Jump to content

Lecopi

Honorary Members
  • Posts

    74
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,707 profile views
  1. Hello I will do that next Monday and keep you inform here is all that we have previously done - de-install, clean, install MBAM several times - set properly the exclusion list in NIS - uninstall NIS, and any Norton tool (ghost and NSW) - clean the PC - uninstall SPYBOT * - uninstall Intel Matrix storage * - uninstall adaptec Matrix storage * - uninstall Acronis * and despite this MBAM was always freezing * have been re-installed now and ESET is the new AV.
  2. hello Advanced Setup 1- removing anti-virus software all ready done totaly with Norton before installing Eset. PC perfectly clean with no Norton application at all. ( documented initial post). Despite this MBAM freeze time to time. 2- uninstalling, cleaning, installing MBAM - Done at least 5 times according the procedure. still unexpected freeze. ( initial post) As this topics in on the HJT log ( malware) it's my understanding what you don't perceive any virus/malware in the combo-fix and HJT log. At this point could we run once again a combo-fix or an HJT and I will appreciate your advice about what entries are not useful (exemples: old drivers.....) and could be removed.
  3. 1- The Intel Matrix stotrage is installed in the computer but they is no RAID configuration for now. Has already be uninstalled, upon 360 advice. MBAM still froze.The Intel Matrix storage has been re-installed after. 2- As I have restore an Acronis Image, I have solve the network configuration. 3 - ESET smart Security 4
  4. Hello AdvancedSetup and thanks for your help. I consume significant part of my time yesterday by restoring the image and re-installing various softwares which were requested . The good news is : this is not the COMBO FIX which cause the Internet connection problem. This problem has been duplicated again, but is still under investigation. I have a turn-around solution for now. As a summary - the PC is clean (my opinion, but this is only an opinion) - Rootrepeal does't run a windows "inialyzing" is on the screen - Never change - they is disk activitie. - I wait 10 ' and kill the process. Is this process very long ? I have control on the PC. What's your advice? - The only problem is that MBAM freeze completly the PC ( I have no control at all of the PC - see specific post on this) in most of the situation (let say 50%). MBAM run correctly only in safe mode.
  5. Rootrepeal still in the "initialisation mode" after 10 minutes.
  6. 1) ekrn.exe is an Eset program 2) Internet conection : the problems come from the fact that it is now the computer which assign the IP adress (for sure ) and not the Internet "box" . I need to find how to change this. 3) systray - will see later. Not a big issue. 4) Rootrepeal : I will run it 5) STEP 3 - CHKDSK Has aready completly and succesfully be performed upon exile 360 instructions some days ago.
  7. I am back on another computer. Here is the situation. I run the script after adding the requested line. When the computer re-start - internet connection was not more possible ( in fact the IP adress is not correct and it appears that DHCP from the Netgear DG834G cannot attribute it anymore . - very long time after choosing the user until I can use the PC (Was quick before) - several missing icon in the Systray, including : keybord, speedfan, eset... but those app's are running - ekrn.exe is running I don't know what it is. That's all B) If no other solution (As I don't use the windows restore point), I will restore my latest Acronis image. B)
  8. ?I understand that: it is loading as a driver. Yes we can remove it. Did you see my edit on previous message?
  9. HJT LOG ____________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:29:45, on 28/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Outils PC\SpeedFan\speedfan.exe C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outils PC\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afp.com/francais/home/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\OUTILS~1\SPYBOT~1\SPYBOT~1\SDHelper.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Outils PC\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = C:\Program Files\Outils PC\Mail Washer Pro\MailWasher.exe O4 - Global Startup: KEM.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: SpeedFan.lnk = C:\Program Files\Outils PC\SpeedFan\speedfan.exe O8 - Extra context menu item: Ajouter au tueur de pub - C:\Program Files\Outils PC\Maxthon\config/blacklist.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\Outils PC\GetRight\GRdownload.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Outils PC\GetRight\GRbrowse.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Cr
  10. HEllo - Heres is the COMBOFIX LOG ___________________________________ ComboFix 09-09-25.01 - Philippe GIRARDOT 28/09/2009 8:13.1.2 - NTFSx86 Microsoft Windows XP
  11. Hello Following request from Advanced Setup I have posted a log in the HJT section. Until now they is not reply at all from this section and from the develloppers. Please let me know how we can move forwards. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.