pashax

fine, i think. no strange things on msconfig. dont know if i should change bank pass because i dont know if some of them were old or what. updating windows.

is this the log? C:\FRST\Quarantine\69fc\7fea7.js JS/Kryptik.ALI trojan cleaned by deleting - quarantined C:\Program Files\KMSnano\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.A application cleaned by deleting - quarantined C:\Users\marcosczaykowski\AppData\Roaming\69fc\7fea7.js JS/Kryptik.ALI trojan cleaned by deleting - quarantined C:\Users\marcosczaykowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2d.js JS/Kryptik.ALI trojan cleaned by deleting - quarantined C:\Users\marcosczaykowski\var\progs\Alcohol_120_2.0.1.1820_DMZ.zip a variant of Win32/HackTool.Patcher.N application deleted - quarantined C:\Users\marcosczaykowski\var\progs\overclocking\cpu-z_1.56-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined so, to clear all these programs roguekiller and others, just deleting them? whats qoobox? can i delete it?

done. i check them (there are 2: an old one and a second with a new name) but NO RESTART and scan the system. RKreport0_S_09052013_174050.txt

done. they were unchecked since i wrote this topic. otherwise i couldnt use mbam or msconfig. i unchecked them when started on basic windows mode. RKreport0_S_09052013_162426.txt

done Fixlog.txt

im sorry, those are command column. on the location, hkcu\software\microsoft\windows\currentversion\run

one of them is on c:\users\marcosczaykowski\appdata\roaming\69fc\7fea7.js the other is on: c:\users\marcosczaykowski\appdata\roaming\microsoft\windows\start menu\programs\startup\29a8.js enter the folder to see the file, but there is nothing there. keep in mind i type those path and tried to erase one of those folders (the last one).

i was working with some files in word and excel and put them on a pendrive. then, went to a printing house and when i got back, used the pendrive and suddenly i saw on the pendrive a folder called 5c5 (dont remember what else). all my folders on the pendrive had the shortcut little icon on them. thought using mbam and couldnt. used the chamaleon and found out 25 infections and erased them but it closed before ending. went to safe mode and ran the mbam and nothing found BUT in normal mode, couldnt run mbam nor msconfig. used safe mode again and msconfig to uncheck from startup these to programs 7fea7 and another. if i check them and they ran on startup, i wouldnt be able to use mbam or msconfig. nothing more. u are the rest of the story. i dont know what else to say.

attached the logs. Addition.txt FRST.txt

done the combofix. note that several times ask me for file NIRKMD when endind every stage. log attached. ComboFix.txt

no problems found with anti rootkit. but in msconfig (startup) there are still those progs i told u: 7fea7 and 29a8. if i would check them to startup with system, i wouldnt be able to run mbam nor msconfig. system-log.txt mbar-log-2013-09-03 (16-23-55).txt

thanks for your time. here is the log. RKreport0_S_09032013_161303.txt

i hope i understood correctly the steps to post a new topic. mbam cant get rid of my infection. i ran mbam several times and tells me there are 0 infections (on secure mode) but on normal windows mode, the infections still remaining. on msconfig i can see 2 unknown programs: 7fea7 and another like that, that wont let me run mbam on normal windows mode. the logs: attached. thanks. dds.txt attach.txt