Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rkill logs


  • This topic is locked This topic is locked
18 replies to this topic

#1 bigjeff22

bigjeff22

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 19 February 2014 - 04:26 PM

i get this report when scanning my computer with rkill

Attached Files



BC AdBot (Login to Remove)

 


#2 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 21 February 2014 - 06:53 PM

two days bump...



#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:16 PM

Posted 22 February 2014 - 12:37 AM

Hello bigjeff22, and welcome to Bleeping Computer!

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==========
 
Please let me know the current issues with the computer! Your Rkill log needs more investigating to be sure of the infection that it suggests may be present. This variant is fairly new and the fixes don't always go as planned, but we'll see if we can get this cleaned up!
 
Let's start with FRST:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. Your system requires the 32-bit version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The tool will also generate two other logs if their boxes are checked (Addition.txt and Shortcut.txt - also located in the same directory the tool was run from). Make sure the Addition.txt and the Shortcut.txt boxes are both checked under the "Optional Scan" section.

 

==========
 
When finished, please copy and paste the FRST.txt, but attach the other two logs into your next reply!

bloopie



#4 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 23 February 2014 - 04:02 PM

FRST Logs, and thank you for your assistance

Attached Files



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:16 PM

Posted 23 February 2014 - 05:53 PM

Hello again,

The assistance is my pleasure! :)
 
But, you didn't answer my questions or follow my instructions completely:
 
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
When finished, please copy and paste the FRST.txt, but attach the other two logs into your next reply!

 
Please tell me if you have your Windows Installation disc handy, and please don't attach any logs unless I ask for them attached.
 
==========

Now to business...A Warning!

Going over your logs I noticed that you have µTorrent (a p2p program) installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove µTorrent, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

==========

A file in that FRST log looks suspect, and I'd like to do a search now for a suitable replacement:
  • Please re-run FRST again and type the following in the edit box after Search:
rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your next reply.
bloopie

#6 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 23 February 2014 - 08:00 PM

No i dont have a CD handy, i bought this computer with windows already installed from a close friend and i asked him and he doesn't have it

 

Farbar Recovery Scan Tool (x86) Version: 23-02-2014 02
Ran by User at 2014-02-23 19:59:06
Running from C:\Documents and Settings\User\Mes documents\Downloads\Programs
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 07:00] - [2009-02-09 05:53] - 0401408 ____A (Microsoft Corporation) 0203b1aad358f206cb0a3c1f93cce17a

C:\WINDOWS\system32\dllcache\rpcss.dll
[2008-04-14 07:00] - [2009-02-09 05:53] - 0401408 ___AC (Microsoft Corporation) 0203b1aad358f206cb0a3c1f93cce17a

C:\WINDOWS\ERDNT\cache\rpcss.dll
[2012-04-28 13:38] - [2009-02-09 05:53] - 0401408 ___AC (Microsoft Corporation) 0203b1aad358f206cb0a3c1f93cce17a

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2012-02-20 22:50] - [2009-02-09 05:56] - 0401408 ___AC (Microsoft Corporation) f83b964469d230f445613c44df9fe25d

=== End Of Search ===



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:16 PM

Posted 24 February 2014 - 12:11 AM

Hello again,

 

Okay, thanks for letting me know! :)
 
The file looks okay, so now we will now continue with the running of Combofix:

 

==========

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer.

==========

After running Combofix and posting the log, please let me know how the machine is doing now!

bloopie



#8 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 24 February 2014 - 02:24 PM

hello bloopie,

i closed my browser & diseabled ESET, Combofix even asked me to close it and i clicked "Yes"

but now Combofix is stuck at 32788R22FWJFW & 32788R22FWJFW_N

should i close it with process explorer and use Unlocker to remove the folder in C: ??


Edited by bigjeff22, 24 February 2014 - 02:25 PM.


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:16 PM

Posted 24 February 2014 - 03:40 PM

Hello again,

 

You can stop the processes, and try again to run Combofix. To stop the processes:

 

Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):

  • PEV.exe
  • NirCmd.3XE
  • PEV.3XE
  • SED
  • GREP
  • any file that has the extension *.3XE

One at a time, right-click and select End Process. Once that's done, then try to run the tool again. If it still get's stuck, try to run the tool from Safemode.

