-
Posts
16 -
Joined
-
Last visited
Reputation
0 Neutral-
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Great, thanks a lot, about that CDrom emulation, I haven't done it myself, is it something I should fix? Thanks a million -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
-
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Trend Micro Titanium Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 43 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox 21.0 Firefox out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Alright, Should I press "delete" after the scan? And what about the MBR.dat on my desktop, should I delete it now? I will be sending you a thank you by paypal tomorrow, your help is greatly appreciate MrC -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
# AdwCleaner v2.303 - Logfile created 06/28/2013 at 20:04:53 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Darker - DARKER-PC # Boot Mode : Normal # Running from : C:\Users\Darker\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Darker\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar ***** [Registry] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Found : HKLM\Software\PIP Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Darker\AppData\Roaming\Mozilla\Firefox\Profiles\sadonez3.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1792 octets] - [28/06/2013 20:04:07] AdwCleaner[R2].txt - [1725 octets] - [28/06/2013 20:04:53] ########## EOF - C:\AdwCleaner[R2].txt - [1785 octets] ########## From the above, my only concern is Zonealarm entry, would it interfere with the FW? -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Nevermind the above, it seems for some reason the Wireless Router on laptop was software-turned off, I did the "Diagnose" and windows turned it back on. The PC stutters, it acts weird, my concern is that I have something that's not detected, I run Spyware Search and Destroy every week so I doubt I have any spyware but I will run AdwCleaner and give you the results. Any common reason for why GMER causes the BSOD when full-scanning C:\ and D:\ ? -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Hi, I will run AdwCleaner, however I want to inform you, I had a wireless network I created from my laptop (adhoc) so I can connect from my Iphone and Ipad. This connection is no longer working after running the few proggies above, I deleted it and tried to re-add it, and it results in an error: Windows could not setup (connection name). Are my wireless drivers deleted? I am connected with a cable for now, but I am concerned. -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Hi, No malware was found, 6 suspicious items were found but I recognized them all as drivers for stuff I use. Here are the logs. TDSSKiller.2.8.18.0_28.06.2013_16.30.55_log.txt TDSSKiller.2.8.18.0_28.06.2013_16.33.39_log.txt -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Ok, I did, here's the log: ComboFix.txt -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Sorry, I run it but I forgot to run it from desktop, it kept resulting in Commandline standard stream splitter error. However, it finished with the following logs, should I run it again from desktop? ComboFix.txt ComboFix-quarantined-files.txt -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-06-28 11:46:23 ----------------------------- 11:46:23.319 OS Version: Windows x64 6.1.7601 Service Pack 1 11:46:23.319 Number of processors: 8 586 0x2A07 11:46:23.320 ComputerName: DARKER-PC UserName: Darker 11:46:23.759 Initialize success 11:49:40.409 AVAST engine defs: 13062800 11:52:57.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:52:57.464 Disk 0 Vendor: LITEONIT VBA2 Size: 244198MB BusType: 3 11:52:57.465 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 11:52:57.467 Disk 1 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3 11:52:57.476 Disk 0 MBR read successfully 11:52:57.478 Disk 0 MBR scan 11:52:57.484 Disk 0 Windows 7 default MBR code 11:52:57.487 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 11:52:57.493 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 218595 MB offset 52430848 11:52:57.512 Disk 0 scanning C:\Windows\system32\drivers 11:53:13.463 Service scanning 11:53:45.386 Modules scanning 11:53:45.395 Disk 0 trace - called modules: 11:53:45.723 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll 11:53:45.727 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d06c790] 11:53:45.730 3 CLASSPNP.SYS[fffff880015ad43f] -> nt!IofCallDriver -> [0xfffffa800ce196b0] 11:53:45.733 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ce1e050] 11:53:46.198 AVAST engine scan C:\Windows 11:53:52.618 AVAST engine scan C:\Windows\system32 11:57:25.164 AVAST engine scan C:\Windows\system32\drivers 11:57:44.146 AVAST engine scan C:\Users\Darker 12:00:55.325 AVAST engine scan C:\ProgramData 12:02:16.824 Scan finished successfully 12:03:33.946 Disk 0 MBR has been saved successfully to "C:\Users\Darker\Desktop\MBR.dat" 12:03:33.950 The log file has been saved successfully to "C:\Users\Darker\Desktop\aswMBR.txt" -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Hi, Thank you for you reply, sorry I failed to mentioned that I used mbar anti-rk earlier and it was clean, here are the logs: system-log.txt mbar-log-2013-06-28 (10-22-05).txt -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
Please find new RK log below: RogueKiller V8.6.1 _x64_ [Jun 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Darker [Admin rights]Mode : Scan -- Date : 06/28/2013 03:40:56| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe - -e [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: LITEONIT LAT-256M3S +++++--- User ---[MBR] 65fa4c87d420cd6bf67742cd03ea0337[bSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 218595 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: LITEONIT LAT-256M3S +++++--- User ---[MBR] 74af7257b031911fec7e2a67a6eb83d7[bSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 665401 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_06282013_034056.txt >> -
99% Suspected Infection - GMER causes Bluescreen
Intabli replied to Intabli's topic in Resolved Malware Removal Logs
I am aware of that, but I am not using it illegally, I just blocked the checking it does with servers because I formatted my PC and I re-used my older license which they refused to re-verify for me. I never pirate out of the blue, but I was let down and I circumvented the check. I will however remove the entries from the hosts file anyway because I have to buy an upgrade license anyway. Thanks for understanding.