Page 2 of 8 FirstFirst 1234 ... LastLast
Results 11 to 20 of 76
  1. #11
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Quote Originally Posted by Danita View Post
    I have the log from ESET but things aren't happening the way of your instructions, is that ok? You are right, it is a large log and I have never used a Dropbox account so I am going to see how to do that.
    How will I associate this and that....is there any instructions?
    Thanks!
    Hi Danita,

    Your computer is severely infected. Please continue to follow all instructions till Joe and\or I say your system is clean.

    FRST is located in your downloads folder as shown below:

    C:\Users\Frost\Downloads\FRST64.exe

    That is where you will find the fixlog.txt after it is/was executed. To find that log please do the following:

    Click on your Start
    In the right hand column of your Start menu click on Frost > Downloads folder.
    Click on the fixlog.txt then copy and paste the contents in your next reply.

    As for the ESET log, let's see if we can get that log attached to the forum. The instructions on how to attach a file to the forum can be found >>here<<

    Let me know if you have any trouble.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  2. #12
    Member
    Join Date
    Dec 2014
    Posts
    56
    Points
    0

    Default

    start
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-2985046805-2552207245-1989084522-1000\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-2985046805-2552207245-1989084522-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"bi8\..\mshtml,RunHTMLApplication ";eval("usxzbbs4<odv!@buhwdYNckdbu)#VRbshq (the data entry has 28623 more characters). <==== Poweliks!
    HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S1 dwojnrct; \??\C:\Windows\system32\drivers\dwojnrct.sys [X]
    S1 ecgesquq; \??\C:\Windows\system32\drivers\ecgesquq.sys [X]
    S1 hxftaubi; \??\C:\Windows\system32\drivers\hxftaubi.sys [X]
    S1 mqlrjflq; \??\C:\Windows\system32\drivers\mqlrjflq.sys [X]
    S1 mwvolmgd; \??\C:\Windows\system32\drivers\mwvolmgd.sys [X]
    U0 SR; No ImagePath
    U2 srservice; No ImagePath
    S1 tcpmedrb; \??\C:\Windows\system32\drivers\tcpmedrb.sys [X]
    S1 wrvpmwty; \??\C:\Windows\system32\drivers\wrvpmwty.sys [X]
    2015-07-09 07:27 - 2015-07-09 07:27 - 00008592 _____ C:\HELP_DECRYPT.HTML
    2015-07-09 07:27 - 2015-07-09 07:27 - 00004236 _____ C:\HELP_DECRYPT.TXT
    2015-07-09 07:27 - 2015-07-09 07:27 - 00000280 _____ C:\HELP_DECRYPT.URL
    2015-07-08 15:37 - 2015-07-08 15:37 - 00008620 _____ C:\Users\Public\HELP_DECRYPT.HTML
    2015-07-08 15:37 - 2015-07-08 15:37 - 00004250 _____ C:\Users\Public\HELP_DECRYPT.TXT
    2015-07-08 15:37 - 2015-07-08 15:37 - 00000288 _____ C:\Users\Public\HELP_DECRYPT.URL
    2015-07-08 14:45 - 2015-07-08 14:45 - 00008620 _____ C:\Users\Frost\HELP_DECRYPT.HTML
    2015-07-08 14:45 - 2015-07-08 14:45 - 00004250 _____ C:\Users\Frost\HELP_DECRYPT.TXT
    2015-07-08 14:45 - 2015-07-08 14:45 - 00000288 _____ C:\Users\Frost\HELP_DECRYPT.URL
    2015-07-08 14:06 - 2015-07-08 14:06 - 00008620 _____ C:\Users\Frost\Downloads\HELP_DECRYPT.HTML
    2015-07-08 14:06 - 2015-07-08 14:06 - 00004250 _____ C:\Users\Frost\Downloads\HELP_DECRYPT.TXT
    2015-07-08 14:06 - 2015-07-08 14:06 - 00000288 _____ C:\Users\Frost\Downloads\HELP_DECRYPT.URL
    2015-07-08 14:05 - 2015-07-08 14:05 - 00008620 _____ C:\Users\Frost\Documents\HELP_DECRYPT.HTML
    2015-07-08 14:05 - 2015-07-08 14:05 - 00004250 _____ C:\Users\Frost\Documents\HELP_DECRYPT.TXT
