Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Google has been HIJACKED [Closed]


  • This topic is locked This topic is locked

#16
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts

By the way to my knowledge I have never downloaded safenet sentinel should I?


Ok, then we will clean those leftovers too. :)
Run OTL again
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2010/03/28 13:47:25 | 000,000,114 | ---- | C] () -- C:\Windows\System32\prsgrc.tgz
    [2010/03/28 13:47:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
    [2010/03/28 13:47:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
    [2010/03/28 13:47:24 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
    [2010/03/28 12:57:39 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
    [2010/03/28 12:57:39 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
    [2010/03/28 12:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2010/03/28 12:57:37 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2010/03/28 12:57:36 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\servdat.slm
    [2010/03/28 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\SafeNet Sentinel
    [2010/03/28 13:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
- Maser00
  • 0

Advertisements


#17
Francwaa

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have tried several times since yesterday to run Kasoersky Online Scan and after hours of uninterrupted scan it will just freeze for an hour or more and I would restart using another browser. Today finally I just tried to do a critical file scan just to see if that would work; that to got hung up after 63% completion. I'm frustrated is there another option for scanning my system?
  • 0

#18
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
Of course :), here are a few alternatives (you only need to use one). Also tell me what problems you are still experiencing please.

ESET Online Scanner
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Kaspersky AVP Tool
Save these instructions so you can have access to them while in Safe Mode.
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#19
Francwaa

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
All processes killed
========== OTL ==========
C:\Windows\System32\prsgrc.tgz moved successfully.
C:\Windows\System32\grcauth2.dll moved successfully.
C:\Windows\System32\grcauth1.dll moved successfully.
File C:\Windows\System32\prsgrc.dll not found.
C:\Windows\System32\sysprs7.tgz moved successfully.
C:\Windows\System32\lsprst7.tgz moved successfully.
C:\Windows\System32\sysprs7.dll moved successfully.
File C:\Windows\System32\lsprst7.dll not found.
C:\Windows\System32\servdat.slm moved successfully.
C:\Users\Yesm125\Documents\SafeNet Sentinel\Sentinel RMS Development Kit\Tools folder moved successfully.
C:\Users\Yesm125\Documents\SafeNet Sentinel\Sentinel RMS Development Kit folder moved successfully.
C:\Users\Yesm125\Documents\SafeNet Sentinel folder moved successfully.
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System folder moved successfully.
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit folder moved successfully.
C:\ProgramData\SafeNet Sentinel folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Yesm125
->Temp folder emptied: 117041651 bytes
->Temporary Internet Files folder emptied: 4892111 bytes
->Java cache emptied: 3159804 bytes
->FireFox cache emptied: 86189125 bytes
->Flash cache emptied: 2365 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 201325 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 202.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Yesm125
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.1 log created on 06302010_233635

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#20
Francwaa

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Eset Log

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Yesm125\Downloads\Ultimate.Crackers.Kit.v3.2\[uploaded by - sirqueza] CrackersKit2005\CrackersKit2005.www.cw-network.info\Cracks\HellLabs Proxy Checker v7.4.18\Generador de Serial!!!\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Users\Yesm125\Downloads\Ultimate.Crackers.Kit.v3.2\[uploaded by - sirqueza] CrackersKit2005\CrackersKit2005.www.cw-network.info\Net Tools Suite Pack Abril\NetTools3.exe probably a variant of Win32/Genetik trojan deleted - quarantined
  • 0

#21
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
Are you still experiencing problems now?
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP