Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Issues logging into Windows.

13 May 2013   #61
GilV37

Windows 7 Home
 
 

Going back and reading the posts, please send link(s) to which ever program I should download for the next step. I have downloaded so much software, I forget what is what. lol

Currently I have on the infected PC:
mbar
FSS
PC scan and repair (re-image I guess)
MGADiag
ComboFix
PC Health Boos
FRST64
RogueKiller

If I have to purchase any of these software tools, no problem. Please advise on which one. I did download Microsoft Essential Tools but have not installed it. When the PC is clean, I can do that.

thanks


My System SpecsSystem Spec
.
13 May 2013   #62
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

GilV37

You may remove MGADiag . You don't need that anymore .
My System SpecsSystem Spec
13 May 2013   #63
cottonball

Windows 7 Home Premium
 
 

Let's press on...

Part I:
Please open Notepad: (Start > All Programs > Accessories > Notepad)

Copy/paste the entire content inside the quote box below to Notepad (Do not copy the word 'Quote'):

Quote:
File::
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdatact.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mhtmlmu.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mPlugin.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mskin.dll
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\T8HTML.DLL
C:\Users\Ferreira Family\AppData\Local\Google\Chrome\User Data\Default\Default\aadhddddgcdidgdbdedbdcdcdediddgf\background.js
C:\Users\Ferreira Family\AppData\Local\Google\Chrome\User Data\Default\Default\aadhddddgcdidgdbdedbdcdcdediddgf\ContentScript.js
C:\Users\Ferreira Family\AppData\LocalLow\D403.tmp.dat
C:\Users\Ferreira Family\AppData\LocalLow\D404.tmp
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\9c280d90-34ad-49ca-b231-e331aaf99bbaad\cdadcabeaafbbaad.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA3LH8DI.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA9QNTCC.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAAPZEWF.htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1B8V4P.js
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LMNF8W4\foasgroup_com[1].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\334KE5MZ\iframe3[2].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSD4GYOY\iframe3[1].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA3LH8DI.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA9QNTCC.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAAPZEWF.htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1B8V4P.js
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LMNF8W4\foasgroup_com[1].htms
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\334KE5MZ\iframe3[2].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSD4GYOY\iframe3[1].htm
ClearJavaCache::

In Notepad, click: File (upper left) > Save As...
Save the file to the Desktop
Name it: CFScript.txt
Click: Save

Both the CFScript.txt and the ComboFix program icon must be on the Desktop, or this will not work.

Make sure all AntiVirus and AntiMalware programscontinue to be disabled, so they do not interfere with the running of ComboFix.

Now, drag the CFScript.txt into ComboFix.exe as depicted below:



This action starts ComboFix again.

If the porgram asks to reboot, please do so.
When done, pease attach the new Combofix.txt in your reply.


Part II:
Also, you can remove the following:
1. PC Scan and Repair:
Please go to: Start > Control Panel > Programs and Features, and in the list of installed programs, look for entries like:
PC Scan and Repair
Reimage PC Repair
Reimage Repair
Reimage Community
Select the program, and click: Uninstall
Pay attention to the uninstall process, just in case Reimage attempts to prompt for additional nuisance software.

2. PC Health Boost
Uninstall: How To Uninstall PC HealthBoost™ | PCHealthBoost.com

3. MGADiag



Part III:
Next, please download Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Temporarily disable such programs as shown, or permit them to allow the changes:
http://www.bleepingcomputer.com/forums/topic114351.html

Right-click the MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.

Make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click: Finish

MBAM automatically starts and you are asked to update the program.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.

On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.

Please copy/paste the entire contents of the MBAM report in your reply.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.
My System SpecsSystem Spec
.

13 May 2013   #64
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

thanks cb
My System SpecsSystem Spec
13 May 2013   #65
GilV37

Windows 7 Home
 
 

Thanks Cottonball. Unfortunatly I will not be able to get to that PC for at least another 3 hours. But will try this fix, and get back to you ASAP.
My System SpecsSystem Spec
13 May 2013   #66
cottonball

Windows 7 Home Premium
 
 

No problem with that...I'll be out for a while also.
My System SpecsSystem Spec
13 May 2013   #67
cottonball

Windows 7 Home Premium
 
 

On the ESET Online Scanner...