 

bloopie



#10 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 24 February 2014 - 08:08 PM

Worked in Safe Mode (couldn't locate any Combofix's process running)

 

ComboFix 14-02-24.02 - User 2014-02-24  16:59:00.1.2 - x86 NETWORK
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.2.1036.18.1023.666 [GMT -5:00]
Lancé depuis: c:\documents and settings\User\Mes documents\Downloads\Programs\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-01-24 au 2014-02-24  ))))))))))))))))))))))))))))))))))))
.
.
2014-02-23 21:14 . 2014-02-24 02:29    --------    d-----w-    c:\program files\Malwarebytes Anti-Exploit
2014-02-21 23:38 . 2014-02-21 23:38    --------    d-----w-    c:\documents and settings\All Users\Application Data\4shared Desktop
2014-02-21 17:01 . 2014-02-21 17:01    --------    d-----w-    c:\program files\ESET
2014-02-21 17:01 . 2014-02-21 17:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\ESET
2014-02-21 15:40 . 2014-02-22 02:31    --------    d-----w-    c:\documents and settings\User\Application Data\Auslogics
2014-02-19 23:49 . 2014-02-19 23:49    --------    d-----w-    c:\windows\snack
2014-02-16 02:15 . 2014-02-16 02:18    30976    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-02-16 02:14 . 2014-02-16 02:14    --------    d-----w-    c:\program files\HitmanPro
2014-02-15 00:19 . 2014-02-22 03:09    --------    d-----w-    c:\program files\SecurityXploded
2014-02-09 18:25 . 2014-02-09 18:25    --------    d-----w-    c:\windows\ERUNT
2014-02-06 19:52 . 2014-02-24 14:05    --------    d-----w-    c:\documents and settings\User\Application Data\IDM
2014-02-06 19:52 . 2014-02-22 01:33    --------    d-----w-    c:\program files\Internet Download Menager
2014-02-05 12:44 . 2013-11-28 00:24    121184    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
2014-02-03 04:13 . 2014-02-03 04:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2014-02-02 04:35 . 2014-02-02 04:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\RegRun
2014-02-02 04:28 . 2014-02-02 04:28    2    --shatr-    c:\windows\winstart.bat
2014-01-30 21:07 . 2014-02-21 16:18    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-30 21:07 . 2014-02-21 16:18    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-30 21:07 . 2014-01-30 21:07    --------    d-----w-    c:\windows\system32\Macromed
2014-01-30 21:06 . 2014-02-20 15:30    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\Adobe
2014-01-28 20:09 . 2014-01-28 20:09    --------    d-----w-    c:\program files\Reason
2014-01-28 20:01 . 2014-01-28 20:10    --------    d-----w-    c:\program files\Realtek
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 21:15 . 2013-10-27 18:13    51416    -c--a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-20 15:00 . 2013-10-18 16:01    181064    -c--a-w-    c:\windows\PSEXESVC.EXE
2014-02-12 08:25 . 2013-12-25 23:49    102688    -c--a-w-    c:\windows\system32\BootDefrag.exe
2014-02-05 23:20 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:19 . 2008-04-14 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:19 . 2008-04-14 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:18 . 2008-04-14 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:25 . 2008-04-14 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2014-01-04 03:12 . 2008-04-14 12:00    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-26 20:08 . 2013-12-26 20:08    187808    -c--a-w-    c:\windows\system32\drivers\edevmon.sys.bak
2013-12-05 11:26 . 2008-04-14 12:00    1172992    ----a-w-    c:\windows\system32\msxml3.dll
2013-12-01 13:10 . 2012-02-21 15:57    218200    -c--a-w-    c:\windows\system32\unrar.dll
2013-11-27 20:21 . 2008-04-14 12:00    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\ERDNT\cache\browser.dll
[-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . 5BD75B0B2B2318D1CAFD99EECF7ED8A8 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
.
[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[-] 2012-10-03 . 9BF964752FEBC8E0265B62EEF034D465 . 1055232 . . [5.1.2600.6293] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2012-10-03 . 9BF964752FEBC8E0265B62EEF034D465 . 1055232 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 9BF964752FEBC8E0265B62EEF034D465 . 1055232 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2012-10-03 . CB4292C6D077188C726B2EE073E5D3BE . 1056768 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
.
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2013-08-05 . 1609206E7DCCDC7278D723C1BC27DA0F . 1289216 . . [5.1.2600.6435] . . c:\windows\ERDNT\cache\ole32.dll
[-] 2013-08-05 . 1609206E7DCCDC7278D723C1BC27DA0F . 1289216 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 1609206E7DCCDC7278D723C1BC27DA0F . 1289216 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 614B59EE3C816F5957CE6F48658CA47F . 1288704 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 210E7ADFEFA2879115612E5C02D410D6 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
.
[-] 2013-07-10 . 1EEFAD995F6956CB9905FB1576535916 . 406016 . . [1.0420.2600.6421] . . c:\windows\ERDNT\cache\usp10.dll
[-] 2013-07-10 . 1EEFAD995F6956CB9905FB1576535916 . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1EEFAD995F6956CB9905FB1576535916 . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . A044F43EACDB453AE6DA308DE9BBD51E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
.
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
.
[-] 2010-12-09 . 274B504ED85A8F839C394C14327E458C . 743424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . 4B4813A9B148654EFEE5D95F44BD7E5D . 743424 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntdll.dll
[-] 2010-12-09 . 4B4813A9B148654EFEE5D95F44BD7E5D . 743424 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . 4B4813A9B148654EFEE5D95F44BD7E5D . 743424 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . E3E022F3F6A63A59D05C6C977FA4F893 . 740352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
.
[-] 2009-02-27 . 609C878E206011B5AECBFCF4D0DE4BF4 . 177152 . . [5.1.2600.5768] . . c:\windows\ERDNT\cache\msctfime.ime
[-] 2009-02-27 . 609C878E206011B5AECBFCF4D0DE4BF4 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 609C878E206011B5AECBFCF4D0DE4BF4 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 090F287059444726842B0179CE7432AA . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
.
[-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2013-07-04 . F83070DB17FA90DC3C819803B980A564 . 2072192 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . F83070DB17FA90DC3C819803B980A564 . 2072192 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-07-04 . 32141205C7771B7E999ACEA3A5494EB9 . 2030592 . . [5.1.2600.6419] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2013-07-04 . 32141205C7771B7E999ACEA3A5494EB9 . 2030592 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-03-07 . 7E8CD5DEFD6A8D5934A25A4B204631A4 . 2072064 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . A026D3FB1B64517FA92EEEECF6B75F8A . 2071808 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2012-08-23 . F230D2BB8137FE732EFA36E19D25A758 . 2071680 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-05-05 . 5D1D102915882A497B89FB10984054DC . 2071168 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . 16DFD7BE5DCF3A203ED07E01200BD6B4 . 2071168 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2011-10-26 . 63471E457082F415738F7F89ACB8FB4F . 2071424 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2010-12-10 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
.
[-] 2013-07-04 . 85855E7EF030030830F8242EE7E3B81A . 2195584 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . 85855E7EF030030830F8242EE7E3B81A . 2195584 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-07-04 . 6B0BA6E43496BB8EBAEE47E44B5F1A0E . 2151936 . . [5.1.2600.6419] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2013-07-04 . 6B0BA6E43496BB8EBAEE47E44B5F1A0E . 2151936 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-03-07 . A17932993BBC36D0EF06686555D13936 . 2195584 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . D942144FEC40C8AA8E737606B2C3AD03 . 2195200 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2012-08-23 . DC5C04F4AEB100C37B636E56F12C36FD . 2195072 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-05-05 . 4905B4A5F06D8F763A03DD66DA6C3683 . 2194688 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . 87699B2568FF945306864A0FE9E96915 . 2194688 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2011-10-26 . F19BB8B35EB140558EDDB3CCA9241DF9 . 2194816 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2009-02-11 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Menager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 543432]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-15 2122824]
"IDMan"="c:\program files\Internet Download Menager\IDMan.exe" [2014-02-22 3829328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bitcoin\\bitcoin-qt.exe"=
"c:\\Documents and Settings\\User\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Daum\\PotPlayer\\daumvsvr.exe"=
"c:\\Program Files\\Daum\\PotPlayer\\PotPlayerMini.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Daum\\PotPlayer\\PotPlayer.exe"=
