Jump to content

warrior6

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. hi thanks for the help, i ran the programs you asked me to, it detected some errors and it deleted some stuff. i logged into gmail just fine. no longer getting any cookie errors and have not had any bad redirects. i've posted the logs below, is there anything else i should do to make sure its gone for good? Thank you SECURITY CHECK LOG Results of screen317's Security Check version 0.99.56 Windows 7 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.0 Java 7 Update 4 Java version out of Date! Adobe Flash Player 11.3.300.268 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Ad-Aware Antivirus AdAwareService.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` COUPLE OF LOGS FROM ADWCLEANER LOG 1 # AdwCleaner v2.105 - Logfile created 01/08/2013 at 20:47:32 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Khaiber - KHAIBER-PC # Boot Mode : Normal # Running from : C:\Users\Khaiber\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\adawaretb Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Found : C:\ProgramData\blekko toolbars Folder Found : C:\Users\Khaiber\AppData\LocalLow\adawaretb ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKU\S-1-5-21-4197172984-690052559-2353355344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16968 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = my.daemon-search.com -\\ Google Chrome v23.0.1271.97 File : C:\Users\Khaiber\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.1.1532.0 File : C:\Users\Khaiber\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [2869 octets] - [08/01/2013 20:47:32] ########## EOF - C:\AdwCleaner[R1].txt - [2929 octets] ########## LOG 2 # AdwCleaner v2.105 - Logfile created 01/08/2013 at 20:48:13 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Khaiber - KHAIBER-PC # Boot Mode : Normal # Running from : C:\Users\Khaiber\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\adawaretb Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\Users\Khaiber\AppData\LocalLow\adawaretb ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16968 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = my.daemon-search.com --> hxxp://www.google.com -\\ Google Chrome v23.0.1271.97 File : C:\Users\Khaiber\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.1.1532.0 File : C:\Users\Khaiber\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [2990 octets] - [08/01/2013 20:47:32] AdwCleaner[s1].txt - [2858 octets] - [08/01/2013 20:48:13] ########## EOF - C:\AdwCleaner[s1].txt - [2918 octets] ########## 2 LOGS from RK LOG 1 RogueKiller V8.4.2 _x64_ [Jan 6 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Khaiber [Admin rights] Mode : Scan -- Date : 01/08/2013 20:56:06 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ] HKLM\[...]\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Services\Microsoft\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND [susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 tonec.com 127.0.0.1 *.tonec.com 127.0.0.1 x.tonec.com 127.0.0.1 www.tonec.com 127.0.0.1 registeridm.com 127.0.0.1 www.registeridm.com 127.0.0.1 secure.registeridm.com 127.0.0.1 internetdownloadmanager.com 127.0.0.1 www.internetdownloadmanager.com 127.0.0.1 secure.internetdownloadmanager.com 127.0.0.1 mirror.internetdownloadmanager.com 127.0.0.1 mirror2.internetdownloadmanager.com 127.0.0.1 mirror3.internetdownloadmanager.com 127.0.0.1 tonec.com 127.0.0.1 *.tonec.com 127.0.0.1 x.tonec.com 127.0.0.1 www.tonec.com 127.0.0.1 registeridm.com 127.0.0.1 www.registeridm.com 127.0.0.1 secure.registeridm.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++ --- User --- [MBR] 5da7c107a18066b389a05b072076e0fd [bSP] b4cec889721b10c5515550710e706eb4 : KIWI Image system MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 183296 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 417540096 | Size: 273062 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01082013_02d2056.txt >> RKreport[1]_S_01082013_02d2056.txt LOG 2 RogueKiller V8.4.2 _x64_ [Jan 6 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Khaiber [Admin rights] Mode : Remove -- Date : 01/08/2013 21:04:45 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ] HKLM\[...]\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\Services\Microsoft\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\@ --> REMOVED AT REBOOT [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\00000004.@ --> REMOVED [Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\00000008.@ --> REMOVED [Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\000000cb.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\80000032.@ --> REMOVED [Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\80000064.@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U --> REMOVED [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\L\00000004.@ --> REMOVED [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\L\201d3dde --> REMOVED [Del.Parent][FILE] 76603ac3 : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\L\76603ac3 --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\L --> REMOVED [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT [susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe) ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 tonec.com 127.0.0.1 *.tonec.com 127.0.0.1 x.tonec.com 127.0.0.1 www.tonec.com 127.0.0.1 registeridm.com 127.0.0.1 www.registeridm.com 127.0.0.1 secure.registeridm.com 127.0.0.1 internetdownloadmanager.com 127.0.0.1 www.internetdownloadmanager.com 127.0.0.1 secure.internetdownloadmanager.com 127.0.0.1 mirror.internetdownloadmanager.com 127.0.0.1 mirror2.internetdownloadmanager.com 127.0.0.1 mirror3.internetdownloadmanager.com 127.0.0.1 tonec.com 127.0.0.1 *.tonec.com 127.0.0.1 x.tonec.com 127.0.0.1 www.tonec.com 127.0.0.1 registeridm.com 127.0.0.1 www.registeridm.com 127.0.0.1 secure.registeridm.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++ --- User --- [MBR] 5da7c107a18066b389a05b072076e0fd [bSP] b4cec889721b10c5515550710e706eb4 : KIWI Image system MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 183296 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 417540096 | Size: 273062 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01082013_02d2104.txt >> RKreport[1]_S_01082013_02d2056.txt ; RKreport[2]_D_01082013_02d2104.txt
  2. Hi, Malwarebytes scanner keeps detecting a couple of trojans and they keep coming back. but i will start the story from the beginning a few days ago, I noticed that gmail/youtube logins always resulted in "Your browser's cookie functionality is turned off. Please turn it on." sounds very basic right? well cookies are on and deleting cookies/cache doesnt resolve it either. and i tried the same thing with internet explorer and same problem. cookies are on in IE as well. then I noticed that hotmail always redirects me back to the hotmail page when trying to log in. finally, google searches occasionally result in a redirect to ads websites that had nothing to do with my search. so i suspected malware. I ran the malwarebytes scanner with a quick and basic scan and both times, it detected these 3 files as C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully. i deleted them successfully as the log says but the problem still persists and it still picks up these 3 things after a quick and full scan. after the full scan however, everything seemed fine until i restarted the comp later that day and the problem was back. I appreciate any help thank you mbam-log-2013-01-07 (00-35-54).txt mbam-log-2013-01-07 (00-23-48).txt DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.