desktop: TDSSKiller.zip from here and extract it (right click on it => "Extract here"). >>> TDSSKiller: Double-click on TDSSKiller.exe to run the application. Click Change parameters. Make sure you check the box Loaded modules. A window will popup and say Reboot is required. Please click Reboot now. Then click Change parameters again. Check the box Detect TDLFS file system. Click on the Start Scan button. If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. If you are asked to reboot the computer to complete the process, click on the Reboot Now button. Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply. Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). ===== Please provide both logs in your reply.
  7. Hello NeoX12, Please use this tool instead. Please download OTL.exe by OldTimer to your Desktop. Close all windows and double click OTL.exe. In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold: netsvcs drivers32 %SYSTEMDRIVE%\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs Click Run Scan and let the program run uninterrupted. When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread. You may need to use two posts to get it all.
  8. I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review.
  9. Are you still with me Alekos?
  10. Hey Alekos, Please download Junkware Removal Tool to your Desktop. Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.
  11. I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review. ===== Also, please download AdwCleaner by Xplode onto your Desktop. Double click on AdwCleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[R1].txt as well. ===== In your reply please provide the following logs: ComboFix.txt. AdwCleaner[R1].txt. How is your computer running?
  12. Hello Mr_Jasper, Yes. If McAfee has expired then chances are it isn't really active. Please just go ahead with ComboFix.
  13. Hello Mr_Jasper, Please just ignore McAfee for the moment.
  14. I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please boot into Safe Mode with Networking. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review.
  15. Hello dakahuna, A little housekeeping to uninstall ComboFix: Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK: ComboFix /uninstall To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe. Click the CleanUp button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Right-click the Recycle Bin and please select Empty Recycle Bin. ===== Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup: IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure. As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program. Please consider installing and running the following program (there is a free version available): SpywareBlaster A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here. Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewarrior.com/rogue_anti-spyware.htm A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options. Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates. Please also read Tony Klein's excellent article: How did I get infected in the first place. Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.