- Local time
- 9:37 AM
- Messages
- 62
Solved Help with Firewall/Hacker
- Thread starter DigitalOctave
- Start date
- Local time
- 7:37 AM
- Messages
- 6,830
Open Notepad. Inside Notepad paste the highlighted text inside Notepad
start
C:\Users\Enrique\AppData\Local\Temp\GBLCY.exe
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-05] ()
HKCU\...\Run: [Dargon] - C:\Dargon\DargonD.exe [x]
HKCU\...\Run: [WindowsUpdatevisd] - C:\Users\Enrique\OEPTK\HTWAQ.vbs [1382121 2013-07-06] ()
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL =
BHO-x32: Yealt Class - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\SysWow64\yealt.dll (Yealt)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
cmd: ipconfig /flush dns
C:\Users\Enrique\AppData\Roaming\JvXsG
C:\Users\Enrique\AppData\Roaming\QMBVL
C:\Users\Enrique\AppData\Roaming\nBLut
C:\Users\Enrique\AppData\Roaming\JEsNE
C:\32788R22FWJFW
C:\Windows\Tasks\SA.DAT
end
Click on File ===> Save As
File Name: Fixlist.txt
Save as type: All Files
Location: Desktop
Click on the Save button
Open FRST64.exe and click on the [Fix] button. Once done it will create a new log called Fixlog.txt Upload the new Fixlog.txt with your reply.
Once done run these two programs next
TDSSKILLER
download link :ar: TDSSKiller
Right-click TDSSKILLER.exe select
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK
Press: Start Scan
If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt
Please post the TDSSKiller log in your reply.
On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the
button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
On
or
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on
choose
on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
start
C:\Users\Enrique\AppData\Local\Temp\GBLCY.exe
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-05] ()
HKCU\...\Run: [Dargon] - C:\Dargon\DargonD.exe [x]
HKCU\...\Run: [WindowsUpdatevisd] - C:\Users\Enrique\OEPTK\HTWAQ.vbs [1382121 2013-07-06] ()
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL =
BHO-x32: Yealt Class - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\SysWow64\yealt.dll (Yealt)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
cmd: ipconfig /flush dns
C:\Users\Enrique\AppData\Roaming\JvXsG
C:\Users\Enrique\AppData\Roaming\QMBVL
C:\Users\Enrique\AppData\Roaming\nBLut
C:\Users\Enrique\AppData\Roaming\JEsNE
C:\32788R22FWJFW
C:\Windows\Tasks\SA.DAT
end
Click on File ===> Save As
File Name: Fixlist.txt
Save as type: All Files
Location: Desktop
Click on the Save button
Open FRST64.exe and click on the [Fix] button. Once done it will create a new log called Fixlog.txt Upload the new Fixlog.txt with your reply.
Once done run these two programs next
TDSSKILLER
download link :ar: TDSSKiller
Right-click TDSSKILLER.exe select
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK
Press: Start Scan
If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt
Please post the TDSSKiller log in your reply.
On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
On
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 9:37 AM
- Messages
- 62
Logs
Still here, its taking a while for ESET here are the first 2 for now
Still here, its taking a while for ESET here are the first 2 for now
My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
- Local time
- 7:37 AM
- Messages
- 6,830
Uninstall these programs
Daemons Tools lite ( reason : causes BSODs on Windows 7 )
McAfee ( BSOD issue and not as good of a antivirus )
RegCleanPro ( don't need a reg cleaner for windows 7 )
After you remove Mcafee run the tool below
MCPR < download link
Daemons Tools lite ( reason : causes BSODs on Windows 7 )
McAfee ( BSOD issue and not as good of a antivirus )
RegCleanPro ( don't need a reg cleaner for windows 7 )
After you remove Mcafee run the tool below
MCPR < download link
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 7:37 AM
- Messages
- 6,830
Don't see any logs uploaded .
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 9:37 AM
- Messages
- 62
- Local time
- 7:37 AM
- Messages
- 6,830
Tdsskiller came out clean . Once the ESET is complete restart the PC .
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 9:37 AM
- Messages
- 62
So far its found 4 Win32/BitCoinMiner.p Applications
Its stuck at 56 scanning through steam
5 Trojans at 91% going through cookies
Its stuck at 56 scanning through steam
5 Trojans at 91% going through cookies
Last edited:
My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
- Local time
- 7:37 AM
- Messages
- 6,830
Once ESET is done and you restart the PC . Rerun FSS to see where we stand on the services .
Then run RogueKiller
RogueKiller for 32bit <==== Download Link
RogueKiller for 64bit <==== Download Link
:ar: Click on one of the links above that goes with your Windows 7 bit versions
:ar: Save to the Desktop.
:ar: Close all windows and browsers
:ar: Right click on
and choose
:ar: Press: SCAN
:ar: provide the RKreport.txt (Mode: Scan) in your reply.
Then run RogueKiller
RogueKiller for 32bit <==== Download Link
RogueKiller for 64bit <==== Download Link
:ar: Click on one of the links above that goes with your Windows 7 bit versions
:ar: Save to the Desktop.
:ar: Close all windows and browsers
:ar: Right click on
:ar: Press: SCAN
:ar: provide the RKreport.txt (Mode: Scan) in your reply.
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 9:37 AM
- Messages
- 62
- Local time
- 9:37 AM
- Messages
- 62
- Local time
- 7:37 AM
- Messages
- 6,830
You got a huge drive .
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 9:37 AM
- Messages
- 62
- Local time
- 9:37 AM
- Messages
- 62
I went to bed with it at 91% and its still there, and its stuck going through the temp internet files.
My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
- Local time
- 7:37 AM
- Messages
- 6,830
Yeah 1TB drive will take a while to scan .
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 9:37 AM
- Messages
- 62
- Local time
- 7:37 AM
- Messages
- 6,830
Still not done ?
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 9:37 AM
- Messages
- 62
nope 
its like it restarted going through cookies its at B5
its like it restarted going through cookies its at B5My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
- Local time
- 9:37 AM
- Messages
- 62
- Local time
- 7:37 AM
- Messages
- 6,830
If it sees it as a malicious software yes .
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000