Jump to content

Lecopi

Honorary Members
  • Posts

    74
  • Joined

  • Last visited

Everything posted by Lecopi

  1. Hello I will do that next Monday and keep you inform here is all that we have previously done - de-install, clean, install MBAM several times - set properly the exclusion list in NIS - uninstall NIS, and any Norton tool (ghost and NSW) - clean the PC - uninstall SPYBOT * - uninstall Intel Matrix storage * - uninstall adaptec Matrix storage * - uninstall Acronis * and despite this MBAM was always freezing * have been re-installed now and ESET is the new AV.
  2. hello Advanced Setup 1- removing anti-virus software all ready done totaly with Norton before installing Eset. PC perfectly clean with no Norton application at all. ( documented initial post). Despite this MBAM freeze time to time. 2- uninstalling, cleaning, installing MBAM - Done at least 5 times according the procedure. still unexpected freeze. ( initial post) As this topics in on the HJT log ( malware) it's my understanding what you don't perceive any virus/malware in the combo-fix and HJT log. At this point could we run once again a combo-fix or an HJT and I will appreciate your advice about what entries are not useful (exemples: old drivers.....) and could be removed.
  3. 1- The Intel Matrix stotrage is installed in the computer but they is no RAID configuration for now. Has already be uninstalled, upon 360 advice. MBAM still froze.The Intel Matrix storage has been re-installed after. 2- As I have restore an Acronis Image, I have solve the network configuration. 3 - ESET smart Security 4
  4. Hello AdvancedSetup and thanks for your help. I consume significant part of my time yesterday by restoring the image and re-installing various softwares which were requested . The good news is : this is not the COMBO FIX which cause the Internet connection problem. This problem has been duplicated again, but is still under investigation. I have a turn-around solution for now. As a summary - the PC is clean (my opinion, but this is only an opinion) - Rootrepeal does't run a windows "inialyzing" is on the screen - Never change - they is disk activitie. - I wait 10 ' and kill the process. Is this process very long ? I have control on the PC. What's your advice? - The only problem is that MBAM freeze completly the PC ( I have no control at all of the PC - see specific post on this) in most of the situation (let say 50%). MBAM run correctly only in safe mode.
  5. Rootrepeal still in the "initialisation mode" after 10 minutes.
  6. 1) ekrn.exe is an Eset program 2) Internet conection : the problems come from the fact that it is now the computer which assign the IP adress (for sure ) and not the Internet "box" . I need to find how to change this. 3) systray - will see later. Not a big issue. 4) Rootrepeal : I will run it 5) STEP 3 - CHKDSK Has aready completly and succesfully be performed upon exile 360 instructions some days ago.
  7. I am back on another computer. Here is the situation. I run the script after adding the requested line. When the computer re-start - internet connection was not more possible ( in fact the IP adress is not correct and it appears that DHCP from the Netgear DG834G cannot attribute it anymore . - very long time after choosing the user until I can use the PC (Was quick before) - several missing icon in the Systray, including : keybord, speedfan, eset... but those app's are running - ekrn.exe is running I don't know what it is. That's all B) If no other solution (As I don't use the windows restore point), I will restore my latest Acronis image. B)
  8. ?I understand that: it is loading as a driver. Yes we can remove it. Did you see my edit on previous message?
  9. HJT LOG ____________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:29:45, on 28/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Outils PC\SpeedFan\speedfan.exe C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outils PC\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe O4 - Global Startup: KEM.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: SpeedFan.lnk = C:\Program Files\Outils PC\SpeedFan\speedfan.exe O8 - Extra context menu item: Ajouter au tueur de pub - C:\Program Files\Outils PC\Maxthon\config/blacklist.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\Outils PC\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Outils PC\GetRight\GRbrowse.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Cr
  10. HEllo - Heres is the COMBOFIX LOG ___________________________________ ComboFix 09-09-25.01 - Philippe GIRARDOT 28/09/2009 8:13.1.2 - NTFSx86 Microsoft Windows XP
  11. Hello Following request from Advanced Setup I have posted a log in the HJT section. Until now they is not reply at all from this section and from the develloppers. Please let me know how we can move forwards. Thanks
  12. I apologyze is I made something witch is not correct. Pls tell me. I would appreciate to solve this freeze.
  13. here is the latest log all Symantec app have been removed properly from the PC ______________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:03:58, on 25/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Outils PC\SpeedFan\speedfan.exe C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Outils PC\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE R
  14. Hello Any opportunity to review this log, in the folowings 2 or 3 days,please.
  15. no .sys or (.sys or kind of 'one caracter' .sys at all
  16. Hello I have not "runtime error 5 invalid procedure call or argument ", just a freeze. I am curently investigate the suggested file list.
  17. hello to all I have investigated this situation and it appears that. 1) video inspector is a well known and valuable tool to analyse video codecs 2) videoinspector is distributed by KC software which seems to be known to include Relevant Knowledge in some of its package 3) they is different version of video inspector on the site of KCS - videoinspector (which include RK) - videoinspector_lite (which is RK free) need to be carefull at download time while is not easy to recognize one or the other. (red barred panel for RK free) 4) I have analysed last version of videoinspector_lite 2.2.2.121 with Eset and this is OK. My old version was also detected as a malware by ESET. This is my best understanding Hope that help.
  18. Hello AdvanceSetup Done here http://www.malwarebytes.org/forums/index.php?showtopic=25481 Waiting for analysis results
  19. Hello to all We have a freeze problem with MBAM here : http://www.malwarebytes.org/forums/index.p...=24740&st=0 and AdvancedSetup has asked for some scans to verify that there is no Malware present on the system. Could you please help. Hijackthis log attached hijackthis.rar
  20. Did you think that SDhelper also apply to Maxthon ?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.