Ltangelic

Volunteer Security Advisor
  • Content Count

    209
  • Joined

  • Last visited

Community Reputation

0 Neutral

1 Follower

About Ltangelic

  • Rank
    Advanced Member
  • Birthday 09/03/1991

Contact Methods

  • Website URL
    http://www.geekstogo.com
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Somewhere out there
  • Interests
    Computer and Network Security, Horoscopes, Books... (endless list)<br /><br />
  1. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  2. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  3. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  4. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  5. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  6. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  7. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  8. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  9. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  10. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  11. Hi, Please go [url="http://www.mediafire.com/"]here[/url] and upload your OTS.txt there, I can't seem to download the attached OTS.txt from here.
  12. Hi Avanguard, If you have a paid version of Ad-Aware, you should go [url="http://www.lavasoftsupport.com/index.php?showforum=46"]here[/url] and consult their customer support staff. I don't know why Ad Aware is causing these problems, did you try to uninstall and reinstall it? As for firewalls, do try Sygate and Comodo and see how they work.
  13. Hey [b]mferguson26[/b], Thank you for getting back to me, let's begin. [color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color] Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Avira antivir and Windows Defender[/b]) as it/they may hinder the tools from running. Instructions is in the link below: [url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url] [color="#8B0000"][b][size=5]1) Run ComboFix[/size][/b][/color] Download ComboFix from one of these locations: [url="http://subs.geekstogo.com/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url] [url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url] [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 3[/color][/b][/url] [color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color] [list] [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [/list] [color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color] [CENTER][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/CENTER] Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img] Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] in your next reply. [color="#8B0000"][b][size=5]2) Run OTS[/size][/b][/color] To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to [url="http://www.mediafire.com/"][color="#FF0000"]Mediafire[/color][/url] and post the sharing link. Download [url="http://oldtimer.geekstogo.com/OTS.exe"][b][color="red"]OTS[/color][/b][/url] to your Desktop[list] [*]Close [b]ALL OTHER PROGRAMS[/b]. [*]Double-click on [b]OTS.exe[/b] to start the program. [*]Check the box that says [b]Scan All Users[/b] [*]Under Additional Scans check the following:[list] [*]Reg - Shell Spawning [*]File - Lop Check [*]File - Purity Scan [*]Evnt - EvtViewer (last 10) [/list] [*]Under custom scans copy and paste the following[list][b]netsvcs %SYSTEMDRIVE%\*.exe %SYSTEMDRIVE%\*.* %ProgramFiles%\Movie Maker\*.dll %ALLUSERSAPPDATA%\*.dll %SYSTEMROOT%\*.tmp %PROGRAMFILES%\Internet Explorer\*.dll %DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*. %systemroot%\system32\*.dll /lockedfiles /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles c:\$recycle.bin\*.* /s CREATERESTOREPOINT[/b] [/list] [*]Now click the [b]Run Scan[/b] button on the toolbar. [*]Let it run unhindered until it finishes. [*]When the scan is complete [b]Notepad[/b] will open with the report file loaded in it. [*]Click the [b]Format[/b] menu and make sure that [b]Wordwrap[/b] is not checked. If it is then click on it to uncheck it. [/list]Please [b]attach[/b] the log in your next post. To attach a file, do the following:[list] [*]Click [b]Add Reply[/b] [*]Under the reply panel is the Attachments Panel [*]Browse for the attachment file you want to upload, then click the green [b]Upload[/b] button [*]Once it has uploaded, click the [b]Manage Current Attachments[/b] drop down box [*]Click on [img]http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png[/img] to insert the attachment into your post [/list] [color="#8B0000"][b][size=5]3) Run GMER[/size][/b][/color] Download the [url="http://www.gmer.net/gmer.zip"][color="#FF0000"][b]GMER Rootkit Scanner[/b][/color][/url]. Unzip it to your Desktop. [color="#FF0000"][b]Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.[/b][/color] Double-click [b]gmer.exe[/b]. The program will begin to run. [color="red"][b]**Caution**[/b] These types of scans can produce false positives. Do NOT take any action on any [/color][color="#0000FF"]"<--- ROOKIT"[/color] [color="#FF0000"]entries unless advised![/color] If possible rootkit activity is found, you will be asked if you would like to perform a full scan.[list] [*]Click [b]NO[/b] [*]In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is [b]un-checked[/b]. [*]Now click the Scan button. [i]Once the scan is complete, you may receive another notice about rootkit activity.[/i] [*]Click OK. [*]GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "[b]GMER.txt[/b]" [*]Save it where you can easily find it, such as your desktop. [/list]Post the contents of GMER.txt in your next reply. [b]Next reply (please include in your post):[/b] OTS.txt (attached) ComboFix.txt GMER.txt
  14. Hey [b]psophreak3000[/b], Thank you for your logs. Are you running Avira antivir actively? If not, please tell me so we can install an active anti-virus on your computer. [color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color] Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Windows Defender[/b]) as it/they may hinder the tools from running. Instructions is in the link below: [url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url] [color="#8B0000"][b][size=5]1) Run ComboFix[/size][/b][/color] Download ComboFix from one of these locations: [url="http://subs.geekstogo.com/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url] [url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url] [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 3[/color][/b][/url] [color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color] [list] [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [/list] [color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color] [CENTER][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/CENTER] Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img] Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] in your next reply. [color="#8B0000"][b][size=5]2) Run OTS[/size][/b][/color] To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to [url="http://www.mediafire.com/"][color="#FF0000"]Mediafire[/color][/url] and post the sharing link. Download [url="http://oldtimer.geekstogo.com/OTS.exe"][b][color="red"]OTS[/color][/b][/url] to your Desktop[list] [*]Close [b]ALL OTHER PROGRAMS[/b]. [*]Double-click on [b]OTS.exe[/b] to start the program. [*]Check the box that says [b]Scan All Users[/b] [*]Under Additional Scans check the following:[list] [*]Reg - Shell Spawning [*]File - Lop Check [*]File - Purity Scan [*]Evnt - EvtViewer (last 10) [/list] [*]Under custom scans copy and paste the following[list][b]netsvcs %SYSTEMDRIVE%\*.exe %SYSTEMDRIVE%\*.* %ProgramFiles%\Movie Maker\*.dll %ALLUSERSAPPDATA%\*.dll %SYSTEMROOT%\*.tmp %PROGRAMFILES%\Internet Explorer\*.dll %DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*. %systemroot%\system32\*.dll /lockedfiles /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles c:\$recycle.bin\*.* /s CREATERESTOREPOINT[/b] [/list] [*]Now click the [b]Run Scan[/b] button on the toolbar. [*]Let it run unhindered until it finishes. [*]When the scan is complete [b]Notepad[/b] will open with the report file loaded in it. [*]Click the [b]Format[/b] menu and make sure that [b]Wordwrap[/b] is not checked. If it is then click on it to uncheck it. [/list]Please [b]attach[/b] the log in your next post. To attach a file, do the following:[list] [*]Click [b]Add Reply[/b] [*]Under the reply panel is the Attachments Panel [*]Browse for the attachment file you want to upload, then click the green [b]Upload[/b] button [*]Once it has uploaded, click the [b]Manage Current Attachments[/b] drop down box [*]Click on [img]http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png[/img] to insert the attachment into your post [/list] [color="#8B0000"][b][size=5]3) Run GMER[/size][/b][/color] Download the [url="http://www.gmer.net/gmer.zip"][color="#FF0000"][b]GMER Rootkit Scanner[/b][/color][/url]. Unzip it to your Desktop. [color="#FF0000"][b]Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.[/b][/color] Double-click [b]gmer.exe[/b]. The program will begin to run. [color="red"][b]**Caution**[/b] These types of scans can produce false positives. Do NOT take any action on any [/color][color="#0000FF"]"<--- ROOKIT"[/color] [color="#FF0000"]entries unless advised![/color] If possible rootkit activity is found, you will be asked if you would like to perform a full scan.[list] [*]Click [b]NO[/b] [*]In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is [b]un-checked[/b]. [*]Now click the Scan button. [i]Once the scan is complete, you may receive another notice about rootkit activity.[/i] [*]Click OK. [*]GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "[b]GMER.txt[/b]" [*]Save it where you can easily find it, such as your desktop. [/list]Post the contents of GMER.txt in your next reply. [b]Next reply (please include in your post):[/b] OTS.txt (attached) ComboFix.txt GMER.txt
  15. I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?