    2015-07-08 14:05 - 2015-07-08 14:05 - 00000288 _____ C:\Users\Frost\Documents\HELP_DECRYPT.URL
    2015-07-08 14:03 - 2015-07-08 14:03 - 00008620 _____ C:\Users\Frost\AppData\Roaming\HELP_DECRYPT.HTML
    2015-07-08 14:03 - 2015-07-08 14:03 - 00008620 _____ C:\Users\Frost\AppData\Local\HELP_DECRYPT.HTML
    2015-07-08 14:03 - 2015-07-08 14:03 - 00008620 _____ C:\Users\Frost\AppData\HELP_DECRYPT.HTML
    2015-07-08 14:03 - 2015-07-08 14:03 - 00008620 _____ C:\ProgramData\HELP_DECRYPT.HTML
    2015-07-08 14:03 - 2015-07-08 14:03 - 00004250 _____ C:\Users\Frost\AppData\Roaming\HELP_DECRYPT.TXT
    2015-07-08 14:03 - 2015-07-08 14:03 - 00004250 _____ C:\Users\Frost\AppData\Local\HELP_DECRYPT.TXT
    2015-07-08 14:03 - 2015-07-08 14:03 - 00004250 _____ C:\Users\Frost\AppData\HELP_DECRYPT.TXT
    2015-07-08 14:03 - 2015-07-08 14:03 - 00004250 _____ C:\ProgramData\HELP_DECRYPT.TXT
    2015-07-08 14:03 - 2015-07-08 14:03 - 00000288 _____ C:\Users\Frost\AppData\Roaming\HELP_DECRYPT.URL
    2015-07-08 14:03 - 2015-07-08 14:03 - 00000288 _____ C:\Users\Frost\AppData\Local\HELP_DECRYPT.URL
    2015-07-08 14:03 - 2015-07-08 14:03 - 00000288 _____ C:\Users\Frost\AppData\HELP_DECRYPT.URL
    2015-07-08 14:03 - 2015-07-08 14:03 - 00000288 _____ C:\ProgramData\HELP_DECRYPT.URL
    2015-07-08 14:03 - 2015-07-08 14:03 - 0008620 _____ () C:\Users\Frost\AppData\Roaming\HELP_DECRYPT.HTML
    2015-07-08 14:03 - 2015-07-08 14:03 - 0045272 _____ () C:\Users\Frost\AppData\Roaming\HELP_DECRYPT.PNG
    2015-07-08 14:03 - 2015-07-08 14:03 - 0004250 _____ () C:\Users\Frost\AppData\Roaming\HELP_DECRYPT.TXT
    2015-07-08 14:03 - 2015-07-08 14:03 - 0000288 _____ () C:\Users\Frost\AppData\Roaming\HELP_DECRYPT.URL
    2015-07-08 14:03 - 2015-07-08 14:03 - 0008620 _____ () C:\Users\Frost\AppData\Local\HELP_DECRYPT.HTML
    2015-07-08 14:03 - 2015-07-08 14:03 - 0045272 _____ () C:\Users\Frost\AppData\Local\HELP_DECRYPT.PNG
    2015-07-08 14:03 - 2015-07-08 14:03 - 0004250 _____ () C:\Users\Frost\AppData\Local\HELP_DECRYPT.TXT
    2015-07-08 14:03 - 2015-07-08 14:03 - 0000288 _____ () C:\Users\Frost\AppData\Local\HELP_DECRYPT.URL
    2015-07-08 14:03 - 2015-07-08 14:03 - 0008620 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-07-08 14:03 - 2015-07-08 14:03 - 0045272 _____ () C:\ProgramData\HELP_DECRYPT.PNG
    2015-07-08 14:03 - 2015-07-08 14:03 - 0004250 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-07-08 14:03 - 2015-07-08 14:03 - 0000288 _____ () C:\ProgramData\HELP_DECRYPT.URL
    CustomCLSID: HKU\S-1-5-21-2985046805-2552207245-1989084522-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"bi8\..\mshtml,RunHTMLApplication ";eval("usxzbbs4<odv!@buhwdYNckdbu)#VRbshq (the data entry has 28631 more characters). <==== Poweliks?
    Task: {0EB85AAE-1BD2-4FBA-9BA7-D238E2695587} - \Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up No Task File <==== ATTENTION
    Task: {593FB07E-362D-464B-8859-9669B98CECA3} - \{40688B7E-4C15-C660-3FB9-14C2E015F27F} No Task File <==== ATTENTION
    Task: {65F78C02-4CC1-481A-9E4B-93D0343A2A80} - \Hewlett-Packard\HP Support Assistant\Update Check No Task File <==== ATTENTION
    Task: {7744F4E6-E2D1-4884-A0E8-EEDAFDFA619F} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis No Task File <==== ATTENTION
    Task: {8105361B-CE94-42E9-B02E-4C52ECD3C107} - \Hewlett-Packard\HP Support Assistant\PC Tuneup No Task File <==== ATTENTION
    Task: {D15EAA8E-705E-47B0-AA1A-D789EB3E28F2} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start No Task File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
    HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:

