sjb007

Experts
  • Content count

    117
  • Joined

  • Last visited

About sjb007

  • Rank
    Advanced Member

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    UK
  1. Hi there Great work, so far so good. Regarding the entry that Avira found; this was detected in the system restore and would have been flushed out at the end of the fix so it would not have presented us with a problem. Regarding AVG; the main reason I wanted to make sure it was out was so that it does not interfere with combofix. I can see AVG is listed in the WMI reference, although it is harmless we can remove it easy enough in these next steps. --------------------------------------- Close any open browsers. Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Skipfix:: SecCenter:: AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Apart from that all appears to be ok log wise, how are things at your side?
  2. Some nice shots there, I'm hoping to grab some from the British SuperBikes later this year. Are the pics hosted with jalbum? The only reason I ask is that I will be looking for some software to host some photo's myself pretty soon.
  3. Hi there Yes it does. Lets run a tool to take them out...... Please download AVG remover from their site. AVG - Download tools A Direct link to the AVG Remover can be found here >> http://download.avg.com/filedir/util..._2011_1149.exe You may also use this tool to uninstall AVG: http://www.appremover.com/appremover/avg/AppRemover.exe Instructions for using this tool can be found here >> Using AppRemover — OPSWAT AppRemover ------------------------------- Combofix Close any open browsers. Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: File:: c:\windows\system32\RegistryHelperLM.ocx c:\windows\system32\ugkcjnjiwjx.exe c:\windows\system32\drivers\vibduqo.sys c:\windows\system32\drivers\dbdfynw.sys Driver:: letyf RegNull:: [HKEY_USERS\S-1-5-21-530212586-264376689-721655545-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%&**] Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply ------------------------------- MalwareBytes Please run a fresh scan with MalwareBytes First I want you to update MBAM so we have the latest definitions onboard..... Please open Malwarebytes Antimalware Now click on the update tab Next - Click on the Check for updates button If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab:Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. [*]The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. ------------------------------- Please post back in your next reply with: The log from Combofix The log from MBAM An update on how things are running now
  4. Hi there Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
  5. I myself would not recommend the use of auto log parses. they are not as accurate as we would like them to be and could lure the user into thinking they are infected when they are not. For instance, I have just tested one of the parses mentioned, all my R0 and R1 entries are showing purple alongside every entry relating to MS office, and the whole of my driver section shows red. removing them would render my computer useless. If you have malware issues I would advise that you follow the instructions as set out here >> I'm infected - What do I do now? and post the logs in the correct forum for analysis.
  6. Hi there I do not see any obvious threats from your recent logs, lets run an online scan but this time with F-Secure Please perform this online scan: F-Secure Online Scanner The online scanner is on the bottom right of the page. Direct link: http://support.f-secure.com/enu/home/ols.shtml Follow the directions on the F-Secure page for proper Installation. * You may receive an alert on the address bar at this point to install the ActiveX control. * Click on that alert and then click "Install ActiveX component". * Read the license agreement and click "Accept". * Click "Custom Scan" and be sure the following are checked: Scan whole System Scan all files Scan whole system for rootkits Scan whole system for spyware Scan inside archives Use advanced heuristics * When the scan completes, click the "I want to decide item by item" button. * For each item found, Select "Disinfect" and click "Next". * When done, click the "Show Report" button, then copy and paste the entire report into your next reply.
  7. Hi there Sorry for any delays but as the thread had been closed I had unsubscibed from email notifications. You have only posted the second part of the OTViewIt log. Please post the first part of the report (OTViewIt.Txt) Please also delete the version of combofix that you currently have. Download a fresh copy from one of the locations below and run a fresh scan and post back the resulting log Link 1 Link 2 Link 3 Post back with both logs
  8. Hi there This next program simply collects information about your computer. Download OTViewIt.exe and Save it to your Desktop. Right-click OTViewIt.exe and select Run as Administrator. Click Run Scan When it finishes, it will produce two logs. OTViewIt.txt will be maximized and Extras.txt will be minimized. Please post both logs in your next reply.
  9. Not a problem, only too glad to help I will now discontinue monitoring this thread for replies. Should you require any further assistance please start a new topic in the relevant section of the forums Good luck and happy safe surfing!
  10. Hi there. Logs looking good still... Now lets try running MBAM again. First fully uninstall MBAM via the control panel using add/remove programs. Download a fresh copy from Malwarebytes Anti-Malware (MBAM) and save it to your desktop, once fully downloaded install the program and update the databases. If for any reason you are unable to download the database then download them manually from here - Malwarebytes' Anti-Malware Database Let me know how things go
  11. Hi there Please download OTMoveIt3 by OldTimer. Save it to your desktop. Double-click on OTMoveIt3.exe Using notepad copy the lines in the codebox below: Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt3 Post back with the results
  12. HI Lets tidy up after ourselves The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u Now that you appear to be free from malware lets help you stay that way! Update windows on a regular basis - If you do not have automatic updates enabled then Visit Microsoft's Update Page and update your computer from there Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions. Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here Make your Internet Explorer more secure - This can be done by following these simple instructions: Open Internet Explorer, click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Safer Browsing Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes. Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects) Use an alternative browser Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser. Computer Maintenance Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis. Scan your computer regularly for malware Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications. Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active. Secure your router Change your routers default username and password, do not leave it at factory preset, doing so makes it easy for unauthorised access. Encrypt your network. Set your wireless network encryption to a minimum level of WPA-PSK [TKIP]. This will help prevent any unauthorised users "piggybacking" onto your network and stealing your bandwidth which you have rightly paid for. I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet. -> So How Did I Get Infected In First Place - By TonyKlein -> How to prevent Malware - By miekiemoes -> I'm not pulling your leg, honest - By Sandi Hardmeie **Kindly respond one more time and let me know if we may consider this thread resolved.
  13. Hi there Zoo Im not seeing anything immediate in your logs, regarding the error code message, im just looking into it now for you to find out what it represents and wil get back to you in due course.
  14. Hi there Things are looking better. The recovery console option should only show for 2 seconds, if you wish to delete the recovery console option then we can run through the necessary steps to do so. Reply and let me know whether you wish to keep it or not.
  15. Only too glad to help Lets tidy up after ourselves The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u Now that you appear to be free from malware lets help you stay that way! Update windows on a regular basis - If you do not have automatic updates enabled then Visit Microsoft's Update Page and update your computer from there Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions. Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here Make your Internet Explorer more secure - This can be done by following these simple instructions: Open Internet Explorer, click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Safer Browsing Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes. Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects) Use an alternative browser Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser. Computer Maintenance Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis. Scan your computer regularly for malware Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications. Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active. Secure your router Change your routers default username and password, do not leave it at factory preset, doing so makes it easy for unauthorised access. Encrypt your network. Set your wireless network encryption to a minimum level of WPA-PSK [TKIP]. This will help prevent any unauthorised users "piggybacking" onto your network and stealing your bandwidth which you have rightly paid for. I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet. -> So How Did I Get Infected In First Place - By TonyKlein -> How to prevent Malware - By miekiemoes -> I'm not pulling your leg, honest - By Sandi Hardmeie Good luck and happy safe surfing