Windows 7 Malware Logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by unk78, Jan 6, 2015.

  1. unk78

    unk78 Private E-2

    Hi,

    i have finished all steps as described in the "Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure", http://forums.majorgeeks.com/showthread.php?t=139681

    1. I ran RoqueKiller and saved the log without cleaning up.
    2. I ran Malwarebytes and put all items in qarantäne.
    3. I ran TDSKiller which found nothing
    4. I ran Hitman, saved the logs without cleaning up
    5. I ran MGTools

    All the logs are attached below.

    The reason i started all the scanning was because lately i am getting some strange bluescreens saying something like "BAD_DRIVER..."

    Before that i ran a ram scan over night, because i thought it might be some defect ram, but that was not the case.

    Thanks for your help!
     

    Attached Files:

    unk78, Jan 6, 2015
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Malware rarely causes BSOD's. But we can clean up a few things before we send you to the software forum.

    Rerun RogueKIller and have it fix these items:
    Code:
    ¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Found
    Now rerun Hitman and have it fix everything it finds.

    Download OTM by Old Timer and save it to your Desktop.


    Code:
    :Processes
explorer.exe

:files
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
C:\Users\root\AppData\Local\Temp\*.*

:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    Reboot and rescan with both RogueKiller and Hitman and attach those logs as well.



    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.
     
    TimW, Jan 6, 2015
    #2
  3. unk78

    unk78 Private E-2

    Hi Tim,

    i did all the steps, but when i ran OTM i was unable to "Copy everything in the Results window (under the green bar), and paste it in your next reply." because before that i pressed the ok button to reboot :)

    Anyways i guess the results of the logs are sufficient information for you?
     

    Attached Files:

    unk78, Jan 7, 2015
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. What issue remain, if any?
     
    TimW, Jan 7, 2015
    #4
  5. unk78

    unk78 Private E-2

    Had no issues until yesterday... Then the BAD DRIVER Bluescreen popped up again... Just to let you know, so it had nothing to do with the potential malware.
     
    unk78, Jan 18, 2015
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Don't forget to delete this folder, it's part of all the crap Malware Bytes was finding.
    • C:\Program Files (x86)\globalUpdate

    Also delete what Windows lets you from this location:
    C:\Users\root\AppData\Local\Temp
     
    Kestrel13!, Jan 18, 2015
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds