Devlant21
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Devlant21
-
-
Security Check results:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.1
Java 6 Update 31
Java 7 Update 9
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
-
AdwCleaner[s1] results:
# AdwCleaner v2.105 - Logfile created 01/12/2013 at 16:50:42
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andrew - ANDREW-PC
# Boot Mode : Normal
# Running from : C:\Users\Andrew\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\9a2dfa21e690a5c3
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Software
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0 (en-US)
File : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\w7k31ut8.default-1346962874216\prefs.js
[OK] File is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1084 octets] - [12/01/2013 16:31:16]
AdwCleaner[R2].txt - [1143 octets] - [12/01/2013 16:33:49]
AdwCleaner[s1].txt - [1084 octets] - [12/01/2013 16:50:42]
########## EOF - C:\AdwCleaner[s1].txt - [1144 octets] ##########
-
-
I'm guessing that you mean the text file that popped up when ComboFix finished scanning? Attaching that below.
-
Thank you again (and many apologies for the very delayed reply on my part).
After the second scan with Malwarebytes Anti-Rootkit, the program is saying that nothing new has been detected. I can also confirm that my internet, Windows Updates, and my firewall are all working properly. The logs you asked for are attached as well.
-
Thank you for the speedy response.
__
Copy of the log:
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Andrew [Admin rights]
Mode : Scan -- Date : 01/12/2013 14:27:08
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : syshost32 (C:\Users\Andrew\AppData\Local\{8A690C08-97D3-9AA2-D15B-FC38B0846A4B}\syshost.exe) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1379245273-61613077-1871093419-1001[...]\Run : syshost32 (C:\Users\Andrew\AppData\Local\{8A690C08-97D3-9AA2-D15B-FC38B0846A4B}\syshost.exe) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : 73B9E00D-595B-4033-B058-3A743FD61104 (cmd.exe /C start /D "C:\Users\Andrew\AppData\Local\Temp" /B 73B9E00D-595B-4033-B058-3A743FD61104.exe -activeimages -postboot) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3275GSX +++++
--- User ---
[MBR] c14a194e47a70f624d48fac8dd35e444
[bSP] 35cff5c93c53e5a466e70c6c8ff31d64 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289747 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596475904 | Size: 13997 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01122013_02d1427.txt >>
RKreport[1]_S_01122013_02d1427.txt
-
Pretty much what the title says.
This is the first time I've ever used these forums, so I'm admittedly a bit lost and having whoever decides to help me be as detailed as possible would be much appreciated.
Need help removing PUM.UserWLoad and Trojan.Ransom
in Resolved Malware Removal Logs
Posted
Posted feedback on your page. Thank you again, the help was greatly appreciated!