Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware.generic wont delete


  • This topic is locked This topic is locked
21 replies to this topic

#1 MrSjaakBraak

MrSjaakBraak

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 26 November 2013 - 04:03 PM

I am using Windows 8.1

 

After downloading some software I encountered a virus, and several annoying programmes were installed. programmes like Mobogenie and some others. I think i've deleted most of the viruses/crap. But when running a scan with Anvi smart defender, i encounter these viruses:

 

DB Version: 1.04.0297
Type:746972  Name:Malware.Generic   Path:HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
Type:746983  Name:Malware.Generic   Path:HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
Type:296012  Name:Trojan.BuzusCafc   Path:C:\WINDOWS\System32\trkwks.dll 
 
When I try to repair these viruses, nothing happens. It says they're deleted. But when I scan again, they reappear. What should I do?
 
What else have i done? I've also scanned with AVG, which gives no detections.
 
Thanks in advance!

Edited by MrSjaakBraak, 26 November 2013 - 04:10 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:31 PM

Posted 26 November 2013 - 06:36 PM

Hello MrSjaakBraak and Welcome -

Are you fully aware of what Mobogenie program is designed for ??

I must first assume that you are in P.R.China where the program comes from.

 

Mobogenie is a program designed for Android Phones, rather than computers.

Lets see if we can locate where it is, plus the others that you mention .......

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt;

* Please Copy and Paste the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Download MiniToolBox, Save it to your desktop to run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
Click Go and Copy and Paste the result (Result.txt).

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

 

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista / Windows 7 / 8 users, right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
** Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After auto rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile only in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

* Shut down your protection software now to avoid potential conflicts.
** How To Temporarily Disable Your Anti-virus **
* Please download Junkware Removal Tool to your desktop.
* Run the tool by double-clicking it.
* If you are using Windows Vista, 7, or 8, right click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

Turn your Antivirus back on when finished .........

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM)

Do not tick the Free Pro Version option at this time
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.

 

We can review this once you have finished these steps -

 

Thank You -


Edited by noknojon, 26 November 2013 - 07:00 PM.


#3 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 November 2013 - 10:03 AM

First of all, thanks for your help!

I'm not from China, but from The Netherlands, but I guess that doesn't matter. About Mobogenie, I guess it's a programme for transferring data from your smartphone to your computer, but that's not important, I just wanna get rid of it.

 

Now i'll perform everything you told me, and then i'll post the reports.



#4 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 November 2013 - 10:38 AM

The first Security check takes very long to prepare. It's preparing for 30 minutes now, is that normal, or am I doing something wrong?

 

Edit: Still not doing anything.


Edited by MrSjaakBraak, 27 November 2013 - 12:48 PM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:31 PM

Posted 27 November 2013 - 02:41 PM

Hello -

First - I only mentioned China, as it is very popular there -

 

Next - Cancel the Security Check program for now, we can do it later if needed.

Most items will show in the next program.

Right click and "Run as Administrator" if you do have program problems.

 

Thank You -



#6 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 November 2013 - 04:38 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Matthijs (administrator) on 27-11-2013 at 22:09:34
Running from "C:\Users\Matthijs\Desktop"
Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="LAN-verbinding* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Matthijs
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter LAN-verbinding* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-85-DE-50-FA-60
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family-controller
   Physical Address. . . . . . . . . : 50-46-5D-E0-11-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless-netwerkadapter
   Physical Address. . . . . . . . . : DC-85-DE-50-FA-60
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71b8:2734:3158:a481%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.26(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 27 November 2013 21:49:32
   Lease Expires . . . . . . . . . . : 27 November 2013 23:19:31
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 266110430
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F6-D1-39-DC-85-DE-50-FA-60
   DNS Servers . . . . . . . . . . . : 62.179.104.196
                                       213.46.228.196
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{0D592123-CD47-4A06-B73F-AF7749CD70C5}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter LAN-verbinding* 12:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:4eb:eea:e77b:f5f6(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::4eb:eea:e77b:f5f6%6(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 100663296
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F6-D1-39-DC-85-DE-50-FA-60
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  ns01.upclive.nl
Address:  62.179.104.196
 
Name:    google.com
Addresses:  2a00:1450:4013:c00::66
 173.194.65.113
 173.194.65.102
 173.194.65.101
 173.194.65.100
 173.194.65.138
 173.194.65.139
 
