Malware scan logs 11/14/14

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Davelive, Nov 14, 2014.

  1. Davelive

    Davelive Private E-2

    Hi Chas

    Have had suspicious response time to various sites and email searches.

    My only paid service is spyhunter, but nothing.

    malwarebytes and tdsskiller nothing.

    Roguekiller found a bunch of little stuff I think, and hitman pro found a big trojan. MGTools log is also attached.

    I have kept results windows open without removing detected problems for now.

    Looking forward to your advice. Thanks! -Dave
     

    Attached Files:

  2. Davelive

    Davelive Private E-2

    Hey everyone Davelive here. I just signed up a couple of hours ago to get help from whom I thought was just one guy answering questions. Just realizing this is an open forum. So maybe I haven't given enough details or proper information because I see more views than replies. Anyway I guess Chaslang is the guy to wait for because log data isn't causal language that invites replies. Just wanted to say hi to everyone out there. I'm pretty slow tech wise, msconfig is my major hack skill~! So I will be learning.
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you set up to use a proxy server?
     
  4. Davelive

    Davelive Private E-2

    Don't know I am afraid. :( I have not done that myself.

    I want to delete or quarantine the results but the instructions say don't. Am going to wait until Monday if I can, as that may bring more replies. But I am probably not on the level where they will do much good I am afraid.

    Thanks Tim!
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and have it remove these items:
    Code:
    ¤¤¤ Registry : 15 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3246524584-2764248380-1493942625-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3246524584-2764248380-1493942625-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : [URL]https://www.yahoo.com?fr=hp-avast&type=avastbcl[/URL]  -> Found
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3246524584-2764248380-1493942625-1006\Software\Microsoft\Internet Explorer\Main | Start Page : [URL]https://www.ixquick.com[/URL]  -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3246524584-2764248380-1493942625-1006\Software\Microsoft\Internet Explorer\Main | Start Page : [URL]https://www.ixquick.com[/URL]  -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3246524584-2764248380-1493942625-1006\Software\Microsoft\Internet Explorer\Main | Search Page : [URL]https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms[/URL]}  -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3246524584-2764248380-1493942625-1006\Software\Microsoft\Internet Explorer\Main | Search Page : [URL]https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms[/URL]}  -> Found
    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] [URL="file://\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82"]\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82[/URL]} -- C:\ProgramData\cis40D6.exe (--PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}) -> Found

    Now rerun Hitman and have it fix everything it found.

    Empty your temp folders:
    C:\Windows\TEMP\
    C:\Users\rollis03\AppData\Local\Temp\

    Reboot and rescan with both RogueKiller and Hitman and attach the new logs.

    Make sure you tell me how things are running.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds