Jump to content

help with GMER results


Recommended Posts

first time i have used GMER and not sure how to interpret results. piled together some info from net and youtube, saw RED entries in the FILES tab (no other tabs just FILES tab). i gathered that RED lines of text might mean i have some bad stuff in my system. 


 


sorry i didnt click on 3rd PARTY to generate a log. 


 


im using Windows 7 Home Premium 64bit Service Pack 1


 


attached are the logs that were requested


FRST.txt

Addition.txt

Malwarebytes Quick Scan.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run FRST one more time:

 

Type the following in the edit box after "Search:".

 

winlogon.exe

 

Click Search button and post the log (Search.txt) it makes to your reply.

 

Kevin

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Malwarebytes 2.0, please run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Kevin

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

ok here are the logs you requested

 

yes i do have some concerns and questions:

 

1) i have AVG and MBAM on real time protection, is this good or bad?

2) should WINDOWS DEFENDER be disabled (consider question 1)

3) i notice my firewall, sometimes is off and then takes a minute to turn on and other times is on right away?

4) why does my Network show as NETWORK 2? is there another one active on my system?

5) how do i know my HOSTS file hasnt been altered in someway? at one point it was in some other language (its in english now) 

 

Fixlog.txt

MBAM after frst fix.txt

AdwCleanerS0.txt

JRT.txt

Link to post
Share on other sites

1) i have AVG and MBAM on real time protection, is this good or bad?  -- Very Good...

2) should WINDOWS DEFENDER be disabled (consider question 1)       --- Disable WD when MB is active in realtime.

3) i notice my firewall, sometimes is off and then takes a minute to turn on and other times is on right away? Not sure about the FW, lets see what happens when we`re done.

4) why does my Network show as NETWORK 2? is there another one active on my system? ---- Nothing to worry about, Network 2 is just the name Windows gives to your network adapters, and sometimes after re-installing them it tends to name them Network 2, Network 3, etc.. even for the same connection

5) how do i know my HOSTS file hasnt been altered in someway? at one point it was in some other language (its in english now) -- Hosts file did show in the FRST secondary log, if it had been altered away from default it would have been listed in the log. Was not altered according to the log..

 

The main problem was a patched system file "Winlogon.exe" also two of the back up files were also patched. Probably the work of a trojan, how you pick up the trojan is speculative. Maybe spoofed email, fake email, exploited Java or Adobe, hi-jacked website, drive by d/l at poisoned website, etc etc etc .....

 

What is the current status, is your system responding better, worse, same. Any specific issues or concerns?

Link to post
Share on other sites

thank you for your prompt replies. 

 

yes it seems better now, was there some program that might have caused all this? specifically DRIVER BOOSTER. i had it in my TASKBAR but i do not see it there any longer. should i uninstall it completely? which driver booster do you recommend if any?

 

so these trojans got passed avg and MBAM huh? i do scans often so not sure when i might have gotten all these issues. 

 

do the logs show everything is good now? can i do a restore point or iso disc if everything looks good?

Link to post
Share on other sites

Driver Booster is an app from IOBit, Anything belonging to IOBit is not recommended, it has a very dubious history. I`m sure you will be well aware of Malwarebytes run in with that Company....

 

Regarding WinLogon have a read here: http://en.wikipedia.org/wiki/Winlogon

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply......

 

Regarding security, My own security set up for W7 is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

 

http://www.surfright.nl/en/alert/cryptoguard'>http://www.surfright.nl/en/alert/cryptoguard

Link to post
Share on other sites

Browser choice is down to you, personally I do not like Chrome and prefer Firefox. Regarding the ESET log i`d recommend that you uninstall NCH Software, it is known to come bundled with unwanted extras. Read from the following link: https://www.mywot.com/en/scorecard/nchsoftware.com

Do not take the sites recommendation, scroll down and read some of the personal reviews.....

 

Run the following to clean up, note System Restore will be flushed and a new restore point set. If you do not want that to happen just uncheck that option...

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no remaining issues or concerns are we OK to close out..

 

Kevin

Link to post
Share on other sites

yes we are good thank you for all your help and info. 

 

one last question, whats the best method to get back to this point now that the system is clean. system restore, iso image, repair disc? 

 

should the system get infected again how could i get it back to this clean point?

Link to post
Share on other sites

Windows 7 has the ability to create a full image back up of the system and create a System Repair CD. Go here: http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/ for full instructions. Please read the instructions fully, always print off and save the instructions and bookmark the link for future reference...

 

Also always use Windows own System restore, Go here: http://www.sevenforums.com/tutorials/700-system-restore.html for full and easy to follow instructions....

 

Another good registry backup tool is available free from Tweaking.com, it is a clean tool with no unwanted addons or extras.....

 

  • Please download the installer for Registry Backup from either of the following links and save to your desktop.
     
    http://www.bleepingcomputer.com/download/registry-backup/
    http://www.tweaking.com/
     
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
     
    TCRB-1.jpg
     
    Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
     
    TBRB-2.jpg
     
  • Close Tweaking.com - Registry Backup

 

Note - There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

 

 

A tutorial for Registry Backup explaining the various features be viewed at the following link

 

http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325#.UwHFG4VKrRo

 

Hope that helps...

 

Kevin

Link to post
Share on other sites

good info to have. thank you so much 

 

im tyring to add and SSD and it says that the source drive is larger than the destination drive. i right click on C: to see how large it is and it says 36.6 gb. the SSD is a 60gb. 

 

im using Corsair Cloning Kit with sata usb on a Patriot Pyro SSD, any idea why it would say that the source drive is 63,227 MB. ive used this kit before with no prob. you have any input on this?

Link to post
Share on other sites

Your present HD is 440 GB, 37 GB is used, the rest is free. The SSD drive is 60 GB so can easily hold your system at present and still have 23 GB free. The problem is the software you are using does not support miss matched drives, the destination drive has to be larger than than the source drive. Or that is how it seems to be?

 

I use the Pro version of Aomei for all partition, cloning etc. There is a free version, not sure if it supports miss matched drives but it will clone HD to SSD for sure... use following link

 

http://www.backup-utility.com/free-backup-software.html

 

I`m specifically a malware fighter and do not do general PC work on this Forum, you need to ask maybe the General PC help forum, maybe one of the Tech guys will tell you what to do or give advice...

 

Kevin.... ;)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.