Jump to content

K_Krupa

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by K_Krupa

  1. K_Krupa
    Just rebooted and MBAM found nothing, I guess it's fixed. Thank you. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 KJK :: ZEUS [administrator] Protection: Enabled 8/20/2012 10:32:59 AM mbam-log-2012-08-20 (10-32-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196380 Time elapsed: 1 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. K_Krupa
    Here is the MBAM report: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 KJK :: ZEUS [administrator] Protection: Enabled 8/20/2012 10:10:50 AM mbam-log-2012-08-20 (10-10-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196260 Time elapsed: 1 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  3. K_Krupa
    M, Thanks for the help. I've attached the reports because trying to post one (or all) results in error (Post too long). I ran TDSS, it found something, I "cured" that on reboot, ran it again, it found nothing, rebooted, ran Malwarebytes, it found a Trojan and I'm rebooting now. Be right back. 10:07:20.0647 3692 ============================================================ 10:07:20.0647 3692 Scan finished 10:07:20.0647 3692 ============================================================ 10:07:20.0647 3628 Detected object count: 1 10:07:20.0647 3628 Actual detected object count: 1 10:07:36.0612 3628 \Device\Harddisk1\DR1\# - copied to quarantine 10:07:36.0612 3628 \Device\Harddisk1\DR1 - copied to quarantine 10:07:36.0643 3628 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine 10:07:36.0643 3628 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine 10:07:36.0659 3628 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine 10:07:36.0659 3628 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine 10:07:36.0659 3628 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine 10:07:36.0674 3628 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine 10:07:36.0674 3628 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine 10:07:36.0674 3628 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine 10:07:36.0674 3628 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine 10:07:36.0690 3628 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine 10:07:36.0706 3628 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine 10:07:36.0706 3628 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine 10:07:36.0706 3628 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine 10:07:36.0737 3628 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine 10:07:36.0737 3628 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 10:07:36.0737 3628 \Device\Harddisk1\DR1 - ok 10:07:36.0752 3628 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 10:07:41.0698 2476 Deinitialize success TDSSKiller.2.8.6.0_20.08.2012_10.00.21_log.txt TDSSKiller.2.8.6.0_20.08.2012_10.06.54_log.txt TDSSKiller.2.8.6.0_20.08.2012_10.09.18_log.txt TDSSKiller.2.8.6.0_20.08.2012_10.09.58_log.txt
  4. K_Krupa
    I've got a Trojan that Malware keeps "isolating" and "deleting" but I can't get rid of. help. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 KJK :: ZEUS [administrator] Protection: Enabled 8/19/2012 11:49:50 PM mbam-log-2012-08-19 (23-49-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196381 Time elapsed: 56 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 3960 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
  5. K_Krupa
    MrC, Thanks again! Scan found nothing (report below) and computer is running normal. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.28.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 KJK :: ZEUS [administrator] 7/29/2012 5:34:39 PM mbam-log-2012-07-29 (17-34-39).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 442810 Time elapsed: 51 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. K_Krupa
    MrC, This is copied from flashdrive from desktop run of Combo report: ComboFix 12-07-27.03 - KJK 07/28/2012 21:38:03.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.3022 [GMT -4:00] Running from: c:\users\KJK\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\KJK\AppData\Roaming\dogses.dll c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\@ c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\L\00000004.@ c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\L\201d3dde c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\00000004.@ c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\00000008.@ c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\000000cb.@ c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\80000000.@ c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\80000032.@ c:\windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\80000064.@ . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 ))))))))))))))))))))))))))))))) . . 2012-07-29 04:17 . 2012-07-29 04:17 -------- d-----w- C:\FRST 2012-07-28 14:07 . 2012-07-28 14:07 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-07-26 14:05 . 2012-07-26 14:05 -------- d-----w- c:\users\KJK\AppData\Local\{EF33015D-D72A-11E1-8270-B8AC6F996F26} 2012-07-26 14:04 . 2012-07-28 14:12 -------- d-----w- c:\users\KJK\AppData\Roaming\xsecva 2012-07-26 13:23 . 2012-07-26 13:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-26 12:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA4368A8-144A-4A79-98E6-D846D320F1E4}\mpengine.dll 2012-07-25 12:07 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-13 19:59 . 