 
Pinging google.com [173.194.65.113] with 32 bytes of data:
Reply from 173.194.65.113: bytes=32 time=18ms TTL=48
Reply from 173.194.65.113: bytes=32 time=18ms TTL=48
 
Ping statistics for 173.194.65.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server:  ns01.upclive.nl
Address:  62.179.104.196
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=139ms TTL=52
Reply from 98.138.253.109: bytes=32 time=136ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 136ms, Maximum = 139ms, Average = 137ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...1e 85 de 50 fa 60 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...50 46 5d e0 11 78 ......Realtek PCIe GBE Family-controller
  2...dc 85 de 50 fa 60 ......Qualcomm Atheros AR9485 Wireless-netwerkadapter
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.26     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.26    281
     192.168.1.26  255.255.255.255         On-link      192.168.1.26    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.26    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.26    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.26    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:90d7:4eb:eea:e77b:f5f6/128
                                    On-link
  2    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::4eb:eea:e77b:f5f6/128
                                    On-link
  2    281 fe80::71b8:2734:3158:a481/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    281 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/27/2013 10:05:32 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: BurnoutParadise.exe, versie: 1.1.0.0, tijdstempel: 0x49c137ad
Naam van module met fout: BurnoutParadise.exe, versie: 1.1.0.0, tijdstempel: 0x49c137ad
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0043918a
Id van proces met fout: 0x2724
Starttijd van toepassing met fout: 0xBurnoutParadise.exe0
Pad naar toepassing met fout: BurnoutParadise.exe1
Pad naar module met fout: BurnoutParadise.exe2
Rapport-id: BurnoutParadise.exe3
Volledige pakketnaam met fout: BurnoutParadise.exe4
Relatieve toepassings-id van pakket met fout: BurnoutParadise.exe5
 
Error: (11/26/2013 08:55:56 PM) (Source: Application Hang) (User: )
Description: Het programma IEXPLORE.EXE, versie 11.0.9600.16384 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 2164
 
Starttijd: 01ceeae17dec03d7
 
Eindtijd: 7
 
Toepassingspad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Rapport-id: c0f8a7a5-56d4-11e3-be90-50465de01178
 
Volledige pakketnaam met fout: 
 
Relatieve toepassings-id van pakket met fout:
 
Error: (11/25/2013 08:25:35 PM) (Source: ESENT) (User: )
Description: taskhostex (10944) WebCacheLocal: De database-engine heeft een sessie (0) met fout (-510) stopgezet.
 
 
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.203, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.016, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
Error: (11/25/2013 08:25:34 PM) (Source: ESENT) (User: )
Description: taskhostex (10944) WebCacheLocal: De volgorde van de logboekbestanden in C:\Users\Matthijs\AppData\Local\Microsoft\Windows\WebCache\ is gestopt vanwege een onherstelbare fout. Er kunnen geen updates meer worden uitgevoerd voor de databases die deze logboekbestandsvolgorde gebruiken. Los het probleem op en start het systeem opnieuw op, of voer een herstelbewerking uit vanuit de back-up.
 
Error: (11/25/2013 08:25:34 PM) (Source: ESENT) (User: )
Description: taskhostex (10944) WebCacheLocal: Fout -1811 (0xfffff8ed) is opgetreden tijdens het openen van een nieuw logboekbestand C:\Users\Matthijs\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (11/25/2013 08:23:15 PM) (Source: Application Hang) (User: )
Description: Het programma LiveComm.exe, versie 17.4.9600.16384 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 29fc
 
Starttijd: 01ceea1304a27504
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: 00c825dc-5607-11e3-be8f-50465de01178
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/25/2013 06:57:36 PM) (Source: Application Hang) (User: )
Description: Het programma LiveComm.exe, versie 17.4.9600.16384 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 1398
 
Starttijd: 01ceea0660870d7a
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: 55f1a503-55fa-11e3-be8f-50465de01178
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/24/2013 06:29:28 PM) (Source: Application Hang) (User: )
Description: Het programma LiveComm.exe, versie 17.4.9600.16384 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 2184
 
Starttijd: 01cee934e11f2457
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: f6fb2e81-552d-11e3-be8f-50465de01178
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/24/2013 05:15:14 PM) (Source: Application Hang) (User: )
Description: Het programma LiveComm.exe, versie 17.4.9600.16384 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 2410
 