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-11-20 102728]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\User\Mes documents\Downloads\Compressed\EEK\Run\a2ddax86.sys [2013-04-14 22056]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-09-17 134248]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [2014-02-23 44632]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2014-02-05 121184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2013-10-10 120088]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2012-07-14 19016]
S0 BootDefragDriver;BootDefragDriver; [x]
S1 7273529drv;7273529drv; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 cleanhlp;cleanhlp;c:\documents and settings\User\Mes documents\Downloads\Compressed\EEK\Run\cleanhlp32.sys [2013-07-12 50200]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-11-05 23456]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-02-15 30976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-08-22 22856]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
S3 pimou;Pluralinput Mouse 0.8.5;c:\windows\system32\drivers\pimou.sys [2013-11-01 20920]
.
Contenu du dossier 'Tâches planifiées'
.
2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-30 16:18]
.
2014-02-24 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files\Glary Utilities 4\Initialize.exe [2014-02-12 08:23]
.
2014-02-24 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-02-23 18:41]
.
2014-02-24 c:\windows\Tasks\User_Feed_Synchronization-{E47DE921-53AA-4B64-9357-BD5B4B48229F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
IE: Télécharger avec Internet Download Manager - c:\program files\Internet Download Menager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Menager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.3.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gt9imcgh.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-24 17:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="A0058ED291E4EDE982DDCA7BE7B62440AF15810965A0BE77CE433486AB75950CF703F3AEDED03F842FFB37480C641CDB2E7B9615DC5DAFF58620C2541B5246A48A945CCA094BF34189D70FE601D0D350DE9D08E9E90EA7BA4B2FAEAC0306FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DBA7FD869164D6794A6171C11EC38DE3DA67828845D42DA449FDBB3E55325AD769436E8A3F741D63F4F371A34162AB7112D1D70E5FE3388A93A773C4DC7AD9DC61663B0B86132F9E62CE6D4416F84371BC0D654E10001336A42CB1EA288979DC37BAC4D52BAE044820140E4549CB43E7D8355627583DE5AAE617B92DCCC5BE75D12C643816FA44CE960273E36E192E01B6F5096C4C248AD01932D421960336C67FEE88B7A839A5CDB3385C6D314BB67B8D1006595877A93D1AC0A5017A31ECC9B374E921689A2F57735C5D6C19D11CE024A23B553B278A57352C24F3A0B60DF1506B6BAD12CDF4C45745ABE347DB8C6054E7A630DB587301E7D09488A9F7FAFD589E5D74E293B45AC56B73F05459B35B3284CBAF697B2376C7C9236B3FB48FA40B6A4B3D0D062FDFA92D50FB21BE5B2E3F16181E47548EDDF701C89065248B39DD2BC8B42094245E2B4B156DEB98989D11E886ED37E59BFD8D063A5756554029BF77F0FAE4A129F771CCC364F6F3BBC9AEF13ABE2F33CC721652A64998E033F4895BE65482248C3B4FC2A3EED9E747F4182565853AE0C5962CC388F2EB92E791AEED32562B2A09C775FD275C9BDF13BAB402C070E1A267A2EF7D86993E5F574E7999ADCF7309C4A009ED5D51356B58AA46BF1401CB42D62F4AED7A3CE2A3F266F82F08E23E48021746ABFCC200704BFDA980AFC2E91070111880BE7052CADB8D0E5BB2CA72DD2A7DDC5293DEB8166DFDFB0592F96D95E763C7447520529AF8A8F586221E87AE09A2A0B27FC928DAAA22AEEC9B64AC6201996346871BBF171AF934050C96F533BE62B635955D704E07395E5496CE628FE7223DDCBCABF6AE8EDAB5875F7694EB5B294D0DE85A053DEF3DDF9491BAAE171BEC8DAD456470ACBBE862E456F279BE65502A45CBEF57F3D79A863BF0277E93270D368697E2FDD94D1392737E91DFA2D586E877BA6081C590BF83025D355CD3E2D7398752577870509BB77C793E4C127FCBD7668D8275554653CBF78376E2A58CE3A51661D43B79CFA6B2B760F3B593A36B3BFD2E0C969147ABF473AC6913406E2214D30AFDA3A25F2862146EF813F8E2C7909F0C309A9416C344F719332B292A80219C897A96AA9EE338A3FC03B058EB99D48F9F4A37CC896B235A79E68008B981E16AA85C037F822F9F06C7C12CE6C6E91C92C607B5CDB0334A9E860EB8DC2DB96FBD39C5226A5F0462D5E"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1548)
c:\program files\Internet Download Menager\IDMShellExt.dll
c:\program files\Internet Download Menager\IDMNetMon.DLL
c:\windows\System32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\Mixer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Malwarebytes Anti-Exploit\mbae.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2014-02-24  17:10:33 - La machine a redémarré
ComboFix-quarantined-files.txt  2014-02-24 22:10
.
Avant-CF: 84 099 690 496 octets libres
Après-CF: 82 983 002 112 octets libres
.
- - End Of File - - CF134383D32535BC63CAC7E15EFE9B99
C99C3199CFAA4CBDCD91493F6D113A50
 

