Jump to content

hall140

Honorary Members
 View Profile  See their activity

  • Posts

    21

  • Joined

  • Last visited

 Content Type 

Everything posted by hall140

  1. hall140
    Can I delete both PUM.startmenu ? RogueKiller V12.10.7.0 (x64) [May 1 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : Bryan [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 05/01/2017 12:19:07 (Duration : 00:19:09) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.18.11.1 ([]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{be9b44c8-be9e-48c9-93ca-6ff935b40049} | DhcpNameServer : 172.18.11.1 ([]) -> Replaced () [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1332302035-2113573720-2638189068-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1332302035-2113573720-2638189068-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SK hynix SH920 mSATA 128GB +++++ --- User --- [MBR] b224d69bf1a5eb7129ae4076bb1d9402 [BSP] b13aa31d14056dfac65d48caf3d6b181 : Empty|VT.Unknown MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB 3 - Basic data partition | Offset (sectors): 1161216 | Size: 121537 MB User = LL1 ... OK User = LL2 ... OK
  2. hall140
    The laptop behaves fine. This morning Windows Ink Workspace was randomly enabled, which I had never seen. Then I noticed the reinfection. There are 2 more entries from roguekiller on this laptop, should I delete them?
  3. hall140
    Alright, I disconnected the ethernet cable from the infected PC (if it matters); then the router was reset. I ran DNSjumper, rebooted. FRST logs attached. Addition.txt FRST.txt
  4. hall140
    This is the log from the laptop, it's sense been disconnected from wireless. I deleted the 2 PUM.dns entries I had previously deleted. See the post above for the logs you requested from the PC. rk_4FA5.tmp.txt
  5. hall140
    This is the roguekiller log from the other PC. It seems my laptop that we have been working on above was reinfected. I ran roguekiller and the same IP's showed back up and couple other entries. I'll transfer the log via USB and post it bellow so you can look at it. rk_1DC8.tmp.txt
  6. hall140
    While that is scanning, should I check the other PC on this network? I found that IP in the same place within the registry of the other PC as well.
  7. hall140
    At least I don't think so....
  8. hall140
    no
  9. hall140
    Hey Kevin, So there were two detection. RK.txt
  10. hall140
    C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11671766 B Java, Flash, Steam htmlcache => 543 B Windows/system/drivers => 2937016 B Edge => 211 B Chrome => 360107860 B Firefox => 106535559 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 21322 B NetworkService => 0 B defaultuser0 => 128 B Bryan => 57737431 B RecycleBin => 305669778 B EmptyTemp: => 805.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:15:04 ==== FRST.txt Fixlog.txt
  11. hall140
    Thank you Kevin, I appreciate your time and help. I didn't find anything.
  12. hall140
    Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/29/17 Scan Time: 6:24 PM Logfile: log11.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1837 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: DESKTOP-DESVS04\Bryan -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 370346 Time Elapsed: 3 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) adwCleaner Log: # AdwCleaner v6.046 - Logfile created 29/04/2017 at 18:37:04 # Updated on 24/04/2017 by Malwarebytes # Database : 2017-04-29.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Bryan - DESKTOP-DESVS04 # Running from : C:\Users\Bryan\Downloads\adwcleaner_6.046.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [999 Bytes] - [29/04/2017 18:37:04] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1071 Bytes] ########## MSRT log: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.47, April 2017 (build 5.47.13703.0) Started On Sat Apr 29 18:40:43 2017 Engine: 1.1.13601.0 Signatures: 1.239.313.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 29 18:49:32 2017 Return code: 0 (0x0)
  13. hall140
    I've had a couple accounts compromised, both used an identical password. I'm unsure how the password was stolen but I want to rule out possible backdoors / trojans. I did a fresh reformat a few months ago but have sense had another account compromised (I forgot to change the password and little harm was done). I'm unsure how my data was being stolen. I suspect a man in the middle attack but I'd like to ensure I don't have any back doors. I started a thread a few days ago but no one responded. FRST.txt Addition.txt
  14. hall140
