Lecopi
Honorary Members-
Posts
74 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Lecopi
-
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
Hello I will do that next Monday and keep you inform here is all that we have previously done - de-install, clean, install MBAM several times - set properly the exclusion list in NIS - uninstall NIS, and any Norton tool (ghost and NSW) - clean the PC - uninstall SPYBOT * - uninstall Intel Matrix storage * - uninstall adaptec Matrix storage * - uninstall Acronis * and despite this MBAM was always freezing * have been re-installed now and ESET is the new AV. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
hello Advanced Setup 1- removing anti-virus software all ready done totaly with Norton before installing Eset. PC perfectly clean with no Norton application at all. ( documented initial post). Despite this MBAM freeze time to time. 2- uninstalling, cleaning, installing MBAM - Done at least 5 times according the procedure. still unexpected freeze. ( initial post) As this topics in on the HJT log ( malware) it's my understanding what you don't perceive any virus/malware in the combo-fix and HJT log. At this point could we run once again a combo-fix or an HJT and I will appreciate your advice about what entries are not useful (exemples: old drivers.....) and could be removed. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
1- The Intel Matrix stotrage is installed in the computer but they is no RAID configuration for now. Has already be uninstalled, upon 360 advice. MBAM still froze.The Intel Matrix storage has been re-installed after. 2- As I have restore an Acronis Image, I have solve the network configuration. 3 - ESET smart Security 4 -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
Hello AdvancedSetup and thanks for your help. I consume significant part of my time yesterday by restoring the image and re-installing various softwares which were requested . The good news is : this is not the COMBO FIX which cause the Internet connection problem. This problem has been duplicated again, but is still under investigation. I have a turn-around solution for now. As a summary - the PC is clean (my opinion, but this is only an opinion) - Rootrepeal does't run a windows "inialyzing" is on the screen - Never change - they is disk activitie. - I wait 10 ' and kill the process. Is this process very long ? I have control on the PC. What's your advice? - The only problem is that MBAM freeze completly the PC ( I have no control at all of the PC - see specific post on this) in most of the situation (let say 50%). MBAM run correctly only in safe mode. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
content deleted. was the same that the next one. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
Rootrepeal still in the "initialisation mode" after 10 minutes. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
1) ekrn.exe is an Eset program 2) Internet conection : the problems come from the fact that it is now the computer which assign the IP adress (for sure ) and not the Internet "box" . I need to find how to change this. 3) systray - will see later. Not a big issue. 4) Rootrepeal : I will run it 5) STEP 3 - CHKDSK Has aready completly and succesfully be performed upon exile 360 instructions some days ago. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
I am back on another computer. Here is the situation. I run the script after adding the requested line. When the computer re-start - internet connection was not more possible ( in fact the IP adress is not correct and it appears that DHCP from the Netgear DG834G cannot attribute it anymore . - very long time after choosing the user until I can use the PC (Was quick before) - several missing icon in the Systray, including : keybord, speedfan, eset... but those app's are running - ekrn.exe is running I don't know what it is. That's all B) If no other solution (As I don't use the windows restore point), I will restore my latest Acronis image. B) -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
?I understand that: it is loading as a driver. Yes we can remove it. Did you see my edit on previous message? -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
-
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
-
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
HJT LOG ____________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:29:45, on 28/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Outils PC\SpeedFan\speedfan.exe C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outils PC\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe O4 - Global Startup: KEM.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: SpeedFan.lnk = C:\Program Files\Outils PC\SpeedFan\speedfan.exe O8 - Extra context menu item: Ajouter au tueur de pub - C:\Program Files\Outils PC\Maxthon\config/blacklist.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\Outils PC\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Outils PC\GetRight\GRbrowse.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Cr -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
HEllo - Heres is the COMBOFIX LOG ___________________________________ ComboFix 09-09-25.01 - Philippe GIRARDOT 28/09/2009 8:13.1.2 - NTFSx86 Microsoft Windows XP -
Hi Jacktivity thanks, I will do that.
-
Hello Following request from Advanced Setup I have posted a log in the HJT section. Until now they is not reply at all from this section and from the develloppers. Please let me know how we can move forwards. Thanks
-
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
I apologyze is I made something witch is not correct. Pls tell me. I would appreciate to solve this freeze. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
here is the latest log all Symantec app have been removed properly from the PC ______________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:03:58, on 25/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Outils PC\SpeedFan\speedfan.exe C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Outils PC\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE R -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
Hello Any opportunity to review this log, in the folowings 2 or 3 days,please. -
no .sys or (.sys or kind of 'one caracter' .sys at all
-
Hello I have not "runtime error 5 invalid procedure call or argument ", just a freeze. I am curently investigate the suggested file list.
-
hello to all I have investigated this situation and it appears that. 1) video inspector is a well known and valuable tool to analyse video codecs 2) videoinspector is distributed by KC software which seems to be known to include Relevant Knowledge in some of its package 3) they is different version of video inspector on the site of KCS - videoinspector (which include RK) - videoinspector_lite (which is RK free) need to be carefull at download time while is not easy to recognize one or the other. (red barred panel for RK free) 4) I have analysed last version of videoinspector_lite 2.2.2.121 with Eset and this is OK. My old version was also detected as a malware by ESET. This is my best understanding Hope that help.
-
Hello AdvanceSetup Done here http://www.malwarebytes.org/forums/index.php?showtopic=25481 Waiting for analysis results
-
Hello to all We have a freeze problem with MBAM here : http://www.malwarebytes.org/forums/index.p...=24740&st=0 and AdvancedSetup has asked for some scans to verify that there is no Malware present on the system. Could you please help. Hijackthis log attached hijackthis.rar
-
thanks again
-
Did you think that SDhelper also apply to Maxthon ?