Jump to content

suspect i have Maleware / Virus


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

There is definite evidence of illegal software running on your system (AutoKMS.exe) as this is in direct breach of forum protocol no help can be offered...

 

Kevin.

Link to post
Share on other sites

As far as i`m aware RzMaelstromVAD_1.1.41.1089 belongs to Razer, (Surround Audio Service) Continue:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Full Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin..

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Joe at 2014-10-09 13:16:57 Run:1
Running from C:\Users\Joe\Downloads
Loaded Profile: Joe (Available profiles: Joe)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1958978909-1473249692-2050056403-1001\...\Run: [AdobeBridge] => [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Joe\AppData\Local\Temp\tmp46EE.tmp [X]
C:\Users\Joe\jagex_cl_runescape_LIVE.dat
C:\Users\Joe\random.dat
Task: {30CB2AD2-5402-4ECB-9DC8-21E0D29E48EC} - \VisualBeeRecovery No Task File <==== ATTENTION
Task: {D67AE6EB-5F05-4608-A3BD-7BF2BA1B1014} - \AutoKMS No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
Hosts:
EmptyTemp:
End


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1958978909-1473249692-2050056403-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
vmci => Service deleted successfully.
VMnetAdapter => Service deleted successfully.
WinRing0_1_2_0 => Unable to stop service
WinRing0_1_2_0 => Service deleted successfully.
C:\Users\Joe\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Joe\random.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30CB2AD2-5402-4ECB-9DC8-21E0D29E48EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30CB2AD2-5402-4ECB-9DC8-21E0D29E48EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBeeRecovery" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D67AE6EB-5F05-4608-A3BD-7BF2BA1B1014}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67AE6EB-5F05-4608-A3BD-7BF2BA1B1014}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
Could not reset Hosts.
EmptyTemp: => Removed 806.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/10/2014
Scan Time: 1:31:09 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.09.08
Rootkit Database: v2014.10.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361240
Time Elapsed: 12 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller, Quarantined, [1b2d5ab88bf1fc3ac6b75bb58b78956b],

Files: 1
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe, Quarantined, [1b2d5ab88bf1fc3ac6b75bb58b78956b],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

# AdwCleaner v3.311 - Report created 09/10/2014 at 13:54:15
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Joe - JOE-PC
# Running from : C:\Users\Joe\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\pqsp1cg8.default-1398121802275\prefs.js ]


*************************

AdwCleaner[R0].txt - [2613 octets] - [09/10/2014 13:53:11]
AdwCleaner[s0].txt - [2332 octets] - [09/10/2014 13:54:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2392 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Professional x64
Ran by Joe on 09/10/2014 at 14:06:03.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\pqsp1cg8.default-1398121802275\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/10/2014 at 14:07:54.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Thu Dec 27 16:08:23 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 27 16:09:07 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Tue Jan 08 13:42:48 2013
->Scan ERROR: resource process://pid:1304 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 08 13:43:22 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Wed Feb 13 23:28:02 2013
->Scan ERROR: resource process://pid:9740 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 23:28:49 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Wed Mar 13 22:30:14 2013
->Scan ERROR: resource process://pid:1780 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 13 22:31:08 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Wed Apr 10 21:02:07 2013
->Scan ERROR: resource process://pid:8376 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 21:03:06 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Wed May 15 23:18:31 2013
->Scan ERROR: resource process://pid:8640 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 15 23:19:31 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Thu Jun 13 03:00:55 2013
->Scan ERROR: resource process://pid:1272 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 03:02:12 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Tue Jul 09 23:05:45 2013
->Scan ERROR: resource process://pid:1320 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 09 23:06:51 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Thu Jul 11 21:52:43 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 21:53:51 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Tue Aug 13 22:33:49 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 13 22:34:55 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Tue Sep 10 22:22:30 2013

Engine: 1.1.9800.0
Signatures: 1.157.932.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 10 22:23:31 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Tue Oct 08 23:12:00 2013

Engine: 1.1.9901.0
Signatures: 1.159.530.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 08 23:13:12 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Tue Nov 12 23:33:26 2013

Engine: 1.1.10003.0
Signatures: 1.161.1618.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 12 23:34:34 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Mon Dec 16 02:51:10 2013

Engine: 1.1.10100.0
Signatures: 1.163.1013.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 16 02:52:25 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Thu Jan 16 11:00:28 2014

Engine: 1.1.10201.0
Signatures: 1.165.1273.0

Results Summary:
----------------
No infection found.
Failed to submit MAPS report: 0x80072EFD
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 11:03:12 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Sun Feb 16 14:31:36 2014

Engine: 1.1.10201.0
Signatures: 1.165.3163.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 14:32:59 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Wed Mar 19 10:18:36 2014

Engine: 1.1.10302.0
Signatures: 1.167.1001.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 10:19:39 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Thu Apr 10 12:41:05 2014

Engine: 1.1.10401.0
Signatures: 1.169.1258.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 12:42:05 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Wed May 14 13:03:59 2014

Engine: 1.1.10502.0
Signatures: 1.173.1305.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 14 13:04:59 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Thu Jun 12 12:53:01 2014

Engine: 1.1.10600.0
Signatures: 1.175.1113.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 12:54:27 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Thu Jul 10 13:22:44 2014

Engine: 1.1.10701.0
Signatures: 1.177.949.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 13:25:20 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Sun Aug 31 23:59:41 2014

Engine: 1.1.10802.0
Signatures: 1.179.1796.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 01 00:01:17 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Thu Sep 11 11:36:18 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 11 11:39:29 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Thu Oct 09 14:09:58 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 09 14:10:14 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Thu Oct 09 14:10:47 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 09 18:20:24 2014


Return code: 0 (0x0)
 

Link to post
Share on other sites

What is the current status of your system, are there any remaining issues or concerns?

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thank you,

 

Kevin...

Link to post
Share on other sites

C:\Program Files (x86)\AlienRespawn\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
E:\Movies\dao-Bwolf89.exe    a variant of Win32/GameHack.F potentially unsafe application
 

Link to post
Share on other sites

ESET log is ok, nothing to worry about. Only one point, the Hosts file is missing and FRST could not make a reset.......

 

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it. The root of the system drive would be a ideal location:

 

EG: C:\

 

  • Right-click on HostsXpert.exe and select Run as Administrator to launch the programme.
  • Check to see if top button on left hand side says Make Writable?
  • If it does. click on it then proceed to next instruction.
  • If not, just proceed to next instruction..
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
  • Click on MVPs Hosts... button.
  • Click on Replace button.

Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file. If prompted about DNS, just ignore it click on OK etc)

 

When finished...

  • Click on File Handling button.
  • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

 

Let me know if that completes ok...

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no remaining issues or concerns are we ok to close out?

 

Thanks,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.