Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Do I have a Virus/Spyware/Malware problem? [Solved]


  • This topic is locked This topic is locked

#31
AzureZero

AzureZero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Here the MalwareBytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/22/2014
Scan Time: 9:15:37 PM
Logfile: MalwareBytesscanlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.23.01
Rootkit Database: v2014.12.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian Cantu

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384066
Time Elapsed: 22 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

Advertisements


#32
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Fine, awaiting for ESET :)
  • 0

#33
AzureZero

AzureZero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

As for the ESET, the only notepad file it gave me was this.

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

 

There were no other files then that after the 3hr scan.
 


  • 0

#34
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
I need a report from an AV scanner. Let's use this one instead.



panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
  • 0

#35
AzureZero

AzureZero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Here is the PCloudCleaner

 

Unknown. FILE: C:\PROGRAM FILES (X86)\ROCCAT\ISKU KEYBOARD\ISKUMONITOR.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Isku Keyboard\Isku Driver.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[RoccatIsku]. Value: RoccatIsku To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[RoccatIsku]. Value: RoccatIsku To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[RoccatIsku]. Value: RoccatIsku To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IskuMonitor.EXE. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IskuMonitor.EXE. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES (X86)\ROCCAT\KONE XTD MOUSE\KONEXTDMONITOR.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Kone XTD Mouse\Kone XTD Driver.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[RoccatKoneXTD]. Value: RoccatKoneXTD To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[RoccatKoneXTD]. Value: RoccatKoneXTD To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[RoccatKoneXTD]. Value: RoccatKoneXTD To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\KoneXTDMonitor.EXE. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\KoneXTDMonitor.EXE. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES (X86)\ROCCAT\ROCCAT TALK\ROCCAT TALK.EXE to be deleted.

Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.


  • 0

#36
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
How is your machine behaving?

Merry Christmas! :)


51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.
  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
  • 0

#37
AzureZero

AzureZero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Merry Christmas to you too.

 

My computer is still behaving good, nothing to report, no problems.

 

Here you go

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Webroot SecureAnywhere  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Panda Cloud Cleaner  
 Java 7 Update 71 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader XI 
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 windows defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 


Edited by AzureZero, 24 December 2014 - 10:00 PM.

  • 0

#38
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Sorry for the delay, Christmas happened here. I hope you had pleasant time lately :)



updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

adobe-flash-player.jpeg.png Updating Adobe Flash Player manually
  • Visit Adobe website.
  • You will see a download option there for the newest Adobe Flash Player version.
  • In the center part you will be prompted to install Google Chrome or McAfee Scan Plus (depending on your locale) as a recommended bundled installation. This is foistware. Remember to leave the box for it UNCHECKED.
  • Click on Install, save the file to a convenient location, double-click it and follow the prompts.
Please remember to keep your software always updated. It's crucial as the bugs are still discovered and patched by the vendors.



51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.
Please also manually reboot your machine after posting your logfile.
  • 0

#39
AzureZero

AzureZero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Here the DelFix

 

# DelFix v10.8 - Logfile created 28/12/2014 at 20:01:53
# Updated 29/07/2014 by Xplode
# Username : Christian Cantu - AVA-381061-1
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Christian Cantu\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Christian Cantu\Desktop\Addition.txt
Deleted : C:\Users\Christian Cantu\Desktop\AdwCleaner.exe
Deleted : C:\Users\Christian Cantu\Desktop\ComboFix.exe
Deleted : C:\Users\Christian Cantu\Desktop\Fixlog.txt
Deleted : C:\Users\Christian Cantu\Desktop\FRST.txt
Deleted : C:\Users\Christian Cantu\Desktop\FRST64.exe
Deleted : C:\Users\Christian Cantu\Desktop\FSS.exe
Deleted : C:\Users\Christian Cantu\Desktop\FSS.txt
Deleted : C:\Users\Christian Cantu\Desktop\JRT.exe
Deleted : C:\Users\Christian Cantu\Desktop\JRT.txt
Deleted : C:\Users\Christian Cantu\Desktop\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

Deleted : RP #690 [Windows Update | 12/24/2014 03:52:41]
Deleted : RP #691 [Windows Update | 12/28/2014 11:35:07]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#40
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Anything else that I may be helpful?


Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.


Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?


Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.
All donations are to refund a new HDD to replace the old one, which recently passed away!
btn_donate_SM.gif


Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.


Minion-Bye-smaller.jpg


Stay safe,
Naat :)
  • 0

Advertisements


#41
AzureZero

AzureZero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Thanks again for helping, especially during the holiday season. No questions and everything is running smoothly.

 

Have a happy New Year! and once again thanks.


  • 0

#42
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
You are welcome, I wish you all the best in 2015 too! :)
  • 0

#43
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Since this issue appears to be resolved, this topic has been closed. Glad we could help :)

If you are the topic starter and you wish it to be reopened, please contact a staff member. Everybody else please begin a new topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP