Jump to content


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

About SweetTech

  • Rank

Previous Fields

  • Teams:
    Nothing Selected
  1. You are more than welcome. I'm glad I was able to be of assistance. Since this issue appears resolved ... this Topic is closed.
  2. Hello, Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below. NEXT: Remove Program We need to remove a program. To do this please do the following: Click Start Go to Control Panel Go to Add/Remove Programs Find and click Remove for the following (if present): Adobe Reader 8.1.1 NEXT: Time for some housekeeping The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall NEXT: OTL Clean-Up Clean up with OTL: Double-click OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer. If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now. NEXT: All Clean Speech ===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <=== Below I have included a number of recommendations for how to protect your computer against malware infections. It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft articleStrong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe. Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/This will ensure your computer has always the latest security updates available installed on your computer. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to which is your local computer, meaning it will be difficult to infect yourself in the future. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:Think Prevention. PC Safety and Security--What Do I Need?. **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Thank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you. Cheers, SweetTech.
  3. Hello, For IE issue: Copy the following bolded text below: "%programfiles%\internet explorer\iexplore.exe" On your desktop right-click on a blank space, point to New, and then Click Shortcut. In the Create Shortcut Wizard, right-click the Type the location of the item box, and then click Paste to paste the command that you copied in step 1. Click Next. In the Type a name for this shortcut box, type Internet Explorer. Click Finish. A shortcut to Internet Explorer is created on your desktop. Malwarebytes' Anti-Malware I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform quick scan, then click on Scan Leave the default options as it is and click on Start Scan When done, you will be prompted. Click OK, then click on Show Results Checked (ticked) all items and click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT: ESET Online Scanner I'd like us to scan your machine with ESET Online Scan Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs. Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Make sure that the option "Remove found threats" is Unchecked Push the Start button. ESET will then download updates for itself, install itself, and beginscanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such asESETScan. Include the contents of this report in your next reply. Push the button. Push NEXT: Security Check Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. NEXT: OTL Custom Scan We need to run an OTL Custom Scan Please reopen on your desktop. Copy and Paste the following bolded text into the textbox. netsvcs drivers32 /all %SYSTEMDRIVE%\*.* %systemroot%\system32\*.wt %systemroot%\system32\*.ruy %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\system32\spool\prtprocs\w32x86\*.tmp %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 %systemroot%\system32\ws2help.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs Push A report will open. Copy and Paste that report in your next reply. Please make sure you include the following items in your next post: 1. Any comments or questions you may have that you'd like for me to answer in my next post to you. 2. The log that is produced after running the MalwareBytes' Anti-Malware scan. 3. The log that is produced after running the ESET Online Virus Scanner. 4. The log that is produced after running the SecurityCheck scan. 5. The log that is produced after running the OTL scan. 6. An update on how your computer is currently running. It would be helpful if you could answer each question in the order asked, as well as numbering your answers. Cheers, SweetTech.
  4. Running ComboFix Download ComboFix from one of the following locations: Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  5. What's happening when you attempt to download from the TDSSKiller links?
  6. Can you please attempt to re-run the OTL script above. You will want to ensure that you run it as a fix rather than as a scan. Are you saying that Trend Micro is detecting TDSSKiller.exe as being infected? If that's the case please delete the current copy you have. Download a new copy, and then disable your Trend Micro, run TDSSKiller, reboot your machine, and re-enable Trend Micro.
  7. You don't need to quote my posts. I'd actually prefer if you didn't do it, unless necessary. I'm going to go ahead and remove the one above and your previous one as well, just to keep this thread tidy.
  8. Hello, OTL Fix We need to run an OTL Fix Please reopen on your desktop. Copy and Paste the following code into the textbox. Do not include the word "Code" :Services :OTL FF - prefs.js..network.proxy.no_proxies_on: "http://localhost," O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not found O4 - HKCU..\Run: [Sonic RecordNow!] File not found O4 - HKLM..\RunOnceEx: [] File not found O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.veri...pdate_1-0-0.cab (Reg Error: Value error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O33 - MountPoints2\{2b450097-e026-11dc-96e3-0007e9540d2b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found :Reg :Files :Commands [purity] [emptytemp] [EMPTYFLASH] [start explorer] [Reboot] Push OTL may ask to reboot the machine. Please do so if asked. Click . A report will open. Copy and Paste that report in your next reply. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. NEXT: Running TDSSKiller Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below. Download TDSSKiller from one of the links below: Zipped Version or Executable (Not Zipped) Version Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it. Please ensure that you save the TDSSKiller file to you desktop. If TDSSKiller asks you to close all programs please allow it to do so. If you see the following: To finalize removal of infection and avoid loosing of data program will reboot your PC now. Close all programs and choose Y to restart or N to continue. Please enter Y and allow TDSSKiller to reboot your computer. Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt. Please post the content of the TDSSKiller log. NEXT: Java Outdated Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Look for "JDK 6 Update 21 (JDK or JRE)". Click the "Download JRE" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version. If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. When the Java Setup - Welcome window opens, click the Install > button. If offered to install a Toolbar, just uncheck the box before continuing unless you want it. -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer. NEXT Clean Java Cache & Temporary Files After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. NEXT: Please download JavaRa and unzip it to your desktop. ***Please close any instances of Internet Explorer before continuing!*** Double-click on JavaRa.exe to start the program. From the drop-down menu, choose English and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location and post it in your next reply.
  9. Did you have a chance to run the programs in my previous post? If so, could you please post the logs for me to analyze.
  10. Hello, My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. If you have already received help elsewhere please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below: Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please make sure to carefully read any instruction that I give you.Reading too lightly will cause you to miss important steps, which could have destructive effects. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar. Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date! If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly. Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post. I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together Because of this, you must reply within three days failure to reply will result in the topic being closed! Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available. ____________________________________________________ OTL Custom Scan Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under Custom Scan paste this in netsvcs drivers32 /all %SYSTEMDRIVE%\*.* %systemroot%\system32\*.wt %systemroot%\system32\*.ruy %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\system32\spool\prtprocs\w32x86\*.tmp %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.dat %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 %systemroot%\system32\ws2help.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in. NEXT: Scanning with GMER Please download GMER from one of the following locations and save it to your desktop: Main MirrorThis version will download a randomly named file (Recommended) Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled. -- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning . NEXT: Please make sure you include the following items in your next post: 1. Any comments or questions you may have that you'd like for me to answer in my next post to you. 2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt) 3. The log that was produced after running GMER 4. An update on how your computer is currently running. It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  11. Glad we could help. Since this issue appears resolved ... This Topic is closed.
  12. I'm not really sure when it comes to your smartphone. Sorry.
  13. Your logs were showing me a few left over entries in your registry, I wasn't really seeing too much. There was something else that I wanted to mention to you. In Gmail there is a feature that allows you to see what IP Addresses are logged into your account at the moment. This feature is towards the bottom of the page and will read something like the following: Last account activity: 0 minutes ago at this IP (xx.xx.xx.xx). Details Where x denotes your IP Address. If you click on Details it will bring up a page that shows you the time and date of a log in to your account as well as the IP Address. I'm not sure if your aware of this or not, but thought I'd mention it to you anyways.
  14. No, I don't believe that the two programs will clash.
  15. You are more than welcome. I think that it might have been a coincidence, but if you haven't already done so I'd make sure that you change your Gmail password. The best advice I can give you is to make sure that you don't open up e-mail attachments from people you don't know, don't visit dodgy websites, and make sure you keep your security programs up-to-date. Sorry about giving you the wrong instructions.
  • Create New...