Request For Log File Analysis (malwarebytes, Rogue, Tdss , Hitman Pro, Mg Tools And Adware)

Hello,

I think my laptop is infected despite my antivirus (Kaspersky Internet Security) did not detect nothing.
I followed the Malware Removal Guide for windows XP.
I obtained six log files from Adware Cleaner, Malwarebytes Anti-Malware, Rogue Killer, TDSS Killer, Hitman Pro and MG Tools).
I attached five of them to this thread.
I did not attach the Adware Cleaner log file.

----> Please, could you analyse them and explain me how to remove/clean the infection and how to avoid a new infection ?
Would you need the Adware Cleaner log file ?

I fear my mobile WD drive is infected.

----> Should I follow some kind of Malware Removal/Cleaning Guide for mobile drive ?
If yes, what would be this guide ?

Yours sincerely,

John

 

Hello Tim W,

Thank you very much for your answer !

I did what you asked.
I attached the new Rogue Killer log to this message.
You will see the line [Hidden.ADS][Stream] C:\WINDOWS\system32\drivers:GbpKmAp.lst is still there.

Regards,

John

 

Hi Tim W,

Thanks for your answer!

I did what you requested.
Nevertheless, the line [Hidden.ADS][Stream] C:\WINDOWS\system32\drivers:GbpKmAp.lst is still there.
I attached the new Rogue Killer log.

 

Hi Tim W,

Thanks a lot for your answer!

I attached the OTL log to this message.

 

In the OTL log, the following line appeared : " File\Folder [Hidden.ADS][Stream] C:\WINDOWS\system32\drivers:GbpKmAp.lst not found. "

Later, I ran Rogue Killer.
I noticed in the Rogue Killer log the line " [Hidden.ADS][Stream] C:\WINDOWS\system32\drivers:GbpKmAp.lst -> Found " was still there.

I do not understand what is happening.

Please, would you know what should be done ?

 

I am not having issues right now.

Now, should I use Tweaking (http://www.majorgeeks.com/files/details/tweaking_com_windows_repair.html) in order to repair the possible problems caused by malwares ?

 

. I am running Win XP Sp3.
You wrote I should renable my Disk Emulation software with Defogger if I had disabled it in step 4 of the READ & RUN ME.
--->Please, what is this disk emulation software ? I do not remember having disable a disk emulation software.
Where could I find the Read&Run Me?

. My antivirus is Kaspersky Internet Security. Malwarebytes Anti-Malware is also installed on my laptop.
I was told I should consider adding CryptoPrevent, MBytes Anti-Exploit and SpywareBlaster
---> Are these three freewares good options along with Kaspersky Internet Security and Malwarebytes Anti-Malware?

---> Is Kaspersky Internet Security a satisfactory protection?

---> Would you have special recommendations to protect my laptop against malware under win XP sp3 about anti-virus, firewall, temp file/cookies cleaner, antispyware tools, sun java, autorun eater, etc. ?
I know Microsoft does not give any more updates for Win XP.

 

Thank you very much for your answer!

----> Please, should I use now Tweaking in order to repair the possible problems caused by the malwares that have been removed from my laptop ?


My 2 Gb WD portable external hard drive is often connected to this laptop.

----> Does it exist some kind of Malware Removal/Cleaning Guide for mobile drive ?
If yes, what would be this guide ?
If no, what programs should I use on this external drive to check and to remove malwares, trojans, spywares, etc. ?

 

Hi everybody,

Please, could someone answer to the last questions I asked in my last message ?

 

Hi TimW,

Thanks a lot for your answer!

On one hand, prior to the use of Rogue Killer, TDSS Killer, Hitman Pro, MG Tools and Adware Cleaner to create log files, I remember that Kaspersky Internet Security and Malwarebytes Antimalwares did not detect anything on my laptop. Adware Cleaner and Rogue Killer, for instance, did detect something.
On the other hand, when I ran Kaspersky Internet Security and Malwarebytes Antimalwares on my external drive, the same happened : they did not detect anything.
So, I am thinking that may be this external drive should be scanned and treated with other programs to ckeck it and to disinfect it if necessary.

Please, what would be your suggestions ?

 

Thank you very much for your answer !

May be you remember Rogue Killer and OTL were used to remove the line C:\WINDOWS\system32\drivers:GbpKmAp.lst

Today, I checked the registry of my laptop with "regedit" and I found GbpKmAp as the datas of two REG_SZ file 001, one located at HKEY_CURRENT_USER \ Software \ Microsoft \ Search Assistant \ ACMru \ 5603 and the other located at HKEY_USERS \ S-1-5-21-1177238915-1844237615-839722115-1003 \ Software \ Microsoft \ Search Assistant \ ACMru \ 5603


Please, do you think it would be wise

1- to erase :
-> these two REG_SZ file 001 from the registry
-> or the value datas GbpKmAp of these two files or their binary values 0000 47 00 62 00 70 00 4B 00 G.b.p.K 0008 6D 00 41 00 70 00 00 00 m.A.p... 0010

2- or to do nothing and let these in the registry ?