[ivorykeys87]

So, i followed one of the guides on here and just want to make sure the rootkit is gone. I restarted the computer after using TDSSKiller, re scanned using TDSSKiller and it didn't find any threats. So i'm assuming it is fixed, but i have no idea how to read the logs. Attached are both logs. 

Attached Files

•  TDSSKiller.2.6.19.0_25.07.2015_00.37.08_log.txt   76.26KB   164 downloads
•  TDSSKiller.2.6.19.0_25.07.2015_00.39.47_log.txt   75.57KB   172 downloads

[Advertisements]

Hi ivorykeys87,

Your log does indeed look clean, but I will recommend a more thorough check-up (which we can provide) just to be on the safe side. Let me know if this interests you and I'll post the instructions.

[Pyxis]

Hi ivorykeys87,

Your log does indeed look clean, but I will recommend a more thorough check-up (which we can provide) just to be on the safe side. Let me know if this interests you and I'll post the instructions.

[ivorykeys87]

Of course. Is there a charge?

[ivorykeys87]

I decided to scan the computer because it appears as though my CPU is over worked when all i'm doing is streaming and playing online poker. With my build, that shouldn't be a problem, but my monitors constantly blink off and on. Since removing this rootkit though, the problem persists...

[Pyxis]

Of course. Is there a charge?

Yes, $0. Well then, if I may formally begin:

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

• It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
• Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
• Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep in mind these reminders. Let's get to work!

• Step 1
  
  Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.
  
  '32-bit'
  '64-bit'
  • Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
  • The program will initialize. Press Yes to accept the disclaimer.
  • Put a check on Addition.
  • Press the Scan button after.
  • It will produce FRST.txt and Addition.txt on your desktop once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • Addition.txt (Farbar Recovery Scan Tool)
  • FRST.txt (Farbar Recovery Scan Tool)

[ivorykeys87]

I am running windows 64 bit for future reference. Are we working on the rootkit issue or the monitors going in and out issue right now?

Attached Files

•  FRST.txt   23.72KB   271 downloads
•  Addition.txt   27.36KB   232 downloads

[Pyxis]

I am running windows 64 bit for future reference. Are we working on the rootkit issue or the monitors going in and out issue right now?

That is sounding more like a hardware issue. I will direct you to our hardware specialists if the issue persists after the cleanup process.

• Step 1
  
  After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.
  
  More can be read from the following sources:
  • The Dangers of P2P File Sharing
  • The Dangers of P2P Networks
  You are advised to remove the following programs by uninstalling them:
  • µTorrent
  Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.

• Step 2
  
  Download 'aswMBR by avast!' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Once prompted to download the database, click No.
  • Choose None for the AV Scan option.
  • Press Scan. Once done, click Save Log and choose your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 3
  
  Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
  • Double-click mbam-setup-*.exe and proceed to installing the program.
    • Accept the License Agreement.
    • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
    • Click Finish after.
  • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
    • Tick the Scan For Rootkits box.
  • Go back to the Dashboard and select Update Now. Click Scan Now after.
    • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
    • Once the scan is complete, click Apply Actions.
    • If you are prompted to reboot, allow it by pressing Yes.
  • Navigate to the program's History tab to retrieve the log.
    • Click Application Logs and double-click on the most recent Scan Log.
    • Export the log to your desktop as a .TXT file.
    • You can also choose to directly copy the log by selecting Copy to Clipboard.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • aswMBR.txt (aswMBR)
  • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

[ivorykeys87]

It appears that I solved my issue with the monitors. But, if it presents itself again, I will create a thread in the specified department. The first pasted log is the "Daily Protection Log". 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Error, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Update, Bad md5 or size: akadomains, 11, 

Error, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Update, Bad md5 or size: akaips, 11, 

Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3, 

Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.22.1, 

Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.20.1, 

Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2, 

Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.15.1, 

Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.25.3, 

Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.25.1, 

Scan, 7/25/2015 2:43 AM, SYSTEM, CHASE-PC, Manual, Start:7/25/2015 2:34 AM, Duration:8 min 49 sec, Threat Scan, Completed, 1 Malware Detection, 5 Non-Malware Detections, 

