SpySentinel

Member
  • Content Count

    14
  • Joined

  • Last visited

Community Reputation

0 Neutral

About SpySentinel

  • Rank
    Malware Removal Team

Contact Methods

  • Website URL
    http://www.geekstogo.com/

Profile Information

  • Gender
    Not Telling
  • Location
    The United States
  • Interests
    Fighting/Analyzing Malware
  1. Does it happen with Firefox and Internet Explorer?
  2. You're welcome Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  3. Hi xsexax, Welcome to the Emsisoft Support Forums. Run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O33 - MountPoints2\{8673166a-89e0-11de-9a34-00e04d41e6da}\Shell\AutoRun\command - "" = I:\Launcher.exe @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A0829E0 :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done
  4. Thanks for posting before you leave. I will leave this thread open. When you return, please post the ESET log as well.
  5. Hi Abacus, You're welcome Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Run ESET Online Scan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. [*]Check [*]Click the button. [*]Accept any security warnings from your browser. [*]Check [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the button. [*]Push You can refer to this animation by neomage if needed.
  6. Hi Shark, You're welcome Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  7. Hi Abacus, You're welcome Run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 @Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B013599 @Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED912DB @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done
  8. Hi Abacus, Welcome to the Emsisoft Support Forums! My name is SpySentinel and I will be helping you with your malware issue. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  9. No worries, thanks for letting me know. Malwarebytes did find malware, however you did not remove it. Please run a scan with Malwarebytes again, and this time once it is done scanning, choose to Remove All of the malware, and post the log here in a reply. Also please run the ESET Online Scan and post that log.
  10. Hi Shark, You're welcome Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Run ESET Online Scan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. [*]Check [*]Click the button. [*]Accept any security warnings from your browser. [*]Check [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the button. [*]Push You can refer to this animation by neomage if needed.
  11. Hi shark, Welcome to the Emsisoft Support Forums My name is SpySentinel and I will be helping you clean up your computer. Run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (D) - {7AF90D8C-DAC7-33E3-BC4C-CC8DB8A74172} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O20 - Winlogon\Notify\542b969d665: DllName - Reg Error: Value error. - Reg Error: Value error. File not found [2010/08/30 23:44:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ fc17be8 [2010/08/30 22:29:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ 90ca7e0 [2010/08/30 22:29:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\f98d2210 [2010/08/29 01:33:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ca152460 [2010/08/29 01:33:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\80d08d68 [2010/08/24 01:12:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ 4c87220 [2010/08/24 01:11:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\13657218 [2010/08/24 01:11:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\1a703668 [2010/08/24 01:10:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\98505898 [2010/08/24 01:10:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\e1975968 [2010/08/24 01:09:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\33dac248 [2010/08/24 01:09:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\991509c0 [2010/08/24 01:08:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ba65fef8 [2010/08/24 01:07:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\3d20e570 [2010/08/24 01:02:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\7b4a64b8 [2010/08/24 01:02:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\4bde3f98 [2010/08/06 00:39:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\480698b0 [2010/08/02 11:45:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\b6a26d38 [2010/08/02 11:45:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\f0c46b88 [2010/07/28 00:42:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\5f53cb80 [2010/07/28 00:42:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ad0f5230 [2010/07/28 00:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\7792db68 [2010/07/28 00:41:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\a42f4310 [2010/07/28 00:41:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\2507c130 [2010/07/28 00:40:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\2873c308 [2010/07/28 00:40:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\eddf77d8 [2010/07/28 00:39:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\54123f00 [2010/07/28 00:38:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\96bd4518 [2010/07/26 01:49:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\43188078 [2010/07/26 01:49:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\52fe93c0 [2010/07/26 01:49:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\50befeb8 [2010/07/26 01:48:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\1fb19930 [2010/07/26 01:44:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\35271f90 [2010/07/26 01:43:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\fa7e2de8 [2010/07/26 01:27:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\a294cf98 [2010/07/26 01:26:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\f40af2e0 [2010/07/19 16:59:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\2dc0b258 [2010/07/19 16:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\9a1f2eb8 [2010/07/19 16:59:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\1854cab8 [2010/07/19 16:58:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\66f86b48 [2010/07/19 16:58:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\931a56f8 [2010/07/19 16:57:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\4466f588 [2010/07/19 16:56:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ac6c6d70 [2010/07/19 16:56:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\c1345e70 [2010/07/19 16:53:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\b322ae28 [2010/07/19 16:50:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ebd711f8 [2010/07/19 16:48:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\54f54c70 [2010/07/19 10:07:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\516b7fe0 [2010/07/19 10:07:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\1cb3d600 [2010/07/19 10:06:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\c8155e30 [2010/07/19 10:06:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\afbf7a60 [2010/07/19 10:05:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ac7b8828 [2010/07/19 10:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\9274a1b8 [2010/07/19 03:11:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\4acfdc80 [2010/07/19 03:10:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\cd1119d0 [2010/07/19 03:09:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\51e78208 [2010/07/19 03:09:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\b2bbf670 [2010/07/19 03:06:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ e82be78 [2010/07/19 03:06:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\982601a0 [2010/07/19 03:04:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\176e5bf0 [2010/07/19 03:02:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\ebbb4da0 [2010/07/19 03:00:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\9988af20 [2010/07/19 03:00:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\9b82bc48 [2010/02/03 16:33:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\17115406.exe [2010/02/03 16:33:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\17115406.dat [2009/09/24 02:53:55 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com [2009/09/23 20:43:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\7741265.exe [2009/09/23 20:43:18 | 000,000,066 | ---- | C] () -- C:\WINDOWS\7741265.dat [2009/09/14 22:35:58 | 000,008,168 | ---- | C] () -- C:\WINDOWS\System32\spyzknt.exe [2008/12/09 16:32:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\video_core.dll [2010/04/23 21:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/08/09 16:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7} [2009/09/29 14:11:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E} @Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5 @Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703 @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done