kookcmoi

I rerun Roguekiller and deleted the registry entries it found. After that all problems solved. Thanks for your swift support !! Thread can be closed now.

After running MBAM, it found again the malware.packer.gen !!! : Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.08.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hugues :: HUGUES-PC [administrator] 8/11/2012 22:36:19 mbam-log-2012-11-08 (22-36-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202990 Time elapsed: 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Hugues\AppData\Local\Temp\2C78.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully. (end) So it is still not removed after all the previous actions

here is the log file of adwcleaner after deleting babylon (the computer was rebooted by adwcleaner by the way): # AdwCleaner v2.007 - Logfile created 11/08/2012 at 22:03:11 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Hugues - HUGUES-PC # Boot Mode : Normal # Running from : C:\Users\Hugues\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Babylon ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [1166 octets] - [08/11/2012 21:54:18] AdwCleaner[s1].txt - [1119 octets] - [08/11/2012 22:03:11] ########## EOF - C:\AdwCleaner[s1].txt - [1179 octets] ##########

Here are the MBAM and Adwcleaner logs: What to do next ? AdwCleanerR1.txt mbam-log-2012-11-08 (21-52-59).txt

Here is the combofix report: What to do next ? ComboFix.txt

Here are the logs of TDSSkiller: (it cleaned the MBR and found 3 suspicious files that I skipped) What to do next ? (thx for the fast support) TDSSKiller.2.8.15.0_08.11.2012_21.07.45_log.txt TDSSKiller.2.8.15.0_08.11.2012_21.11.22_log.txt TDSSKiller.2.8.15.0_08.11.2012_21.13.46_log.txt

here is the log after running roguekiller : RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Hugues [Admin rights] Mode : Scan -- Date : 08/11/2012 20:27:58 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: INTEL SSDSA2M080G2GC ATA Device +++++ --- User --- [MBR] 6525717c47f37f7b1fc6a2e247aabd60 [bSP] b4027393bba01e48a2e16422fb5c271d : Xpaj MBR Code! Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] 3bc76023f3d493c60eb4a339b7f9b91d [bSP] 16b0be6f9dd73c671624984853a4afeb : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: ST3750640AS ATA Device +++++ --- User --- [MBR] ea134ea6bfc0dbe086499efc739fd7cb [bSP] aba6c4bb1f04355525f4bbc9325c8894 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1465128960 | Size: 8 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_08112012_202758.txt >> RKreport[1]_S_08112012_202758.txt What should I do next ?

Here are the two logs : dds.txt and attach.txt What should I do to get rid of this malware ? Thx dds.txt attach.txt