Possible exploits

[avastreally?]

sorry for the slow reply, it just reboot

All processes killed
========== FILES ==========
File/Folder c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
 
User: HomeGroupUser$
->Temp folder emptied: 0 bytes
 
User: PatricK
->Temp folder emptied: 214421 bytes
->Temporary Internet Files folder emptied: 5346369 bytes
->Google Chrome cache emptied: 78516150 bytes
->Flash cache emptied: 506 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 80.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 08072013_131042

Files moved on Reboot...
File move failed. C:\Users\PatricK\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[argus]

i thought i had a rootkit because of rogue killer (its in my first post above)

Code: [Select]

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] SSDT[376] : NtTraceEvent @ 0x83CC1D8C -> HOOKED (Unknown @ 0x8EE28C00)
SPDT the daemon tools driver, not rootkit.


Re- run OTL

Code: [Select]

:files
c:\users\PatricK\AppData\Local\tjnet
c:\users\PatricK\AppData\Roaming\mjusbsp
Then click the Run Fix button at the top.
Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

[avastreally?]

it didnt reboot but i got this log

========== FILES ==========
c:\users\PatricK\AppData\Local\tjnet\cdloader folder moved successfully.
c:\users\PatricK\AppData\Local\tjnet folder moved successfully.
c:\users\PatricK\AppData\Roaming\mjusbsp\Upgrade folder moved successfully.
c:\users\PatricK\AppData\Roaming\mjusbsp\ug00000 folder moved successfully.
c:\users\PatricK\AppData\Roaming\mjusbsp\st00000 folder moved successfully.
c:\users\PatricK\AppData\Roaming\mjusbsp\lr00001 folder moved successfully.
c:\users\PatricK\AppData\Roaming\mjusbsp\lr00000 folder moved successfully.
c:\users\PatricK\AppData\Roaming\mjusbsp\in00000 folder moved successfully.
c:\users\PatricK\AppData\Roaming\mjusbsp folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 08072013_132452

hopefully magicjack still works

[argus]

Do you want to delete magicJack?  This is not malware.

Not a problem, we can remove it.

[avastreally?]

Do you want to delete magicJack?  This is not malware.

Not a problem, we can remove it.

nah, i need it
is everything looking ok now?
btw thanks for help

[argus]

OK,

Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]


:OTL
O4 - HKU\S-1-5-21-1260953176-3201969857-2580422920-1001..\Run: [cdloader] C:\Users\PatricK\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)

:files
C:\Users\PatricK\Desktop\magicJack.lnk

:commands
[emptytemp]




• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

[avastreally?]

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1260953176-3201969857-2580422920-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cdloader deleted successfully.
C:\Users\PatricK\AppData\Roaming\mjusbsp\cdloader2.exe moved successfully.
========== FILES ==========
C:\Users\PatricK\Desktop\magicJack.lnk moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
 
User: HomeGroupUser$
->Temp folder emptied: 0 bytes
 
User: PatricK
->Temp folder emptied: 445261 bytes
->Temporary Internet Files folder emptied: 5467019 bytes
->Google Chrome cache emptied: 242990877 bytes
->Flash cache emptied: 291 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 237.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08082013_170358

Files\Folders moved on Reboot...
File\Folder C:\Users\PatricK\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[argus]

Any problems?

[avastreally?]

Any problems?

everything ok
but kaspersky scan shows this and i know vlc is up to date

Vulnerabilities (2)
Information about applications and operating system components in which vulnerabilities have been detected.
C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe
C:\Program Files\VideoLAN\VLC\vlc.exe

[argus]

OK here we finished.


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

[avastreally?]

OK here we finished.


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

thanks for the help sir
 ;D