It is my undertanding that in order to remove the malware, there needs to be a check next to the Remove found threats option in the Computer Scan Settings prompt:


This option should be selected by default. Apparently, this was not the case, or the setting was unchecked, to see what ESET finds. This is not bad idea, since there are situations when a false positive is detected.


-->> Instead of running ESET for a long while once again, used ComboFix to cut to the chase. <<--


If anyone runs the ESET Smart Security or ESET NOD32 Antivirus, the situation is different.
In the Threatsense Engine Parameter Setup, click Cleaning on the left pane, and, on the right pane, move the slider to the left or right to set the cleaning level (see image).

The different cleaning levels are No cleaning, Standard cleaning or Strict cleaning (used by most).

These levels determine the behavior of the ESET Smart Security or ESET NOD32 Antivirus when cleaning infected files.

My System SpecsSystem Spec
14 May 2013   #68
GilV37

Windows 7 Home
 
 

Ok, the scans finished, and here are the two files. These scans took a long time, but finally got them. The PC did reboot at one point yesterday to finish the scan and I can tell a difference already.


Attached Files
File Type: txt Combofix.txt (26.3 KB, 3 views)
File Type: txt mbam-log-2013-05-13 (19-33-10).txt (3.1 KB, 3 views)
My System SpecsSystem Spec
14 May 2013   #69
cottonball

Windows 7 Home Premium
 
 

Thanks for the reports, GilV37.

There is some Reimage showing, so let's make sure it is out of the game...

Please go to: Downloading HijackThis
Save to the Desktop.
Right-click and select: Run as Administrator
Accept the License Agreement if you decide to run the program.

When the HijackThis console opens, press the following button: Do A system scan and save a logfile
When done scanning, a log opens in Notepad, and also appears on your Desktop.
>>Please post the HijackThis log in your reply.<<


Again in HijackThis, access the Uninstall Manager as follows:

At tne HijackThis console:
Click: Config button > Misc Tools button > Open Uninstall Manager
Now, click oo: Save list... button and save to the Desktop
A Notepad opens with the information needed.
Please provide the contents of Uninstall list in your reply.
My System SpecsSystem Spec
14 May 2013   #70
GilV37

Windows 7 Home
 
 

ok, i'll take care of this later on this evening. thanks!
My System SpecsSystem Spec
Reply

 Issues logging into Windows.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Need help logging into Windows 7
I have managed to lock myself out of my laptop and can't find a (free?) way around it. I've googled, searched videos, had my kids search (they are so much faster :) ), so now I'm desperate enough to post about it. Embarrassing, because after so many years on various Windows platforms I should...
General Discussion
BSOD when logging in Windows 7
hello! could you help me. I have BSOD immediately after logging in W7 x64 pro SP1 on my laptop Asus x54h but it's work fine in Safe Mode with Network thank you.
BSOD Help and Support
system hangs after logging off and logging back!
hi! I logged off and logged back in.My system displays a black screen and doesn't log back in.It freezes and doesn't log back in. Help would be appreciated. mahesh
Performance & Maintenance
Windows keeps logging me off!
I have no idea why but every now and then (pretty often) Windows will just randomly log me off and then i can just log in and keep going but it is very annoying.. It mostly happens when i am playing a full screen game (of any kind) and i press either the windows key to minimize it or i press...
BSOD Help and Support
See what windows does at startup and while logging off
to see what windows is doing before logging off navigate to 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', in the registry, create a DWORD value called 'verbosestatus' and set it to 1 (u might want to try this if ur comp is taking too long to shutdown or start)
General Discussion
Windows 7 RC not logging in
I am facing a different kinda problem, i cant login to my windows. I get the login screen, but when i give in my credentials it goes to the welcome screen and doesnt change at all, no matter how long i wait. I went into safeboot(luckily i could get into my desktop) and restored the pc onto an...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:27.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App