    Sorry, I forgot to upload the other file. Addition.txt
  15. hall140
    I've had a couple accounts compromised, both used an identical password. I'm unsure how the password was stolen but I want to rule out possible backdoors / trojans. I did a fresh reformat a few months ago but have sense had another account compromised (I forgot to change the password and little harm was done). I'm unsure how my data was being stolen. Perhaps packet sniffers? I don't know, not my area of expertise.... FRST.txt
  16. hall140
    I was having an issue with web protection and exploit protection. I followed your directions in the pinned post, however during the uninstall there was an error. I believe the error was a failure to completely uninstall or a portion failed to uninstall. Anyways when I try to install Malwarebytes, now I get the following error shown in the attached image. Help would be appreciated. Thanks, Bryan
  17. hall140
    Hey Mr Charlie sorry to bother you again. I was having trouble deleting combofix so I did as you suggested and renamed it uninstall.exe and double clicked it. However this didn't uninstall combofix it ran it threw the scan process again which was blocked by mcafee. If I remember correctly it got to completed stage 2 before mcafee quarantined a file and it stoped. I closed the dos window and rebooted and was finally sucessfull with the uninstall. I did everything else as you suggested and pc is working fine. Is this anything to worry about?
  18. hall140
    My subscription to Mcafee ends today and I will not be renewing, It's expensive and I don't appreaciate thier auto renewal service. What would you recomend for firewall and antivirus service?
  19. hall140
    I had to reboot for this to work. Here it is: Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Mozilla Firefox (16.0.2) Google Chrome 22.0.1229.96 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  20. hall140
    Alright here is the AdwCleaner log: # AdwCleaner v2.006 - Logfile created 11/02/2012 at 11:46:20 # Updated 30/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : BB - BB-PC # Boot Mode : Normal # Running from : C:\Users\BB\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\BB\AppData\Roaming\Mozilla\Firefox\Profiles\n2dawz11.default\searchplugins\Conduit.xml Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\BB\AppData\Local\Conduit Folder Deleted : C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Folder Deleted : C:\Users\BB\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\BB\AppData\Roaming\Mozilla\Firefox\Profiles\n2dawz11.default\prefs.js Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=1[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search"); Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468"); -\\ Google Chrome v [unable to get version] File : C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2647 octets] - [02/11/2012 11:46:20] ########## EOF - C:\AdwCleaner[s1].txt - [2707 octets] ########## Here is mbam log: Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.02.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 BB :: BB-PC [administrator] Protection: Enabled 11/2/2012 11:56:50 AM mbam-log-2012-11-02 (11-56-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 224127 Time elapsed: 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) My pc is doing fine; havent had any more lockups\freezing sence we started. Again thank you for all the help I do appreciate it. I suppose my PC is safe enough and I can quit using Character Map to type-in my passwords.
  21. hall140
    Lets see, we had ran several scans starting with RogueKiller, ListParts64, tdsskiller, and finally ComboFix. You had informed me that all previous scans were clear. I had removed a few trojans prior to posting and "might" have gotten them all. To help jog your memory you also wanted me to delete some P2P software "utorrent". Anyways I had just finished runing combofix. I do have the logs from the previous scans saved to a drive if you need them just ask. Here is the log. ComboFix 12-10-31.03 - BB 11/01/2012 15:53:06.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16237.14101 [GMT -4:00] Running from: c:\users\BB\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 ))))))))))))))))))))))))))))))) . . 2012-11-01 19:55 . 2012-11-01 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-29 03:43 . 2012-10-29 03:43 -------- d-----w- c:\program files (x86)\VideoLAN 2012-10-29 03:39 . 2012-10-29 03:39 -------- d-----w- c:\program files (x86)\Hobbyist Software 2012-10-29 01:34 . 2012-10-29 01:34 -------- d-----w- c:\program files\GIGABYTE 2012-10-29 01:34 . 