Error, 7/25/2015 2:44 AM, SYSTEM, CHASE-PC, Protection, IsLicensed, 13, 

Protection, 7/25/2015 2:44 AM, SYSTEM, CHASE-PC, Protection, Malware Protection, Stopping, 

Protection, 7/25/2015 2:44 AM, SYSTEM, CHASE-PC, Protection, Malware Protection, Stopped, 

 

(end)

 

The second is the scan log. 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/25/2015

Scan Time: 2:34 AM

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.07.25.01

Rootkit Database: v2015.07.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Chase

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 335446

Time Elapsed: 8 min, 49 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

Adware.TryMedia, HKU\S-1-5-21-2213509919-2853325218-3059417636-1000\SOFTWARE\Trymedia Systems, Quarantined, [985d09dc771316208cabf4d848bb27d9], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [4fa6964f682293a3b9956f9821e24db3], 

 

Files: 4

PUP.Optional.APNToolBar.A, C:\Users\Chase\AppData\Local\Temp\uttF33D.tmp.exe, Quarantined, [f50005e03357e5515cdf6f395ea3ee12], 

PUP.Optional.APNToolBar.A, C:\Users\Chase\AppData\Local\Temp\Offercast2802_MTV_.exe, Quarantined, [12e3be270d7ddf5736065b4d24ddae52], 

PUP.Optional.DownloadAssistant, C:\Users\Chase\AppData\Local\Temp\a2vI83jU2L\hQwK1Kxj\Setup.exe, Quarantined, [22d3865f4d3d91a5352e9eafd52c1ce4], 

PUP.Optional.OutBrowse, C:\Users\Chase\Downloads\Installation.exe, Quarantined, [05f028bdc0ca5adc7912d980e021e917], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Attached Files

•  aswMBR.txt   2.08KB   193 downloads

[Pyxis]

TDSSKiller seem to have removed the rootkit completely as there are no traces of it left. Your logs look good--just some adware, which we will purge in this post.

• Step 1
  
  Download 'AdwCleaner by Xplode' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Read the Terms of Use and click I Agree.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 2
  
  Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 3
  
  Download 'SecurityCheck by screen317' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up after once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  Note: If you get an error about an unsupported operating system, please reboot your computer and try again.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • AdwCleaner[S*].txt (AdwCleaner)
  • checkup.txt (SecurityCheck)
  • JRT.txt (Junkware Removal Tool)

[ivorykeys87]

# AdwCleaner v4.208 - Logfile created 25/07/2015 at 03:08:41

# Updated 09/07/2015 by Xplode

# Database : 2015-07-15.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Chase - CHASE-PC

# Running from : E:\Programs\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\simplitec

Folder Deleted : C:\ProgramData\Trymedia

File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bobrowser.com_0.localstorage

File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bobrowser.com_0.localstorage-journal

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\simplitec

Key Deleted : HKLM\SOFTWARE\Trymedia Systems

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17420

 

 

-\\ Google Chrome v43.0.2357.134

 

 

*************************

 

AdwCleaner[R0].txt - [1225 bytes] - [25/07/2015 03:06:48]

AdwCleaner[S0].txt - [1166 bytes] - [25/07/2015 03:08:41]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1225  bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.5.1 (07.16.2015:1)

OS: Windows 7 Home Premium x64

Ran by Chase on Sat 07/25/2015 at  3:11:09.23

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage

Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal

Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage

Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal

 

 

 

~~~ Folders

 

 

 

~~~ Chrome

 

 

[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 07/25/2015 at  3:15:46.27

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Results of screen317's Security Check version 1.005  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 Windows Firewall Disabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 8 Update 25  

 Java version 32-bit out of Date! 

 Adobe Reader XI  

 Google Chrome (43.0.2357.132) 

 Google Chrome (43.0.2357.134) 

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

 

[ivorykeys87]

My hard drive is SSD.

[Pyxis]

Could you kindly visit chrome://version using Goolge Chrome? Copy and paste the results back here.

• Step 1
  
  You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
  • Java Runtime Environment -- Update
  Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.

• Step 2
  
  Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
  • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
  • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):
    
    

    

  • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
  • Upon completion, select List of found threats > Export to text file....
  • Press Back and put a check on the following:
    • Uninstall application on close
    • Delete quarantined files
  • Click Finish.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • log.txt (ESET Online Scan)

[Pyxis]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.