2012-07-13 19:59 -------- d-----w- c:\users\KJK\AppData\Roaming\webex 2012-07-13 19:59 . 2012-07-13 19:59 -------- d-----w- c:\programdata\WebEx 2012-07-11 07:04 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 17:35 . 2012-02-10 08:24 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54A032C2-5EB5-4847-99F5-69478B9C5900}\gapaengine.dll 2012-07-03 17:19 . 2012-03-16 01:41 61088 ----a-w- c:\windows\system32\drivers\TMUSB64.sys 2012-07-02 13:52 . 2012-07-02 13:52 -------- d-----w- c:\users\KJK\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-27 16:38 . 2012-04-03 02:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-27 16:38 . 2011-06-08 22:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 07:01 . 2011-12-17 17:15 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-04-10 14:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-25 12:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-25 12:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-25 12:09 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-25 12:09 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-25 12:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-25 12:09 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-25 12:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-25 12:09 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-25 12:09 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-15 03:56 . 2012-06-13 23:08 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-13 23:08 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-13 23:08 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 10:52 . 2012-06-13 23:07 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-13 23:07 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-13 23:07 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyLinkAdvisor"="c:\program files (x86)\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] "FreeApp"="c:\program files (x86)\FreeApps\FreeApps.exe" [2011-04-10 814496] "Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 136176] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-28 36168] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-10 1255736] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:38] . 2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 15:17] . 2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 15:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\KJK\AppData\Roaming\Mozilla\Firefox\Profiles\byqkd7pr.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-dogses - c:\users\KJK\AppData\Roaming\dogses.dll SafeBoot-mbamchameleon SafeBoot-MsMpSvc . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe . ************************************************************************** . Completion time: 2012-07-28 21:47:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-29 01:47 . Pre-Run: 946,307,772,416 bytes free Post-Run: 945,791,275,008 bytes free . - - End Of File - - 52A2CD178BB07BB18E01877E91AA0483
  7. K_Krupa
    Doing that now. One last note, I have an old hard drive w/ WinXP (the D: drive, where C: is the Win7 normal boot) on the PC. FRST is asking which OS and I'm telling it to scan/fix/search on the C: drive. FYI. The fixlog (vice fixlist?) is: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-28 21:16:38 Run:1 Running from G:\ ============================================== C:\Users\KJK\AppData\Local\{c0ae4208-160f-e164-f6bf-6043fd47aca9} moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  8. K_Krupa
    MrC, Thanks! I would like to ensure I don't make a mistake, I'm a novice. I'm using a laptop to interact w/ the internet, not the infected PC. Can I move this script to the PC via flashdrive and then follow your instructions?
  9. K_Krupa
    I read the MrC forum who solved this problem for member "mats_mats". I have the same problem. I followed his instructions for running FRST64.exe and have the logs for the results. Can anybody help solve this for me. Thank you! Logs: Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 28-07-2012 20:20:49 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1733120 2011-04-10] (Dominik Reichl) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKU\Default\...\Run: [EasyLinkAdvisor] "C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.) HKU\Default User\...\Run: [EasyLinkAdvisor] "C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.) HKU\KJK\...\Run: [EasyLinkAdvisor] "C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.) HKU\KJK\...\Run: [FreeApp] "C:\Program Files (x86)\FreeApps\FreeApps.exe" /autorun [814496 2011-04-10] (VTools) HKU\KJK\...\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [402832 2011-04-21] (IObit) HKU\KJK\...\Run: [EPSON Artisan 830 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\Windows\TEMP\E_S82DC.tmp" /EF "HKCU" [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\KJK\...\Run: [EPSON9A935B (Artisan 830)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\Windows\TEMP\E_SAF51.tmp" /EF "HKCU" [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\KJK\...\Run: [dogses] "C:\Windows\System32\rundll32.exe" "C:\Users\KJK\AppData\Roaming\dogses.dll",_SetItem [477184 2012-07-26] (C-Media Electronics Inc.