Rorschach112

Volunteer Security Advisor
  • Content Count

    2,176
  • Joined

  • Last visited

Community Reputation

0 Neutral

3 Followers

About Rorschach112

  • Rank
    Advanced Member

Recent Profile Visitors

1,777 profile views
  1. Download [url="http://oldtimer.geekstogo.com/OTL.exe"][b][color="red"]OTL[/color][/b][/url] to your Desktop[list] [*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. [*]Click on [b]Minimal Output[/b] at the top [*]Check the box beside [b]Scan All Users[/b] [*]Under [b]File Age:[/b] change it from 30 Days to [b]90 Days[/b]. [*]Check the boxes beside [b]LOP Check[/b] and [b]Purity Check[/b]. [*]Download the following file [b]scan.txt[/b] to your [b]Desktop[/b]. [url="http://www.geekstogo.com/forum/files/download/395-otl-custom-scan-file-scantxt/"][b]Click here to download it[/b][/url]. You may need to right click on it and select [b]"Save"[/b] [*]Double click inside the Custom Scan box at the bottom [*]A window will appear saying [color="#FF0000"][b]"Click Ok to load a custom scan from a file or Cancel to cancel"[/b][/color] [*]Click the Ok button and navigate to the file [b]scan.txt[/b] which we just saved to your desktop [*]Select [b]scan.txt[/b] and click Open. Writing will now appear under the Custom Scan box [*]Click the [u]Run Scan[/u] button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list] [*]When the scan completes, it will open two notepad windows. [b]OTL.Txt[/b] and [b]Extras.Txt[/b]. These are saved in the same location as OTL. [*]Please copy [b](Edit->Select All, Edit->Copy)[/b] the contents of these files, one at a time and post them in your topic [/list] [/list]
  2. Download ComboFix here : [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url] [url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url] [color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color] [list] [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them [url="http://www.bleepingcomputer.com/forums/topic114351.html"][b]Click me[/b][/url] [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [/list] [color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color] [center][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/center] Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img] Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] log in your next reply.
  3. Download ComboFix here : [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url] [url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url] [color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color] [list] [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them [url="http://www.bleepingcomputer.com/forums/topic114351.html"][b]Click me[/b][/url] [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [/list] [color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color] [center][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/center] Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img] Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] log in your next reply.
  4. [color="#FF0000"][b]Please read carefully and follow these steps.[/b][/color] [list] [*]Download [b][url="http://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSSKiller[/url][/b] and save it to your Desktop. [*]Extract its contents to your desktop. [*]Once extracted, open the TDSSKiller folder and doubleclick on [b]TDSSKiller.exe[/b] to run the application, then on [b]Start Scan.[/b] [img]http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png[/img] [*]If an infected file is detected, the default action will be [b]Cure[/b], click on [b]Continue.[/b] [img]http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png[/img] [*]If a suspicious file is detected, the default action will be [b]Skip[/b], click on [b]Continue.[/b] [img]http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious-1.png[/img] [*]It may ask you to reboot the computer to complete the process. Click on [b]Reboot Now[/b]. [img]http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png[/img] [*]If no reboot is require, click on [b]Report[/b]. A log file should appear. Please copy and paste the contents of that file here. [*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "[b]TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b]". Please copy and paste the contents of that file here. [/list]
  5. Download ComboFix here : [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url] [url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url] [color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color] [list] [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them [url="http://www.bleepingcomputer.com/forums/topic114351.html"][b]Click me[/b][/url] [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [/list] [color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color] [center][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/center] Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img] Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] log in your next reply.
