Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Believe I have a virus of some sort.


  • Please log in to reply

#46
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
ComboFix surely didn't delete any personal items I can see. Let's check, before we go further.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Grinler's unhide.exe, then click to run that. A few windows may open briefly, and it will alert you when it has completed it's tasks.

-------

Then go here and download and install the latest version of Firefox. Reboot after, and post back on any changes that all brought about please.
  • 0

Advertisements


#47
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Here is what the unhide program gave me for the notes. Also the fuzziness still exists in firefox even after redownloading it. My video, documents, and music folders still give me a pop up about it isn't working and can be safely deleted. This happened after combofix. Not saying that combofix did that but just saying that they were alright before I done that. The good thing though is the I.E. update even though it couldn't be uninstalled is now gone. So at least something is fixed.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 06/12/2013 02:34:44 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 278813 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 0 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.

The C:\Users\Jfarelas\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 06/12/2013 02:40:24 PM
Execution time: 0 hours(s), 5 minute(s), and 40 seconds(s)
  • 0

#48
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I really need to be clear on this. The graphic you uploaded shows a log file. So not normally viewed using Firefox. Do you have an example of just a blurred web page using Firefox?

Open notepad (go to Start Search, type notepad and press Enter) and copy/paste the text in the codebox below into it:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\windows\SysWow64\frapsvid.dll.vir
QUIT::
Save this to your desktop as CFScript.txt

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will run a brief limited scan, after which a log will pop up (also located at C:\DeQuarantine.txt). Post that back here please.

That should undo non-malware changes ComboFix made earlier.

---------

Reboot, and post back on what still ails the system please.
  • 0

#49
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

I really need to be clear on this. The graphic you uploaded shows a log file. So not normally viewed using Firefox. Do you have an example of just a blurred web page using Firefox?

Open notepad (go to Start Search, type notepad and press Enter) and copy/paste the text in the codebox below into it:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\windows\SysWow64\frapsvid.dll.vir
QUIT::
Save this to your desktop as CFScript.txt

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will run a brief limited scan, after which a log will pop up (also located at C:\DeQuarantine.txt). Post that back here please.

That should undo non-malware changes ComboFix made earlier.

---------

Reboot, and post back on what still ails the system please.


Rebooted. Here is the txt file. I still can't open the music,video, or document folders. Gives me a pop up of saying they been deleted. Also another thing started to happen just a few days ago which is really annoying. The sound keeps turning off every few hours. I installed Avast instead of AVG though so maybe tha thas something to do with it? Okay so basically what the problems I have now are

-Blurred screen on Firefox. You can see the screen shot a page or two back. Ill repost it here though after the txt file.
-Sound turns off all together after a few hours. Just started 2 days ago
-Can't open documents, music, or video folders anymore. Below are posted the txt file and the screen shot of the blurred screen.

----

C:\Qoobox\Quarantine\C\windows\SysWow64\frapsvid.dll.vir -> C:\windows\SysWow64\frapsvid.dll



screen shot

http://imageshack.us.../weirdttxt.jpg/

Edited by trips487, 14 June 2013 - 06:51 PM.

  • 0

#50
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Okay, now I get a handle on things. And am not right sure which way to look first. Can't even think of a reason sound would turn off after a few hours.


Go here and install the Firefox Extension List Dumper, and allow Firefox to close and re-open. I have installed it, and find it is just what it says it is, which will help us right now.

Then in Firefox, go to Tools - Add-ons, click Extensions, click Extension List Dumper, then at the bottom, click Dump List. Use Save as to save that to your desktop, then post the contents back here please.
  • 0

#51
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Better yet, download Extension List Dumper from here.
  • 0

#52
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Have to figure out what those files showing up as deleted are.


Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after:

chkdsk /r

It will likely find volumes in use and ask if you want it to run on reboot - select Y for yes, then reboot. This will scan for files as well a locate and repair bad sectors of the disk.

--------

Click here and download Grinler's unhide.exe, then click to run that. A few windows may open briefly, and it will alert you when it has completed it's tasks.

Once it has completed, reboot, and check for change.

Both of those steps were intended to correct the non-accessible files issue.
  • 0

#53
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
DumpList

Application: Firefox 21.0 (20130511120803)
Operating System: WINNT (x86-msvc)

- avast! Online Security 8.0.1489
- AVG SafeGuard toolbar 15.3.0.10 (Disabled)
- DivX Plus Web Player HTML5 <video> 2.1.2.145 (Disabled)
- Extension List Dumper 1.15.2
- Firebug 1.11.4
- LivingPlay TextLinks 1.0.0 (Disabled, Incompatible)
- Photobucket Uploader 1.3.7
- Skype Click to Call 6.9.0.12585 (Disabled)
- Updated Ad Blocker for Firefox 11+ 0.7.7



I have done the other instructions and the unhide as well again. I still can not open the folders for some reason. Thank you.
  • 0

#54
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I am just unclear why these folders have been marked as deleted. Reeks of a failing drive, but if chkdsk came trough unscathed that isn't likely.

In Firefox, go to Tools - Add-ons, and locate and Remove or disable the following:

AVG SafeGuard toolbar
Updated Ad Blocker for Firefox 11+ 0.7.7
Firebug 1.11.4
LivingPlay TextLinks 1.0.0 (Disabled, Incompatible)


-------

Post one of the locations of one of the "deleted" folders. For example:

C:\Users\yourname\"deleted folder"

If you can, right click on the folder and select Properties, than copy/paste from there the location and name.
  • 0

#55
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

I am just unclear why these folders have been marked as deleted. Reeks of a failing drive, but if chkdsk came trough unscathed that isn't likely.

In Firefox, go to Tools - Add-ons, and locate and Remove or disable the following:

AVG SafeGuard toolbar
Updated Ad Blocker for Firefox 11+ 0.7.7
Firebug 1.11.4
LivingPlay TextLinks 1.0.0 (Disabled, Incompatible)


-------

Post one of the locations of one of the "deleted" folders. For example:

C:\Users\yourname\"deleted folder"

If you can, right click on the folder and select Properties, than copy/paste from there the location and name.


Deleted some of those files but others are unable to delete in firefox. They are disabled though. Would I be able to reinstall the ad blocker add on later once this is fixed? Also the text seems to still be blurry. Lastly I am unable to right click properties in the folders. it says they are unable to open. I am however, able to open my document folder and the other folders by typing in search and locating the folder there. Which is weird.
  • 0

Advertisements


#56
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Please post one of the locations of one of the "deleted" folders. For example:

C:\Users\yourname\"deleted folder"

So I can create a script to run.
  • 0

#57
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Just type out the path to the folder, and skip Properties.

C:\Users\yourname\documents\"deleted folder"
  • 0

#58
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
C:\Users\Jfarelas\Music

Edited by trips487, 20 June 2013 - 12:57 AM.

  • 0

#59
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Go HERE and download CAT – Crisis Aversion Tool, then click that cat.exe to run the tool.

When CAT opens, place a check next to:

Reset Permissions
Use Aggressive


Another window will open periodically as the scan makes the permissions changes. This can take quite some time.

When it finishes close CAT (and the log), then reboot.

Check for folder access then please.
  • 0

#60
trips487

trips487

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Those still don't open. I can upload a screen shot of what the error looks like if you need. Ill do that later on today as it is late now. Just wanted to give you an update right now after I done the task.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP