Solve : Not sure what this is...?

1.	Solve : Not sure what this is...?
Answer» Your thinking one step ahead of me now Thanks for the logs. You need to update and run MBAM again. That is v1.35 and we are in v1.36 now so it is way out of date. I should have caught that with the last MBAM scan so I screwed up. Please Run Malwarebytes' Anti-Malware. Click the Update tab. Click Check for Updates If an update is found, it will download and install. Click the Scanner tab. Select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy & Paste the entire report in your next reply along with a fresh HijackThis log. . Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Also run a new HijackThis scan once MBAM is done and the computer restarted and post that log as well. Ok Here they are! [attachment deleted by admin]You have restarted the computer after running MBAM right? Looking at the HJT log now...yeah i restarted itOK let's do this. Go to Start > Run and type Notepad.exe then click OK. Copy and paste the following text within the code box into the new Notepad file. Code: [Select]@ECHO OFF sc stop "0269351237706498" sc delete "0269351237706498" exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- Right click HijackThis and choose 'Run as Administrator' Select Do a system scan only Place a check mark next to the following entries: (if there) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) . Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Be sure to download a new copy of ComboFix. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily DISABLE your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Right click combofix.exe & choose 'Run as Administrator' then follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixOk here is the combofix log [attachment deleted by admin]Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Folder:: c:\program files\AVG Driver:: 0269351237706498mcinstcleanup Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{6879BA04-D1AA-49AA-8B4A-E20EC7F116D6}"=- "{33811BE1-4254-4373-BA13-B480FA466F13}"=- "{5869D7A3-E23D-4C6F-8FB3-6C53157D4633}"=- "{F84052A0-E422-4AF9-A76C-7D683BE66758}"=- "{C0152898-C4B1-4BA6-A535-4C63B3280117}"=- "{184757BE-E404-44E3-AA16-9A18408571D4}"=- RegLockDel:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this INSTRUCTION carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze** Ok here is the log after that step! And my computer rebooted. [attachment deleted by admin]Scan with Panda ActiveScan 2.0 This scanner requires Internet Explorer Once you are on the Panda site click the Scan your PC now button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Select the appropriate Yes or No to receiving marketing information Click the Free Online Scan button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a CONVENIENT location. . Post the contents of the ActiveScan report in your next reply.Ok it is scanning! Ok I did the scan but it didn't give me a log from it. It said it found nothing, but it didn't take very long to scan my computer Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. HIDE file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator Under Main: Select Files to Delete choose: Select All. Click the Empty Selected button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. Click Exit on the Main menu to close the program. . Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . Important: Restart the computer before continuing. ---------- How is the computer running now?Ok well I rebooted my computer and my documents folder is still unreadable Whatever it is it doesn't appear to be a malware issue and I am out of ideas. Try posting in the Windows forum. Someone there will have some ideas. I don't use Vista so am limited on what to try.Ok thanks anyways!

Answer»

Your thinking one step ahead of me now Thanks for the logs.

You need to update and run MBAM again. That is v1.35 and we are in v1.36 now so it is way out of date. I should have caught that with the last MBAM scan so I screwed up.

Please Run Malwarebytes' Anti-Malware.

Click the Update tab.
Click Check for Updates
If an update is found, it will download and install.
Click the Scanner tab.
Select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Also run a new HijackThis scan once MBAM is done and the computer restarted and post that log as well.

Ok Here they are!

[attachment deleted by admin]You have restarted the computer after running MBAM right?

Looking at the HJT log now...yeah i restarted itOK let's do this.

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]@ECHO OFF
sc stop "0269351237706498"
sc delete "0269351237706498"
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

Right click HijackThis and choose 'Run as Administrator'

Select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Be sure to download a new copy of ComboFix.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily DISABLE your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right click combofix.exe & choose 'Run as Administrator' then follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixOk here is the combofix log

[attachment deleted by admin]Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Folder::
c:\program files\AVG

Driver::
0269351237706498mcinstcleanup

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6879BA04-D1AA-49AA-8B4A-E20EC7F116D6}"=-
"{33811BE1-4254-4373-BA13-B480FA466F13}"=-
"{5869D7A3-E23D-4C6F-8FB3-6C53157D4633}"=-
"{F84052A0-E422-4AF9-A76C-7D683BE66758}"=-
"{C0152898-C4B1-4BA6-A535-4C63B3280117}"=-
"{184757BE-E404-44E3-AA16-9A18408571D4}"=-

RegLockDel::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this INSTRUCTION carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Ok here is the log after that step! And my computer rebooted.

[attachment deleted by admin]Scan with Panda ActiveScan 2.0

This scanner requires Internet Explorer

Once you are on the Panda site click the Scan your PC now button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Select the appropriate Yes or No to receiving marketing information
Click the Free Online Scan button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a CONVENIENT location.

.
Post the contents of the ActiveScan report in your next reply.Ok it is scanning! Ok I did the scan but it didn't give me a log from it. It said it found nothing, but it didn't take very long to scan my computer

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
HIDE file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.

----------

How is the computer running now?Ok well I rebooted my computer and my documents folder is still unreadable Whatever it is it doesn't appear to be a malware issue and I am out of ideas. Try posting in the Windows forum. Someone there will have some ideas. I don't use Vista so am limited on what to try.Ok thanks anyways!

Solve : Not sure what this is...?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment