Jump to content

MrBiz

Honorary Members
  • Posts

    200
  • Joined

  • Last visited

Everything posted by MrBiz

  1. Thanks for your help, right now im in safe mode, when i clean inside the pc, and restarted pc,, chrome works well, as the pc stays on longer, chrome starts to act up, it moves very slow, (over 20 minutes to load) and all extension crash etc so right now im reinstalling it also when im trying to uninstall stuff in normal mode when chroem acts up, i get the message that "cant install because windows installer isnt installed) i know my disk is ok, but could my os be going? (in the future when i have my own laptop i will be using linux $300 buck for windows 7 the malware god is a joke) i got rid of java years ago (though i saw a java folder in program files , i deleted it)
  2. work well for now, gonna try cleaning the pc of dust btw how is the security check?
  3. Got it to work Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Comodo Firewall cmdagent.exe Malwarebytes' Anti-Malware mbamscheduler.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. Well the only thing is , google chrome is acting weird, (takes about 10 minutes to start)... after the loads its moves well though when i try to open forums sites, it registers the click but doesn't enter till 2 minutes, unless i open tab in new window in short, the net is very slow on google chrome side when starting up, internet explorer is fine (i have over 10 tabs that i restore everday , but ive been using more than that and chrome never startups this slow) also i have 3 gb of ram (1 gb chached for soem strange reason) and when im at 63% ram and ran security check, the screen went into low res mode , seem to me like the ram stick is dirty or getting bad? also when avast scanned the pc said 'not enough memory to process this" (i didnt find anything just "some files couldnt be scanned" temporary stuff when running security check i get HKLMrun.txt file not found under the "checking firewall status"
  5. Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.14.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 PatricK :: PATRICK-PC [administrator] 9/14/2013 7:15:21 PM mbar-log-2013-09-14 (19-15-21).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 302157 Time elapsed: 42 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.493000 GHz Memory total: 2949734400, free: 1964572672 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.493000 GHz Memory total: 2949734400, free: 1960165376 ======================================= Initializing... DDA Driver installation error. Downloaded database version: v2013.09.14.11 Downloaded database version: v2013.08.06.01 ======================================= Initializing... ======================================= DDA Driver installation error. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.493000 GHz Memory total: 2949734400, free: 1868263424 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.493000 GHz Memory total: 2949734400, free: 1854980096 ======================================= Initializing... DDA Driver installation error. ======================================= ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.493000 GHz Memory total: 2949734400, free: 1848692736 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.493000 GHz Memory total: 2949734400, free: 1235181568 ======================================= Initializing... Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86f24ac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\ Lower Device Object: 0xffffffff86e2f030 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86f24ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86f247a8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86f24ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86e2f7a8, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff86e2f030, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 156092416 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 156299264 Numsec = 820469760 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished Junkware Removal Tool never produced a log , its loaded and then asked to restart the pc after pc restarted, its loaded again and siad Checking startup checking processes etc and stopped at checking registry (over an hour and no movement) # AdwCleaner v3.004 - Report created 14/09/2013 at 20:00:32 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) # Username : PatricK - PATRICK-PC # Running from : C:\Users\PatricK\Desktop\Marvin Gaye\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files\Mozilla Firefox\user.js Folder Found C:\Users\PatricK\AppData\Local\cre Folder Found C:\Users\PatricK\AppData\Roaming\Systweak ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ares_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ares_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bloodshed-dev-c_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bloodshed-dev-c_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx-redistributable_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx-redistributable_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_handbrake_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_handbrake_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_k-lite-codec-pack_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_k-lite-codec-pack_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_lastsharp_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_lastsharp_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_metacafe-pro_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_metacafe-pro_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pivot-stickfigure-animator_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pivot-stickfigure-animator_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v [ File : C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ] -\\ Google Chrome v [ File : C:\Users\PatricK\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3147 octets] - [14/09/2013 20:00:32] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3207 octets] ########## wth is that ^^ after cleaning # AdwCleaner v3.004 - Report created 14/09/2013 at 20:11:12 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) # Username : PatricK - PATRICK-PC # Running from : C:\Users\PatricK\Desktop\Marvin Gaye\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v [ File : C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ] -\\ Google Chrome v [ File : C:\Users\PatricK\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3287 octets] - [14/09/2013 20:00:32] AdwCleaner[R1].txt - [796 octets] - [14/09/2013 20:11:12] AdwCleaner[s0].txt - [3408 octets] - [14/09/2013 20:02:54] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [915 octets] ########## the thing is i dont have firefox installed so what is it doing there? Eset came back clean FRST.txt Addition.txt
  6. I see internet security in add or remove but on pc and start menu its only the firewall http://www.comodo.com/home/internet-security/free-internet-security.php according to the site its separated from the antivirus portion (as i didnt pay for any service only use firewall (killswitch and disabled the HIPS and sandbox)
  7. Rkill 2.6.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/10/2013 12:56:51 PM in x86 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 09/10/2013 12:59:54 PM Execution time: 0 hours(s), 3 minute(s), and 3 seconds(s) RogueKiller V8.6.10 [sep 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : PatricK [Admin rights] Mode : Scan -- Date : 09/10/2013 13:44:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1260953176-3201969857-2580422920-1001\[...]\Run : Google Update ("C:\Users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤ [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001UA.job : C:\Users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001Core.job : C:\Users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001Core : C:\Users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001UA : C:\Users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[66] : NtCreateFile @ 0x83E8C75F -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FAF9EC) [Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x83E2C1CD -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FAFDCA) [Address] SSDT[87] : NtCreateThread @ 0x83F13896 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB0112) [Address] SSDT[103] : NtDeleteKey @ 0x83E19177 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB0486) [Address] SSDT[106] : NtDeleteValueKey @ 0x83E1EE27 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB0554) [Address] SSDT[107] : NtDeviceIoControlFile @ 0x83E4EF27 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB06A0) [Address] SSDT[155] : NtLoadDriver @ 0x83DE246C -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB2072) [Address] SSDT[168] : NtMapViewOfSection @ 0x83E77C83 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB2490) [Address] SSDT[179] : NtOpenFile @ 0x83E979CE -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB27A8) [Address] SSDT[182] : NtOpenKey @ 0x83E91F8F -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB2972) [Address] SSDT[190] : NtOpenProcess @ 0x83E59FA1 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB2984) [Address] SSDT[198] : NtOpenThread @ 0x83EAFC11 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB304E) [Address] SSDT[215] : NtProtectVirtualMemory @ 0x83E7E599 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB30E2) [Address] SSDT[269] : NtQueueApcThread @ 0x83E289D1 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB30F4) [Address] SSDT[312] : NtSecureConnectPort @ 0x83E6C65C -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB33F6) [Address] SSDT[316] : NtSetContextThread @ 0x83F1512B -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB3462) [Address] SSDT[350] : NtSetSystemInformation @ 0x83E2565C -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB379A) [Address] SSDT[358] : NtSetValueKey @ 0x83EA399D -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB3804) [Address] SSDT[370] : NtTerminateProcess @ 0x83E5A480 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB3BD6) [Address] SSDT[399] : NtWriteVirtualMemory @ 0x83E8A38B -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB5CCE) [Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB09CA) [Address] Shadow SSDT[14] : NtGdiBitBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB0CE2) [Address] Shadow SSDT[125] : NtGdiDeleteObjectApp -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB0FF4) [Address] Shadow SSDT[200] : NtGdiGetPixel -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB100E) [Address] Shadow SSDT[237] : NtGdiMaskBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB1334) [Address] Shadow SSDT[243] : NtGdiOpenDCW -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB164C) [Address] Shadow SSDT[247] : NtGdiPlgBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB1726) [Address] Shadow SSDT[302] : NtGdiStretchBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB1A48) [Address] Shadow SSDT[308] : NtGdiTransparentBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB1D5E) [Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB3C46) [Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB3FB8) [Address] Shadow SSDT[406] : NtUserGetClassInfoEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB42D4) [Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB4750) [Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB4A64) [Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB4D78) [Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB4DEE) [Address] Shadow SSDT[524] : NtUserRegisterRawInputDevices -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB4E04) [Address] Shadow SSDT[536] : NtUserSendInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB5208) [Address] Shadow SSDT[544] : NtUserSetClipboardViewer -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB554C) [Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB5B42) [Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB5822) [Address] Shadow SSDT[607] : NtUserUnhookWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x91FB5CAC) [Address] IRP[iRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x8BFD68CC) [Address] IRP[iRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x8BFD68CC) [Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x8BFC247C) [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x8BFC244E) [Address] IRP[iRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x8BFC24AA) [Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x8BFD1DB2) [Address] IRP[iRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x8BFD1D7E) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AADS-67S9B1 ATA Device +++++ --- User --- [MBR] 5985724ba892a5726b4ce24e2f48fbe8 [bSP] eb11fb66582f439466a24426dcc02753 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156299264 | Size: 400620 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09102013_134410.txt >> RKreport[0]_S_08302013_002349.txt attach.txt dds.txt
  8. ok thanks for the info and sorry for the spam
  9. Hi saw this on avast forum, had to share it
  10. could you guys add a boot time scanner?
  11. hi there , i scan my pc everyday and get clean results , left for a few hours (14 hours) and came back to do my daily scan and found this Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.07.01 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16660PatricK :: PATRICK-PC [administrator] Protection: Enabled 9/7/2013 5:41:48 AMmbam-log-2013-09-07 (05-41-48).txt Scan type: Full scan (C:\|F:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 464355Time elapsed: 1 hour(s), 23 minute(s), 42 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Windows\Cache\Adobe Reader 6.0.1\ENUBIG\Data1.cab (Trojan.PWS.Zbot) -> Quarantined and deleted successfully. (end) is this a false positive and how did that get there? , i dont use adobe readerbtw i use lastpass for my passwords , i considered using zemana before this ( i gave my cousin keyscrambler)hit man pro found nothing btwalso after this find is there any precautions is should take?
  12. Has anyone seen this? https://addons.mozilla.org/en-us/firefox/addon/xenotix-keylogger/ it was tested in the forum http://www.wilderssecurity.com/showthread.php?t=340941 and is this a major threat?
  13. stopped when i disconnected from the net thx for your help anyway
  14. hey i keep getting a popup that malwarebtyes block IP 77.78.237.69 outgoing and incoming via svchost.exe port 62075 the ip is from somewhere in europe, and it keeps popping up every 30 seconds is that a hack attempt? and the funny thing is svchost is not running in taskmanager at the moment and still popups lol
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.