Sign in to follow this  
Gib

Everything is gone

Recommended Posts

On the assumption that I might be missing something in the logs, I have asked some of our researchers to take a look at your logs as well. They want to see some more information, so here's some instructions:

Please download Farbar Service Scanner, save it on your desktop, and follow the instructions below to get me a log.

  1. Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

[*]Press "Scan".

[*]It will create a log (FSS.txt) in the same directory the tool is run.

[*]Please attach the log to a reply by clicking on the More Reply Options button to the lower-right of where you type your reply.

Share this post


Link to post
Share on other sites

OK, lets get a TDSSKiller log as well:

  1. Download TDSSKiller from this link and save it on your desktop.
  2. Run the TDSSKiller download that you saved.
  3. Click on Change parameters as it shows in the following screenshot:
    tdsskiller_report_001.png
  4. Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK:
    tdsskiller_report_002.png
  5. Click the Start scan button as in the following screenshot:
    tdsskiller_report_003.png
  6. You will see the following as the scan runs:
    tdsskiller_report_004.png
  7. If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip:
    tdsskiller_report_005.png
  8. Click on Report in the upper-right corner, as in the following screenshot:
    tdsskiller_report_006.png
  9. You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report.
    tdsskiller_report_007.png
  10. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report.
    tdsskiller_report_008.png
  11. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list.
  12. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot:
    tdsskiller_report_009.png
  13. Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
    tdsskiller_report_010.png

Share this post


Link to post
Share on other sites

Well, your logs don't look too bad, but there are some Firefox extensions that need to go, so I wrote a script to get rid of them. Here are instructions on what to do with the script:

  1. Download an updated version of ComboFix from one of the following links:
    [list=]
  2. BleepingComputer
  3. InfoSpyware

[*] Turn off your Anti-Virus software.

[*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad.

[*] Please save the following CFScript.txt file on to your desktop (note that it must be saved as a Text Document named CFScript for it to work):

[*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon:

CFScriptB-4.gif

When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.

Share this post


Link to post
Share on other sites

I'm almost certain that I ran one of those versions (even though I updated cf) of cf and there was no reboot, thankfully. I coudl be wrong.

Share this post


Link to post
Share on other sites

OK, that looks a lot better. Lets get a fresh OTL log for good measure. Also, you may want to update Malwarebytes' Anti-Malware and run a Quick Scan with it, and attach the log to a reply.

Please run OTL by following the instructions below:

  1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

Share this post


Link to post
Share on other sites

Everything looks good to me.

BTW: When you install free software, there is often an option to install a toolbar and change your browser homepage. Normally you can uncheck the option to install the toolbar, and that would prevent toolbars such as Babylon from getting installed.

Share this post


Link to post
Share on other sites

I never wanted Babylon in the first place, but unfortunately I couldn't avoid it. I remember I was trying to download an adobe upgrade and I just went deceitful site, but I learned my lesson and I either go to adobe.com, updatestar.com or as a back up filehippo.com. Flash player whereabouts and experience is a learning curve.

Share this post


Link to post
Share on other sites

I would recommend only downloading Adobe Flash from Adobe.com, as you can't guarantee you will get the latest version from third-party download sites.

Share this post


Link to post
Share on other sites

I believe what is the case now hasn't always been and what I'm saying is those two sites in my reply has the direct download. Even if I were to download the latest version I am still redirected to adobe.com to get the latest version and that wasn't the case in the past.

Share this post


Link to post
Share on other sites

I'm getting video freeze again, so I tested some vids, it would freeze but the audio would continue, then it would fastforward to present action. Are you getting this too?

Share this post


Link to post
Share on other sites

Hello Gib, because GT500 is having some technical difficulties I'll work with you for now.

Could you explain what videos are freezing? Are they freezing when you stream them (watch them online)? If so, in what browser? Could it be a connection problem?

Share this post


Link to post
Share on other sites

I just checked and I'm only getting video freeze in ie and NOT Firefox. Have you heard of tweaking.com?

It isn't a connection problem, btw!

Share this post


Link to post
Share on other sites

Yes, I've heard from Tweaking.com :)

If the problem is only in IE, then most likely an add-on or setting is responsible. Have you recently installed new IE components (toolbars, plugins, and so on)?

Please rerun OTL, click the NONE button, change the value under Standard Registry to "use safelist" and click Run Scan. Post the resulting OTL.txt

Share this post


Link to post
Share on other sites

The reason I asked,'have you heard of tweaking.com' was because I am or was thinking thats the solution.

Also, I want to give you an update and tell you I tested avideo and didn't get any freeze this time in ie. So, I don't know if the problem will return.

Share this post


Link to post
Share on other sites

Why would tweaking.com be the solution for your problem? Its just a site offering some handy programs, but it makes no sense just starting to use all them in hopes it will magically fix things on your computer.

Your logs are clean and as the video issue has disappeared and I see no possible cause for it in the log I think its safe to say you're good to go. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
      run-box.jpg
    • This will remove Combofix and other tools we used from your computer.

    [*]You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Share this post


Link to post
Share on other sites

Likewise, happy computing! :)

I will now close this topic. If you need it reopened, please send me a PM.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.