The Computer doing ok


Edited by bigjeff22, 24 February 2014 - 08:10 PM.


#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:16 PM

Posted 25 February 2014 - 06:21 PM

Hello again,

Thanks for the log! Now please reboot into normal boot mode, run these tools next, and copy and paste all requested logs in your next reply (please do not attach them):

Step :step1:

I see you have Malwarebytes Antimalware (aka MBAM) installed. Please update the program, run a quick scan (removing anything it finds), and post me the log.

==========

Step :step2:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

==========

Step :step3:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

==========

In your next reply, please include the following logs:

  • The MBAM log
  • The AdwCleaner log
  • The JRT log

bloopie



#12 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 26 February 2014 - 10:24 AM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.26.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: WINDOWS-982420 [administrator]

Protection: Disabled

2014-02-26 10:06:25
mbam-log-2014-02-26 (10-06-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 226583
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by User on 2014-02-26 at 10:16:39,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\gt9imcgh.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-02-26 at 10:23:03,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 26 February 2014 - 10:33 AM

# AdwCleaner v3.019 - Rapport créé le 26/02/2014 à 10:26:22
# Mis à jour le 17/02/2014 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : User - WINDOWS-982420
# Exécuté depuis : C:\Documents and Settings\User\Mes documents\Downloads\Programs\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (fr)

[ Fichier : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gt9imcgh.default\prefs.js ]


*************************

AdwCleaner[R3].txt - [868 octets] - [26/02/2014 10:25:36]
AdwCleaner[S3].txt - [790 octets] - [26/02/2014 10:26:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [849 octets] ##########
 



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:16 PM

Posted 26 February 2014 - 03:15 PM

Hello again,
 
Okay, please run this scan for me next. This is an online scan and can take some time:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

bloopie

#15 bigjeff22

bigjeff22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:16 PM

Posted 26 February 2014 - 05:22 PM

i use ESET smart security as main antivirus but here is the log for Eset online

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5b276061cd4b7a4c8a39391ed8bcfa5b
# engine=17241
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-26 08:51:33
# local_time=2014-02-26 03:51:33 (-0500, Est)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=31729
# found=0
# cleaned=0
# scan_time=1361
# nod_component=V3 Build:0x30000000
 


Edited by bigjeff22, 26 February 2014 - 05:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users