8 Steps completed, please read my logs

Status
Not open for further replies.
R

ryanNEEDShelp

Posts: 21   +0
Hey there. I just completed the 8 steps. I was up til 5:30am last night scanning stuff and hopefully fixing things. Then I cam accross the 8 steps and ran those.

Here's my logs.

I have my fingers crossed...

Thanks,
Ryan
 
Hi Ryan

Firstly there are a number of Windows startups that are just not needed (very common for Hp products)
If you can do so run => Startup Control Panel, and remove (meaning untick) as many Windows startup shortcuts as possible

Then run CCleaner again
Then restart
Start up Malwarebytes again; Update it; then run another (another?) yes another! full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed

Save the Malwarebytes log (oh and make sure to remove all found Malwares)
Then Restart

Then (after restarting) run HiJackThis and attach another log :)
 
Ok, aweseome. Will do. I'll post back when I'm done. Thanks so much!

Ryan

Alright, how am I looking now?

Thanks so much. I'm off to bed, I hope the malbugs don't byte. Hey-Oh!!!!!!

:zzz:

Ryan
 
Please run HJT and tick and fix the following (confirming all Internet browser windows are closed - before selecting fix)
O2 - BHO: {8271f095-deac-b51b-0874-7d6ca82aebed} - {debea28a-c6d7-4780-b15b-caed590f1728} - (no file)
O2 - BHO: (no name) - {E033D889-8829-4043-B813-1CDC9C8D8DA3} - (no file)
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O20 - AppInit_DLLs: ryxatn.dll
Click to expand...

The following entries are at your discretion (ie not malware) I personally say remove (fix) them too
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\Anti-Spyware\AnonAntiSpyware.exe /BOOT /SCAN /GUI
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Click to expand...

Restart, and then say, hip hip hooray, it's done :)
 
Before I do that...

Before I went to bed I realized I didn't upgrade the MBAM in my last scan... so I did that and scanned again... then it found more trojans. So I did another Hijack report and MBAM report and then checked for more updates at like 3 in the morning but MBAM said I was up to date so I did another full MBAM scan and fell back to sleep. When I woke up MBAM said it found no more viruses so here are my final two logs.

Thanks so much. I think I might be reaching the light at the end of the tunnel and glorious baby!

Phew...
 
Please run HJT and tick and fix the following (confirming all Internet browser windows are closed - before selecting fix)
O2 - BHO: {8271f095-deac-b51b-0874-7d6ca82aebed} - {debea28a-c6d7-4780-b15b-caed590f1728} - (no file)
O2 - BHO: (no name) - {E033D889-8829-4043-B813-1CDC9C8D8DA3} - (no file)
O20 - AppInit_DLLs: ryxatn.dll
Click to expand...

Regarding one of these entries: ryxatn.dll
As I had already mentioned above to remove this file, it seems to have come back
(I hope that you did follow my previous post? Although I also notice that "I personally say remove" entries still exist as well)
Did you follow my previous post?

If so, then we may need to manually search and locate: ryxatn.dll and remove it manually too.
KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.
http://www.killbox.net/downloads/KillBox.exe
 
Yes I did...

I did follow the previous post and that 20ry...dll file removed just fine.

So here is the final Highjack log.

My final question is that you wanted me to remove my MalwareRemovalbot.exe file but I had just bought that and the errorsmart.exe software the night before, so are those bad programs? I was suckered into their site when I was trying to get MBAM from your site I think.

I wonder if I can get a refund???

Thanks,
Ryan
 
Well it seems to have gone now

As for your bought programs, keep them running if you like, but free is just as good (if not, better!) You will not be able to get a refund I suspect, but no harm in trying.

There is one more thing you could try running though:

Combofix

Also please do this:
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
 
The combofix link I supplied tells you already:
ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a log when it is finished that contains a great deal of information that an experienced helper can use to diagnose, retrieve samples of, and remove infections that are not automatically removed.
Click to expand...

Removing System Restore cache is just standard stuff that Virus\Malware infected computer users must do. Many users are not even aware of System Restore constantly running in the background (actually I turned mine off, what's the use if the System Restore is usually the first thing to be infected) Recommended - leave on, for average user
 
Thank you sooooooooooooooooo much for your help. I was so terrified when this all started happening the other night.

Thanks again,
Ryan

Here's my ComboFix log.

Let me know if I need to do anything else.

Ryan
 
It's incredible how ComboFix always finds more
I might quote to use it more often, on other posts.

please do this (again):
As another restore point was automatically taken by ComboFix, before it removed 3 Malwares

Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

OK so now you're clean ;)
 
c:\windows\system32\monqqqru.ini
c:\windows\system32\monqqqru.ini2
c:\windows\system32\wquqmtwr.ini
Click to expand...
ryanNEEDShelp, it sounds as though you would really like to learn more on technical issues (possibly supporting yourself)

I will say that whilst you have just had an issue resolved, during that time it was best to just listen and follow directions of support members.
Now, seemingly your computer is now working well (without malware) It is a good time to start learning ;)
As TechSpot has a wide range of user technical issues through the forum threads (including a huge amount of user Virus\Malware infections, reported in member's new threads) I would suggest that you read through many of these threads (even following the new ones as they progress to being solved)
Please have a look at the forums https://www.techspot.com/vb/ And read, without making any posts on any member's threads (whatsoever) ie you are just learning
 
Yes I would.

I would like to learn how to secure myself from future attacks and how to be ready if they do happen. It amazes me that there is so much free software out there that I was able to use to fix my problems. Many thanks to you and the time you spent helping me and to those who created that free software.

I do have a bunch of other projects to get back to now that I'm back up and running but I will keep your guys' site saved and will try to make time to learn more about all of what happened to me and how to keep my computer updated and protected.

And also, this was a very interesting process of recovery. I enjoyed doing all the steps and watching the software find more and more stuff. Cool stuff.

What also needs to said is that the people out there creating these viruses are sick. People who enjoy creating such destruction are doing more than just ruining a pc; time is lost on projects, memories like photos are lost, music that has been hunted down and saved, and tons of files that will never be recovered are all lost, infected, identities stolen, etc, etc... sick, sick, sick. Thank God you guys exist to help protect people from these sickos. You're doing so much good in the face of so much evil. Thank you, thank you, thank you!

Ryan
 
Status
Not open for further replies.

Similar threads

yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz
Scorpus
AMD Ryzen 7000 is off to a slow start, Zen 4 sales are not good
3 4 5
Replies
112
Views
7K
quadibloc
quadibloc
Julio Franco
As the AI race unfolds, OpenAI keeps the lead and unveils GPT-4
Replies
15
Views
1K
zecoeco
zecoeco

Latest posts

Back