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 ==================== Services (Whitelisted) ====== 2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [352656 2011-04-21] (IObit) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [548264 2012-06-15] (Splashtop Inc.) 2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.) ========================== Drivers (Whitelisted) ============= 2 elagopro; C:\Windows\System32\DRIVERS\elagop64.sys [42496 2007-03-22] (Gteko Ltd.) 2 elaunidr; C:\Windows\System32\DRIVERS\elauni64.sys [7680 2007-03-22] (Gteko Ltd.) 3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36168 2012-07-28] () ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-28 20:17 - 2012-07-28 20:17 - 00000000 ____D C:\FRST 2012-07-28 14:04 - 2012-07-28 15:59 - 00000850 ____A C:\Windows\setupact.log 2012-07-28 14:04 - 2012-07-28 14:04 - 00000000 ____A C:\Windows\setuperr.log 2012-07-28 14:01 - 2012-07-28 14:02 - 00030464 ____A C:\Users\KJK\Documents\cc_20120728_180151.reg 2012-07-28 06:07 - 2012-07-28 06:07 - 00036168 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2012-07-28 06:06 - 2012-07-28 06:06 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-26 06:05 - 2012-07-26 06:05 - 00477184 ____A (C-Media Electronics Inc.) C:\Users\KJK\AppData\Roaming\dogses.dll 2012-07-26 06:05 - 2012-07-26 06:05 - 00000000 ____D C:\Users\KJK\AppData\Local\{EF33015D-D72A-11E1-8270-B8AC6F996F26} 2012-07-26 06:04 - 2012-07-28 06:12 - 00000000 ____D C:\Users\KJK\AppData\Roaming\xsecva 2012-07-26 05:23 - 2012-07-26 05:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-13 12:48 - 2012-07-13 12:48 - 01212275 ____A C:\Users\KJK\Documents\HStreaming.pptx 2012-07-13 12:48 - 2012-07-13 12:48 - 00000165 ___AH C:\Users\KJK\Documents\~$HStreaming.pptx 2012-07-13 11:59 - 2012-07-13 11:59 - 00000000 ____D C:\Users\KJK\AppData\Roaming\webex 2012-07-13 11:59 - 2012-07-13 11:59 - 00000000 ____D C:\Users\All Users\WebEx 2012-07-11 10:09 - 2012-07-11 10:09 - 00000000 ____D C:\Users\KJK\Documents\1147_Mattox 2012-07-10 23:04 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-10 16:19 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 16:19 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 16:19 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 16:19 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 16:19 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 16:19 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 16:19 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 16:19 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 16:19 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 16:19 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 16:19 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 16:19 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 16:19 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 16:19 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-10 16:19 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-10 16:19 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-07-10 16:19 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-07-10 16:19 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-07-10 16:19 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-07-10 16:19 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-07-10 16:19 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-07-03 09:19 - 2012-03-15 17:41 - 00061088 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\Drivers\TMUSB64.sys 2012-07-03 09:17 - 2012-07-03 09:17 - 13969304 ____A C:\Users\KJK\Downloads\epson14652.exe 2012-07-03 08:58 - 2012-07-28 15:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-02 05:52 - 2012-07-02 05:52 - 00000000 ____D C:\Users\KJK\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA} ============ 3 Months Modified Files ======================== 2012-07-28 15:59 - 2012-07-28 14:04 - 00000850 ____A C:\Windows\setupact.log 2012-07-28 15:55 - 2011-09-07 07:17 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-28 15:38 - 2012-07-03 08:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-28 14:11 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-28 14:11 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-28 14:08 - 2009-07-13 21:13 - 00717086 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-28 14:04 - 2012-07-28 14:04 - 00000000 ____A C:\Windows\setuperr.log 2012-07-28 14:04 - 2011-09-07 07:17 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-28 14:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-28 14:02 - 2012-07-28 14:01 - 00030464 ____A C:\Users\KJK\Documents\cc_20120728_180151.reg 2012-07-28 06:07 - 2012-07-28 06:07 - 00036168 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2012-07-28 06:06 - 2012-07-28 06:06 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-27 08:38 - 2012-04-02 18:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-27 08:38 - 2011-06-08 14:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-26 06:05 - 2012-07-26 06:05 - 00477184 ____A (C-Media Electronics Inc.) C:\Users\KJK\AppData\Roaming\dogses.dll 2012-07-13 12:48 - 2012-07-13 12:48 - 01212275 ____A C:\Users\KJK\Documents\HStreaming.pptx 2012-07-13 12:48 - 2012-07-13 12:48 - 00000165 ___AH C:\Users\KJK\Documents\~$HStreaming.pptx 2012-07-11 12:52 - 2011-09-07 07:17 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-07-10 23:22 - 2009-07-13 20:45 - 00417616 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 23:01 - 2011-12-17 09:15 