Starttijd: 01cee92fa4a11f46
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: 9896d372-5523-11e3-be8f-50465de01178
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/24/2013 02:09:39 PM) (Source: Application Hang) (User: )
Description: Het programma LiveComm.exe, versie 17.4.9600.16384 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 868
 
Starttijd: 01cee907b88306f7
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: 61fb6d1a-5509-11e3-be8f-50465de01178
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (11/27/2013 09:52:40 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 09:52:10 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 09:51:40 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 09:51:10 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 06:54:05 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 06:53:35 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 06:51:44 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 06:51:14 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 06:50:44 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2013 06:50:14 PM) (Source: DCOM) (User: MATTHIJS)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (11/27/2013 10:05:32 PM) (Source: Application Error)(User: )
Description: BurnoutParadise.exe1.1.0.049c137adBurnoutParadise.exe1.1.0.049c137adc00000050043918a272401ceebb45b2acbd8C:\Program Files (x86)\Origin Games\Burnout Paradise\BurnoutParadise.exeC:\Program Files (x86)\Origin Games\Burnout Paradise\BurnoutParadise.exea666b762-57a7-11e3-be90-50465de01178
 
Error: (11/26/2013 08:55:56 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.16384216401ceeae17dec03d77C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEc0f8a7a5-56d4-11e3-be90-50465de01178
 
Error: (11/25/2013 08:25:35 PM) (Source: ESENT)(User: )
Description: taskhostex10944WebCacheLocal: 0-510[1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.203, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.016, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
Error: (11/25/2013 08:25:34 PM) (Source: ESENT)(User: )
Description: taskhostex10944WebCacheLocal: C:\Users\Matthijs\AppData\Local\Microsoft\Windows\WebCache\
 
Error: (11/25/2013 08:25:34 PM) (Source: ESENT)(User: )
Description: taskhostex10944WebCacheLocal: C:\Users\Matthijs\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)
 
Error: (11/25/2013 08:23:15 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.1638429fc01ceea1304a275044294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe00c825dc-5607-11e3-be8f-50465de01178microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/25/2013 06:57:36 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.16384139801ceea0660870d7a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe55f1a503-55fa-11e3-be8f-50465de01178microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/24/2013 06:29:28 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.16384218401cee934e11f24574294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exef6fb2e81-552d-11e3-be8f-50465de01178microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/24/2013 05:15:14 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.16384241001cee92fa4a11f464294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe9896d372-5523-11e3-be8f-50465de01178microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/24/2013 02:09:39 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.1638486801cee907b88306f74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe61fb6d1a-5509-11e3-be8f-50465de01178microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-25 19:28:15.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-25 19:02:58.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-25 18:58:51.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-25 18:44:41.906
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-25 18:38:47.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 20:01:03.426
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-03 14:59:49.703
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-03 13:41:58.106
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.2.30303)
Adobe Reader X MUI (Version: 10.0.0)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Anvi Smart Defender 1.9.3 (Version: 1.9.3)
ASUS Instant Connect (Version: 1.2.8)
ASUS InstantOn (Version: 3.0.2)
ASUS LifeFrame3 (Version: 3.1.4)
ASUS Live Update (Version: 3.1.7)
ASUS Power4Gear Hybrid (Version: 2.0.3)
ASUS Smart Gesture (Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (Version: 1.03.0002)
ASUS Tutor (Version: 1.0.7)
ASUS USB Charger Plus (Version: 2.1.4)
ASUS WebStorage Sync Agent (Version: 1.1.9.120)
ASUSDVD (Version: 10.0.4126.52)
AsusVibe2.0 (Version: 2.0.10.168)
ATK Package (Version: 1.0.0022)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Burnout™ Paradise: The Ultimate Box (Version: 1.1.0.0)
CambridgeSoft Activation Client (Version: 12.0)
CambridgeSoft ChemBioDraw Ultra 12.0 (Version: 12.0)
Glary Utilities 4.0 (Version: 4.0.0.53)
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.22.3)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 10.18.10.3308)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Mathematica Extras 9.0 (4055459) (Version: 9.0.1)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mirror's Edge™ (Version: 1.0.1.0)
NVIDIA Grafisch stuurprogramma 327.02 (Version: 327.02)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (Version: 9.12.0613)
NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
NVIDIA-configuratiescherm 327.02 (Version: 327.02)
Ominent toolbar   (Version: 1.8.25.6)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Origin (Version: 9.3.10.4710)
Pro Cycling Manager - Seizoen 2013 versie 1.0.2.0 (Version: 1.0.2.0)
Qualcomm Atheros Client Installation Program (Version: 10.0)
Realtek Ethernet Controller Driver (Version: 8.2.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6685)
Realtek PCIE Card Reader (Version: 6.2.8400.27024)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared C Run-time for x64 (Version: 10.0.0)
Speccy (Version: 1.22)
Spotify (Version: 0.9.6.72.ge389c074)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Synei System Utilities (Version: 1.17)
Synology Cloud Station (remove only)
Synology Data Replicator  3 (Version: 1.0.0.0)
Team Fortress 2
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Widevine Media Optimizer Chrome 6.0.0 (Version: 6.0.0.12442)
Windows-stuurprogrammapakket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)
WinFlash (Version: 2.41.1)
Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (Version: 9.0.1)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 75%
Total physical RAM: 6029.63 MB
Available physical RAM: 1504.49 MB
Total Pagefile: 7693.63 MB
Available Pagefile: 2200 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.44 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:95.26 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:247.86 GB) NTFS
4 Drive f: (CivilizationV) (CDROM) (Total:2.86 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
Gebruikersaccounts voor \\MATTHIJS
 
Administrator            Gast                     Matthijs                 
UpdatusUser              
De opdracht is voltooid.
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****

I see part of it is in Dutch, is that a problem, if you don't understand anything i'll translate it for you! I'll run the other programmes tomorrow.


Edited by MrSjaakBraak, 27 November 2013 - 04:40 PM.


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:31 PM

Posted 27 November 2013 - 06:50 PM

Hi -

I normally use Google Translate for most things, and it is OK.

 

Just keep on with the next few programs, as I already have a small list for you -

 

Thank You -



#8 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 28 November 2013 - 12:24 PM

Rkill 2.6.3 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/28/2013 06:20:08 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Matthijs\Downloads\SecurityCheck.exe (PID: 6376) [UP-HEUR]
 * C:\Users\Matthijs\Downloads\SecurityCheck (1).exe (PID: 7744) [UP-HEUR]
 * C:\Users\Matthijs\Desktop\SecurityCheck (1).exe (PID: 9788) [UP-HEUR]
 * C:\Users\Matthijs\Desktop\SecurityCheck (1).exe (PID: 4588) [UP-HEUR]
 * C:\Users\Matthijs\AppData\Local\Temp\RarSFX3\SecurityCheck\Objlist.exe (PID: 10180) [UP-HEUR]
 
5 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Matthijs\Desktop\rkill\rkill-11-28-2013-06-20-21.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * AllUserInstallAgent [Missing Service]
 * SDRSVC [Missing Service]
 * adp94xx [Missing Service]
 * adpahci [Missing Service]
 * adpu320 [Missing Service]
 * arc [Missing Service]
 * AsyncMac [Missing Service]
 * discache [Missing Service]
 * HdAudAddService [Missing Service]
 * iirsp [Missing Service]
 * LSI_SCSI [Missing Service]
 * nfrd960 [Missing Service]
 * PptpMiniport [Missing Service]
 * RasAgileVpn [Missing Service]
 * Rasl2tp [Missing Service]
 * RasSstp [Missing Service]
 * Wanarp [Missing Service]
 * Wanarpv6 [Missing Service]
 * Wd [Missing Service]
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 
 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch [Incorrect ImagePath]
 * WSService => %SystemRoot%\System32\svchost.exe -k wsappx [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/28/2013 06:21:27 PM
Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s)


#9 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 28 November 2013 - 12:39 PM

# AdwCleaner v3.013 - Report created 28/11/2013 at 18:34:02
# Updated 24/11/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Matthijs - MATTHIJS
# Running from : C:\Users\Matthijs\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : srvPlgProtect
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\StarApp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044180.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044180.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044180.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044180.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411180}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412280}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415580}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416680}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414480}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411180}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411411180}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411180}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412280}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415580}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416680}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\SoftwareUpdater
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Matthijs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3862 octets] - [28/11/2013 18:23:40]
AdwCleaner[S0].txt - [3684 octets] - [28/11/2013 18:34:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3744 octets] ##########