2012-03-08 13:53 22128 ----a-w- c:\windows\system32\drivers\AppleCharger.sys 2012-10-29 01:34 . 2010-04-06 20:30 31272 ----a-w- c:\windows\system32\AppleChargerSrv.exe 2012-10-28 04:22 . 2012-10-28 04:22 -------- d-----w- c:\program files (x86)\Google 2012-10-27 05:43 . 2012-10-27 05:43 -------- d-----w- c:\program files\Microsoft Silverlight 2012-10-27 05:43 . 2012-10-27 05:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-10-27 04:04 . 2010-07-08 08:32 22792 ----a-w- c:\windows\system32\drivers\SaiMini.sys 2012-10-27 04:03 . 2012-10-27 04:03 -------- d-----w- c:\program files\Saitek 2012-10-27 04:03 . 2012-10-27 04:03 -------- d-----w- c:\programdata\Saitek 2012-10-26 15:19 . 2012-10-26 15:19 -------- d-----w- C:\Brother 2012-10-26 15:19 . 2012-10-26 15:19 -------- d-----w- c:\program files (x86)\Browny02 2012-10-26 15:19 . 2010-08-03 00:57 217088 ----a-w- c:\windows\SysWow64\NSSearch.dll 2012-10-26 15:19 . 2010-03-15 23:56 2560 ----a-w- c:\windows\SysWow64\BrDctF2S.dll 2012-10-26 15:19 . 2010-03-15 23:45 73728 ----a-w- c:\windows\SysWow64\BrDctF2.dll 2012-10-26 15:19 . 2007-12-14 02:16 5120 ----a-w- c:\windows\SysWow64\BrDctF2L.dll 2012-10-26 15:19 . 2010-02-05 15:42 180224 ------w- c:\windows\SysWow64\BroSNMP.dll 2012-10-26 07:13 . 2012-10-26 07:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-10-26 07:01 . 2012-10-26 07:13 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-10-26 07:01 . 2012-10-26 07:01 -------- d-----w- c:\windows\PCHEALTH 2012-10-26 06:58 . 2012-10-26 06:58 -------- d-----w- c:\program files\Microsoft Office 2012-10-26 06:58 . 2012-10-26 06:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-10-26 06:36 . 2012-10-26 06:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-10-26 03:42 . 2012-10-26 03:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-26 03:24 . 2012-10-27 03:51 -------- d-----w- c:\programdata\Microsoft Help 2012-10-25 22:31 . 2012-10-25 22:31 -------- d-----w- c:\program files (x86)\Conduit 2012-10-24 19:03 . 2012-10-24 19:03 -------- d-----w- c:\programdata\Malwarebytes 2012-10-24 19:03 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-24 19:03 . 2012-10-24 19:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-24 09:10 . 2012-10-24 09:10 -------- d-----w- c:\windows\system32\appmgmt 2012-10-24 07:45 . 2012-10-24 07:45 -------- d-----w- c:\programdata\Apple 2012-10-24 05:13 . 2012-10-24 09:10 -------- d-----w- c:\programdata\Skype 2012-10-23 19:01 . 2011-09-14 10:16 32360 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2012-10-22 21:46 . 2012-10-31 20:51 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-10-22 21:41 . 2012-10-22 21:41 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2012-10-22 21:39 . 2012-10-24 20:33 -------- d-----w- c:\programdata\EA Logs 2012-10-22 21:39 . 2012-10-22 21:39 -------- d-----w- c:\programdata\EA Core 2012-10-22 19:10 . 2012-10-30 06:45 25640 ----a-w- c:\windows\etdrv.sys 2012-10-22 19:09 . 2012-10-30 06:43 30528 ----a-w- c:\windows\GVTDrv64.sys 2012-10-22 19:08 . 2012-10-22 19:08 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller 2012-10-22 19:08 . 2012-10-31 20:51 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-10-22 19:08 . 2012-10-31 20:51 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-10-22 19:07 . 2012-10-24 20:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-10-22 19:07 . 2008-10-15 10:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-10-22 19:07 . 2008-10-15 10:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll 2012-10-22 19:07 . 2008-10-15 10:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll 2012-10-22 19:07 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll 2012-10-22 19:07 . 2008-10-15 10:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2012-10-22 19:07 . 2008-10-15 10:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll 2012-10-22 18:18 . 2012-10-22 21:39 -------- d-----w- c:\programdata\Electronic Arts 2012-10-22 18:18 . 2012-10-22 18:21 -------- d-----w- c:\program files (x86)\Origin Games 2012-10-22 18:18 . 2012-10-22 18:21 -------- d-----w- c:\programdata\Origin 2012-10-22 18:18 . 2012-10-27 16:04 -------- d-----w- c:\program files (x86)\Origin 2012-10-22 18:07 . 2012-10-26 15:19 -------- d-----w- c:\program files (x86)\Brother 2012-10-22 18:06 . 2012-10-22 18:11 -------- d-----w- c:\programdata\Brother 2012-10-22 18:03 . 2012-10-29 01:34 -------- d-----w- c:\program files (x86)\GIGABYTE 2012-10-22 18:03 . 2012-10-30 06:45 25640 ----a-w- c:\windows\gdrv.sys 2012-10-22 17:53 . 2012-10-22 17:53 -------- d-----w- c:\program files\7-Zip 2012-10-22 17:38 . 2012-10-31 22:58 -------- d-----w- c:\program files (x86)\EVGA Precision X 2012-10-22 09:52 . 2012-10-22 09:52 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-10-22 09:50 . 2012-10-22 17:33 -------- d-----w- c:\program files (x86)\Razer 2012-10-22 09:50 . 2012-10-22 09:50 -------- d-----w- c:\programdata\Razer 2012-10-22 09:45 . 2008-10-27 14:04 518480 ----a-w- c:\windows\system32\XAudio2_3.dll 2012-10-22 09:32 . 2012-10-22 09:32 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2012-10-22 09:32 . 2012-10-22 09:32 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-22 09:31 . 2012-10-22 09:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-22 09:31 . 2012-10-22 09:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-22 09:31 . 2012-10-22 09:31 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 09:31 . 2012-10-22 09:31 -------- d-----w- c:\program files (x86)\Java 2012-10-22 09:08 . 2012-10-22 09:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-22 09:08 . 2012-10-22 09:08 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-22 09:08 . 2012-10-22 09:08 -------- d-----w- c:\windows\SysWow64\Macromed 2012-10-22 09:08 . 2012-10-22 09:08 -------- d-----w- c:\windows\system32\Macromed 2012-10-22 06:52 . 2012-10-22 02:57 -------- d-----w- c:\windows\Panther 2012-10-22 06:43 . 2012-10-30 20:30 -------- d-----w- c:\windows\Downloaded Program Files 2012-10-22 05:16 . 2012-10-22 05:21 -------- d-----w- c:\program files (x86)\Samsung SSD Magician 2012-10-22 05:16 . 2012-10-22 05:16 -------- d-----w- c:\programdata\Samsung 2012-10-22 05:09 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-10-22 05:09 . 2012-09-14 20:26 73096 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2012-10-22 05:09 . 2012-10-22 05:09 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-10-22 05:09 . 2012-07-17 18:51 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-10-22 05:09 . 2012-07-17 18:55 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-10-22 05:09 . 2012-07-17 18:51 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-10-22 05:09 . 2012-07-17 18:49 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-10-22 05:09 . 2012-07-17 18:48 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-10-22 05:09 . 2012-10-22 05:09 -------- d-----w- c:\program files\Common Files\McAfee 2012-10-22 05:09 . 2012-10-22 05:09 -------- d-----w- c:\program files\McAfee 2012-10-22 05:09 . 2012-10-22 23:31 -------- d-----w- c:\program files (x86)\McAfee 2012-10-22 05:01 . 2012-07-17 18:52 177144 ----a-w- c:\windows\system32\mfevtps.exe 2012-10-22 05:01 . 2012-10-24 09:00 -------- d-----w- c:\programdata\McAfee 2012-10-22 04:45 . 2012-10-24 19:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-10-22 04:42 . 2012-10-28 02:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-10-22 04:17 . 2012-10-26 07:01 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-10-22 04:07 . 2012-10-22 04:07 -------- d-----w- c:\windows\SysWow64\Wat 2012-10-22 04:07 . 2012-10-22 04:07 -------- d-----w- c:\windows\system32\Wat 2012-10-22 04:06 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-10-22 04:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-10-22 04:00 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-22 03:49 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBCDE71F-3EB4-4583-B021-127C4A23CFC5}\mpengine.dll 2012-10-22 03:48 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-10-22 03:48 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-10-22 03:48 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-10-22 03:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-10-22 03:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-10-22 03:46 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-10-22 03:46 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-10-22 03:39 . 2012-10-22 03:39 -------- d-----w- c:\programdata\Intel 2012-10-22 03:33 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-10-22 03:33 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-10-22 03:33 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-10-22 03:32 . 2012-11-01 15:10 -------- d-----w- c:\programdata\NVIDIA 2012-10-22 03:32 . 2012-10-22 04:07 -------- d-----w- c:\users\UpdatusUser 2012-10-22 03:32 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin 2012-10-22 03:32 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-22 03:32 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-22 03:32 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-22 03:32 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-22 03:32 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-22 03:32 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-22 03:32 . 