  6. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you !
  7. delete these files D:\1 NTFS\nov2009\drive d\mydownloads\hotrod lincoln johnny bond.wma Infected: Trojan-Downloader.WMA.Wimad.x 1 D:\1 NTFS\nov2009\drive d\mydownloads\redcross store lisa miller.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1 D:\1 NTFS\nov2009\drive d\mydownloads\van morrison these are the day.wma Infected: Trojan-Downloader.WMA.Wimad.x 1 Your logs are clean [b]Follow these steps to uninstall Combofix and tools used in the removal of malware[/b] [color="darkblue"][b][u]Uninstall ComboFix[/u][/b][/color] Remove Combofix now that we're done with it.[list] [*]Please press the [b]Windows Key[/b] and [b]R[/b] on your keyboard. This will bring up the Run... command. [*]Now type in [color="blue"][b]Combofix /Uninstall[/b][/color] in the runbox and click [b]OK[/b]. [color="green"](Notice the space between the "x" and "/")[/color] [img]http://i517.photobucket.com/albums/u338/Eextremeboy/CF_Uninstall-1.jpg[/img] [*]Please follow the prompts to uninstall Combofix. [*]You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. [/list] [list] [*]Download [url="http://oldtimer.geekstogo.com/OTC.exe"][color="#0000FF"][b]OTC[/b][/color][/url] to your desktop and run it [*]Click Yes to beginning the Cleanup process and remove these components, including this application. [*]You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. [/list] [list] [*]Please read my guide on how to [b]prevent malware[/b] and about [b]safe computing[/b] [url="http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/"][color="#FF0000"][b]here[/b][/color][/url] [/list]Thank you for your patience, and performing all of the procedures requested.
  8. Download [url="http://oldtimer.geekstogo.com/TFC.exe"][color="#000000"][b]TFC[/b][/color][/url] to your desktop[list] [*]Open the file and close any other windows. [*]It [b][color="#FF0000"]will close all programs itself[/color][/b] when run, make sure to let it run uninterrupted. [*]Click the Start button to begin the process. The program should not take long to finish its job [*]Once its finished it should [b]reboot your machine[/b], if not, do this yourself to ensure a complete clean [/list] Please download Malwarebytes' Anti-Malware from [url="http://www.malwarebytes.org/mbam-download.php"][color="#2E8B57"][b]Here[/b][/color][/url] Double Click mbam-setup.exe to install the application.[list] [*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b]. [*]The scan may take some time to finish,so please be patient. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b]. [*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) [*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. [*]Copy&Paste the entire report in your next reply. [/list]Extra Note: [color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.[/b][/color] Go to [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][b][color="red"]Kaspersky website[/color][/b][/url] and perform an online antivirus scan. [list=1] [*]Read through the requirements and privacy statement and click on [b]Accept[/b] button. [*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b]. [*]When the downloads have finished, click on [b]Settings[/b]. [*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the [b]Save[/b] button: [list][color="red"]Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases[/color] [/list] [*]Click on [b]My Computer[/b] under [b]Scan[/b]. [*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b]. [*]You will see a list of infected items there. Click on [b]Save Report As...[/b]. [*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button. Then post it here. [/list]
  9. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open [b]notepad[/b] and copy/paste the text in the quotebox below into it: [quote]File:: Folder:: NetSvc:: vycgp jarsry Registry:: Driver::[/quote] Save this as [b]CFScript.txt[/b], in the same location as ComboFix.exe [img]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img] Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at [b]C:\ComboFix.txt[/b] which I will require in your next reply.