  3. #13
    Member
    Join Date
    Dec 2014
    Posts
    56
    Points
    0

    Default

    I think this is the right log and now I am going to try and load the big log..............
    Thanks again for all the help!

  4. #14
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Did you see a text file in your Downloads that was labeled fixlog.txt?
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #15
    Member
    Join Date
    Dec 2014
    Posts
    56
    Points
    0

    Default

    Hi, I did what was directed...Go Advanced but when I click the attachment paperclip in the menu it comes up with the red flag in the corner like that is part of the Help2Go logo and does the same with the Manage Attachments button! I wil close out and log in again, maybe that will help!

  6. #16
    Member
    Join Date
    Dec 2014
    Posts
    56
    Points
    0

    Default

    Yes this is that file! I will check it again...........should I send all the files that I have recieved from FRST?

  7. #17
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    No. Don't copy and paste all the files, just the labels under the text files such as:

    fixlist.txt
    fixlog.txt
    FRST.txt
    Addition.txt
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. #18
    Member
    Join Date
    Dec 2014
    Posts
    56
    Points
    0

    Default

    Addition.txt (7-10-15
    Additional.result.txtreport.txt (7-10-15 4:08
    FRST.txt (7-11-15
    FRST.txtreport.txt (7-10-15 4:07
    Fixlist.txt (this is the report I got that was sent to the desktop that I just sent you.

    Did you come up with why when I click on attachments it only shows the red stripes in the corner with the rest of the page white? COuld this be part of the virus?

  9. #19
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Did you come up with why when I click on attachments it only shows the red stripes in the corner with the rest of the page white? COuld this be part of the virus?
    I don;t think that was because of the virus but viruses can cause strange things to happen.

    Let's focus on FRST for a moment.

    I think I know what the problem is.

    FRST64.exe is located in your Downloads folder and Fixlist.txt is located on your desktop. Both FRST64.txt and fixlist.txt have to be in the same location for the fix to work.

    Please go to your Downloads folder and drag and drop FRST64.txt to your desktop so both FRST64.txt and fixlist.txt are in the same location.

    Let me know when you see FRST64.exe located on your desktop and will provide further instructions.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  10. #20
    Member
    Join Date
    Dec 2014
    Posts
    56
    Points
    0

    Default

    OK I see them, one has FRST(1).txt and is from the next day. Do I drag and drop it on the Fixlist or next to it?

Page 2 of 8 FirstFirst 1234 ... LastLast