2012-10-22 03:32 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-10-22 03:32 . 2012-10-22 03:32 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-10-22 03:26 . 2012-08-07 07:09 88832 ----a-w- c:\windows\system32\drivers\EtronXHCI.sys 2012-10-22 03:26 . 2012-08-07 07:09 65152 ----a-w- c:\windows\system32\drivers\EtronHub3.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-12 08:33 . 2012-09-12 08:33 2782848 ----a-w- c:\windows\system32\drivers\kinonivd.sys 2012-09-12 08:33 . 2012-09-12 08:33 23040 ----a-w- c:\windows\system32\drivers\kinonivad.sys 2012-08-20 17:38 . 2012-10-22 03:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-17 07:01 . 2012-08-17 07:01 112640 ----a-w- c:\windows\system32\drivers\rzudd.sys 2012-08-17 07:01 . 2012-08-17 07:01 22016 ----a-w- c:\windows\system32\drivers\rzendpt.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-10-27 3389080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-04-23 507744] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-10-11 336304] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "GrooveMonitor"="s:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] . c:\users\BB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EVGA Precision X.lnk - c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-10-17 553800] Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-10-22 2056192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 116648] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 250808] R3 ALSysIO;ALSysIO;c:\users\BB\AppData\Local\Temp\ALSysIO64.sys [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-10-30 25640] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 116648] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-10-30 30528] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [2012-09-12 23040] R3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys [2012-09-12 2782848] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-22 1255736] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-08-16 645952] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-08-16 27456] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-09-14 73096] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2012-03-08 22128] S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-09-14 32360] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-24 65192] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-08 2656536] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-08-07 65152] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-08-07 88832] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288] S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys [2012-10-17 15176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-08-17 22016] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-08-17 112640] S3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2010-06-17 172040] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 09:08] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:22] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:22] . 2012-11-01 c:\windows\Tasks\RtlLanOptimizerVistaStart.job - c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2012-10-23 08:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-07 310272] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-07 158208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - s:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\BB\AppData\Roaming\Mozilla\Firefox\Profiles\n2dawz11.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - ExtSQL: 2012-10-22 01:12; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor FF - ExtSQL: 2012-10-23 10:53; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\BB\AppData\Roaming\Mozilla\Firefox\Profiles\n2dawz11.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-10-23 10:53; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\BB\AppData\Roaming\Mozilla\Firefox\Profiles\n2dawz11.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi FF - ExtSQL: 2012-10-23 10:56; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; c:\users\BB\AppData\Roaming\Mozilla\Firefox\Profiles\n2dawz11.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-17430523.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-01 15:56:18 ComboFix-quarantined-files.txt 2012-11-01 19:56 . Pre-Run: 174,193,786,880 bytes free Post-Run: 174,075,535,360 bytes free . - - End Of File - - 4F8BCC5566C9521FCC797FF0AF8DF590
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.