#10 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 28 November 2013 - 01:09 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by Matthijs on 28/11/2013 at 18:48:32.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Matthijs\AppData\Roaming\wedownload ltd"
Successfully deleted: [Folder] "C:\Program Files (x86)\wedownload ltd"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/11/2013 at 19:07:47.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 28 November 2013 - 02:21 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Databaseversie: v2013.11.28.09
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
Matthijs :: MATTHIJS [administrator]
 
28/11/2013 19:12:21
mbam-log-2013-11-28 (19-12-21).txt
 
Scan type: Volledige scan (C:\|D:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 413177
Verstreken tijd: 1 uur/uren, 5 minuut/minuten, 35 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 12
HKCR\CLSID\{271FF4A7-3AA1-4DA8-B272-B10D2025C9D6} (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ominent.ominentHlpr.1 (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ominent.ominentHlpr (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\esrv.ominentESrvc (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\esrv.ominentESrvc.1 (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ominent.ominentappCore (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ominent.ominentappCore.1 (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ominent.ominentdskBnd (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ominent.ominentdskBnd.1 (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\weDownload Ltd\ominent (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Google\chrome\Extensions\pfbeipanohfeidpadabjjooclppdoghg (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\weDownload Ltd\ominent (PUP.Optional.Ominent.A) -> Succesvol in quarantaine geplaatst en verwijderd.
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Bestanden gedetecteerd: 6
C:\$Recycle.Bin\S-1-5-21-2308299605-3155658632-1226791026-1002\$RI6PFA0.exe (PUP.Optional.Bundler) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$Recycle.Bin\S-1-5-21-2308299605-3155658632-1226791026-1002\$RR22JTO\Uninstall.exe (PUP.Optional.CrossRider) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$Recycle.Bin\S-1-5-21-2308299605-3155658632-1226791026-1002\$RR22JTO\utils.exe (PUP.Optional.TubeSing.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Matthijs\Downloads\chemsketch setup (1).exe (PUP.Soft32Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Matthijs\Downloads\chemsketch setup.exe (PUP.Soft32Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Matthijs\Downloads\DAEMONToolsUltra110-0103.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
 
(einde)


#12 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 28 November 2013 - 03:48 PM

As I was wondering whether the 3 threats found by Anvi Smart Defender were already gone, I scanned my computer again. It seems the Malwaregeneric's are gone, but the Trojan is still there:

 

DB Version: 1.04.0297
Type:296012  Name:Trojan.BuzusCafc   Path:C:\WINDOWS\System32\trkwks.dll 


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:31 PM

Posted 28 November 2013 - 06:24 PM

Hi -
From Kaspersky labs on Trojan.Win32.Buzus.cafc
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.

 

 

Here is the latest Virus Total result based on Trojan.Win32.Buzus.cafc

As always, please take care if there are punctuation marks or spaces in the results.
There are several other versions depending on how I enter it in the search boxes -

 

Your RKill log shows many Missing Services that we can chase if you still have problems.

 

Thank You -



#14 MrSjaakBraak

MrSjaakBraak
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 29 November 2013 - 10:27 AM

Thanks for your time!

 

I'm not sure if I understand you. I'd like to get rid of the Trojan. And i didn't make any typos. Do you know how to get rid of it?

 

I don't know what problems we can solve by chasing the missing services, if we could kill the trojan i'd wanna do that.

 

After running a full scan with anvi smart defender, I found 2 viruses

 

DB Version: 1.04.0297
Type:296012  Name:Trojan.BuzusCafc   Path:C:\Windows\System32\trkwks.dll 
Type:296012  Name:Trojan.BuzusCafc   Path:C:\Windows\WinSxS\AM1D69~1.163\trkwks.dll 


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:31 PM

Posted 29 November 2013 - 10:32 PM

Hello -

I am unable to get over some of the listed problems that should be clean by now, so I would like you to post this topic over at the Experts area so they can go deeper into the problem -

 

Please follow the instructions in the Preparation Guide starting at Step #6.

 

If you are unable to complete any step, please post the topic and leave a full description of your problems

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

 

 Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

 If Help Bot responds to your topic, please follw his Step #1 so the team will be notified.

 

 After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

 
Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users