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 09:46 - 2011-04-10 06:31 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-03 09:17 - 2012-07-03 09:17 - 13969304 ____A C:\Users\KJK\Downloads\epson14652.exe 2012-06-28 18:46 - 2012-01-04 13:48 - 00030144 ____A C:\Users\KJK\Documents\2012 OGS Time Tracking Workbook.xlsx 2012-06-11 19:02 - 2012-07-10 23:04 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:30 - 2012-07-10 16:19 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:46 - 2012-07-10 16:19 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 21:50 - 2012-07-10 16:19 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:50 - 2012-07-10 16:19 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:09 - 2012-07-10 16:19 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:09 - 2012-07-10 16:19 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-02 14:19 - 2012-06-25 04:09 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-25 04:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-25 04:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-25 04:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-25 04:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-25 04:09 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-25 04:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-25 04:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-25 04:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:38 - 2012-07-10 16:19 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:38 - 2012-07-10 16:19 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:37 - 2012-07-10 16:19 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:27 - 2012-07-10 16:19 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:27 - 2012-07-10 16:19 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:48 - 2012-07-10 16:19 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:48 - 2012-07-10 16:19 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:47 - 2012-07-10 16:19 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:42 - 2012-07-10 16:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-24 08:17 - 2012-05-24 08:17 - 00077326 ____A C:\Users\KJK\Downloads\FUSE_SIRIS_NVS.pptx 2012-05-14 19:56 - 2012-06-13 15:08 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-14 19:52 - 2012-06-13 15:08 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-14 19:08 - 2012-06-13 15:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-14 19:06 - 2012-06-13 15:08 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-07 12:58 - 2012-05-07 12:57 - 12932000 ____A (Splashtop Inc.) C:\Users\KJK\Downloads\Splashtop_Streamer_Win_v1.7.5.6.EXE 2012-05-07 12:56 - 2012-05-07 12:56 - 00002779 ____A C:\Users\Public\Desktop\Splashtop Remote Client.lnk 2012-05-07 12:54 - 2012-05-07 12:53 - 12494104 ____A (Splashtop Inc. ) C:\Users\KJK\Downloads\Splashtop_Remote_Desktop_Win_v1.1.4.0.exe 2012-05-04 02:52 - 2012-06-13 15:07 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:08 - 2012-06-13 15:07 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:08 - 2012-06-13 15:07 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe ZeroAccess: C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9} C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\@ C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\L C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\L\00000004.@ C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\L\201d3dde C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\00000004.@ C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\000000cb.@ C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\80000000.@ C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\80000032.@ C:\Windows\Installer\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U\80000064.@ ZeroAccess: C:\Users\KJK\AppData\Local\{c0ae4208-160f-e164-f6bf-6043fd47aca9} C:\Users\KJK\AppData\Local\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\@ C:\Users\KJK\AppData\Local\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\L C:\Users\KJK\AppData\Local\{c0ae4208-160f-e164-f6bf-6043fd47aca9}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 17% Total physical RAM: 4094.55 MB Available physical RAM: 3366.14 MB Total Pagefile: 4092.7 MB Available Pagefile: 3447.48 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:931.4 GB) (Free:877.44 GB) NTFS 2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive g: () (Removable) (Total:3.87 GB) (Free:0.67 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: () (Fixed) (Total:76.32 GB) (Free:29.19 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 76 GB 13 MB Disk 1 Online 931 GB 10 MB Disk 2 Online 3974 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 76 GB 31 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y NTFS Partition 76 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 0 Extended 931 GB 103 MB Partition 2 Logical 931 GB 103 MB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 931 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3973 MB 272 KB ================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 3973 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-28 08:45 ======================= End Of Log ========================== Search Log: Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-28 20:19:48 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.