  10. 1. Please [b]download[/b] [url="http://swandog46.geekstogo.com/avenger2/download.php"][b][color="#CC0000"]The Avenger[/color][/b][/url] by Swandog46 to your [b]Desktop[/b].[list] [*]Right click on the Avenger.zip folder and select "Extract All..." [*]Follow the prompts and extract the [b]Avenger[/b] folder to your desktop [*]Make sure that the box next to [b]Scan for rootkits[/b] has a tick in it and that the box next to [b]Automatically disable any rootkits found[/b] does not have a tick in it. [/list]2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing ([b]Ctrl+C[/b]): [code]Begin copying here: Drivers to delete: jarsry vycgp[/code] [i][b] [color="#CC0000"]Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/color][/b][/i] 3. Now, open the avenger folder and [b]start The Avenger program[/b] by clicking on its icon.[list] [*]Right click on the window under [b]Input script here:[/b], and select Paste. [*]You can also click on this window and press ([b]Ctrl+V[/b]) to paste the contents of the clipboard. [*]Click on [b]Execute[/b] [*]Answer "[b]Yes[/b]" twice when prompted. [/list]4. [b]The Avenger will automatically do the following[/b]:[list] [*]It will [b][u]Restart your computer[/u][/b]. ( In cases where the code to execute contains "[b]Drivers to Delete[/b]", The Avenger will actually [b]restart your system [u]twice[/u].[/b]) [*]On reboot, it will briefly [b]open a black command window[/b] on your desktop, this is normal. [*]After the restart, it [b][u]creates a log file[/u][/b] that should open with the results of Avenger’s actions. This log file will be located at [b]C:\avenger.txt[/b] [*]The Avenger will also have [b][u]backed up all the files, etc., that you asked it to delete[/u][/b], and will have zipped them and moved the zip archives to [b]C:\avenger\backup.zip[/b]. [/list]5. Please [b]copy/paste[/b] the content of [b]c:\avenger.txt[/b] into your reply Download ComboFix here : [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url] [url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url] [color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color] [list] [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them [url="http://www.bleepingcomputer.com/forums/topic114351.html"][b]Click me[/b][/url] [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [/list] [color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color] [center][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/center] Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img] Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] log in your next reply.
  11. Your logs are clean [b]Follow these steps to uninstall Combofix and tools used in the removal of malware[/b] [color="darkblue"][b][u]Uninstall ComboFix[/u][/b][/color] Remove Combofix now that we're done with it.[list] [*]Please press the [b]Windows Key[/b] and [b]R[/b] on your keyboard. This will bring up the Run... command. [*]Now type in [color="blue"][b]Combofix /Uninstall[/b][/color] in the runbox and click [b]OK[/b]. [color="green"](Notice the space between the "x" and "/")[/color] [img]http://i517.photobucket.com/albums/u338/Eextremeboy/CF_Uninstall-1.jpg[/img] [*]Please follow the prompts to uninstall Combofix. [*]You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. [/list] [list] [*]Open [b]OTL[/b] [*]Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste the following: [code]:Commands [clearallrestorepoints][/code] [*]Click the [b]Run Fix[/b] button at the top [*]It might ask you to reboot, if so click [b]YES[/b] [/list] [list] [*]Open OTL to run it. (Vista users, right click on OTL and "Run as administrator") [*]Click on the CleanUp button. [*]Click Yes to begin the cleanup process and remove tools, including this application [*]You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes [/list] [list] [*]Please read my guide on how to [b]prevent malware[/b] and about [b]safe computing[/b] [url="http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/"][color="#FF0000"][b]here[/b][/color][/url] [/list]Thank you for your patience, and performing all of the procedures requested.
  12. open OTL click the none button paste this in the custom scan box type c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_2010-09-14-17-04-33.log /c type c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_2010-09-17-11-05-58.log /c type c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Service_2010-09-05-14-54-47.log /c click run scan post that log
  13. open OTL click the none button paste this in the custom scan box c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\*.* c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\*.* c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\*.* click run scan post that log
  14. means we are very nearly finished Download [url="http://oldtimer.geekstogo.com/OTL.exe"][b][color="red"]OTL[/color][/b][/url] to your Desktop[list] [*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. [*]Click on [b]Minimal Output[/b] at the top [*]Click the none button at the top [*]Paste this in the custom scan box HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring c:\program files\Trend Micro\*. /s C:\Qoobox\Quarantine\*.* /s c:\documents and settings\All Users\Application Data\Lavasoft\*. /s c:\program files\Lavasoft\*. /s c:\documents and settings\LocalService\Application Data\McAfee\*. /s c:\documents and settings\All Users\Application Data\McAfee\*. /s [*]Click run scan. Post the log it gives [/list]