Lecopi
Honorary Members-
Posts
74 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
-
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
Hello I will do that next Monday and keep you inform here is all that we have previously done - de-install, clean, install MBAM several times - set properly the exclusion list in NIS - uninstall NIS, and any Norton tool (ghost and NSW) - clean the PC - uninstall SPYBOT * - uninstall Intel Matrix storage * - uninstall adaptec Matrix storage * - uninstall Acronis * and despite this MBAM was always freezing * have been re-installed now and ESET is the new AV. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
hello Advanced Setup 1- removing anti-virus software all ready done totaly with Norton before installing Eset. PC perfectly clean with no Norton application at all. ( documented initial post). Despite this MBAM freeze time to time. 2- uninstalling, cleaning, installing MBAM - Done at least 5 times according the procedure. still unexpected freeze. ( initial post) As this topics in on the HJT log ( malware) it's my understanding what you don't perceive any virus/malware in the combo-fix and HJT log. At this point could we run once again a combo-fix or an HJT and I will appreciate your advice about what entries are not useful (exemples: old drivers.....) and could be removed. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
1- The Intel Matrix stotrage is installed in the computer but they is no RAID configuration for now. Has already be uninstalled, upon 360 advice. MBAM still froze.The Intel Matrix storage has been re-installed after. 2- As I have restore an Acronis Image, I have solve the network configuration. 3 - ESET smart Security 4 -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
Hello AdvancedSetup and thanks for your help. I consume significant part of my time yesterday by restoring the image and re-installing various softwares which were requested . The good news is : this is not the COMBO FIX which cause the Internet connection problem. This problem has been duplicated again, but is still under investigation. I have a turn-around solution for now. As a summary - the PC is clean (my opinion, but this is only an opinion) - Rootrepeal does't run a windows "inialyzing" is on the screen - Never change - they is disk activitie. - I wait 10 ' and kill the process. Is this process very long ? I have control on the PC. What's your advice? - The only problem is that MBAM freeze completly the PC ( I have no control at all of the PC - see specific post on this) in most of the situation (let say 50%). MBAM run correctly only in safe mode. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
content deleted. was the same that the next one. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
Rootrepeal still in the "initialisation mode" after 10 minutes. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
1) ekrn.exe is an Eset program 2) Internet conection : the problems come from the fact that it is now the computer which assign the IP adress (for sure ) and not the Internet "box" . I need to find how to change this. 3) systray - will see later. Not a big issue. 4) Rootrepeal : I will run it 5) STEP 3 - CHKDSK Has aready completly and succesfully be performed upon exile 360 instructions some days ago. -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
I am back on another computer. Here is the situation. I run the script after adding the requested line. When the computer re-start - internet connection was not more possible ( in fact the IP adress is not correct and it appears that DHCP from the Netgear DG834G cannot attribute it anymore . - very long time after choosing the user until I can use the PC (Was quick before) - several missing icon in the Systray, including : keybord, speedfan, eset... but those app's are running - ekrn.exe is running I don't know what it is. That's all B) If no other solution (As I don't use the windows restore point), I will restore my latest Acronis image. B) -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
?I understand that: it is loading as a driver. Yes we can remove it. Did you see my edit on previous message? -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
-
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
-
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
HJT LOG ____________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:29:45, on 28/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Outils PC\SpeedFan\speedfan.exe C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outils PC\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe O4 - Global Startup: KEM.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: SpeedFan.lnk = C:\Program Files\Outils PC\SpeedFan\speedfan.exe O8 - Extra context menu item: Ajouter au tueur de pub - C:\Program Files\Outils PC\Maxthon\config/blacklist.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\Outils PC\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Outils PC\GetRight\GRbrowse.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Cr -
Following a request from Advanced setup
Lecopi replied to Lecopi's topic in Resolved Malware Removal Logs
HEllo - Heres is the COMBOFIX LOG ___________________________________ ComboFix 09-09-25.01 - Philippe GIRARDOT 28/09/2009 8:13.1.2 - NTFSx86 Microsoft Windows XP -
Hi Jacktivity thanks, I will do that.
-
Hello Following request from Advanced Setup I have posted a log in the HJT section. Until now they is not reply at all from this section and from the develloppers. Please let me know how we can move forwards. Thanks