Jump to content

chrisjoel99

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much for your help. Cleanup done and working on additional software installation. Donation sent your way. Thanks a ton.
  2. Performance vastly improved. No more "Malicious Website Blocked". The issue appears resolved.
  3. MBAR found Poweliks trojan. Cleaned it. Below is the text from requested files. mbar-log-2015-01-02 (10-49-33).txt Malwarebytes Anti-Rootkit BETA 1.08.2.1001www.malwarebytes.org Database version: v2015.01.02.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.17501Chris :: THOMPSON_PC [administrator] 1/2/2015 10:49:33 AMmbar-log-2015-01-02 (10-49-33).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 393733Time elapsed: 49 minute(s), 19 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKU\S-1-5-21-523426175-356860739-210023203-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [049829c96d1ca195f67549b959a7b64a] Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) system-log.txt---------------------------------------Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17501 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 4.100000 GHzMemory total: 8538599424, free: 1905352704 Downloaded database version: v2015.01.02.04Downloaded database version: v2014.12.30.01Downloaded database version: v2014.12.06.01=======================================Initializing...This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.=======================================Initializing...This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.=======================================Initializing...This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.=======================================Initializing...This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.=======================================Initializing...------------ Kernel report ------------ 01/02/2015 10:49:05------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\amd_sata.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\amd_xata.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\drivers\WRkrn.sys\SystemRoot\System32\drivers\msrpc.sys\SystemRoot\System32\drivers\NETIO.SYS\SystemRoot\System32\drivers\NDIS.SYS\SystemRoot\System32\drivers\TDI.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\amdxhc.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\usbfilter.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\amdhub30.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\MBfilt64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_amd_sata.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\rpcrt4.dll\Windows\System32\kernel32.dll\Windows\System32\nsi.dll\Windows\System32\gdi32.dll\Windows\System32\psapi.dll\Windows\System32\normaliz.dll\Windows\System32\urlmon.dll\Windows\System32\clbcatq.dll\Windows\System32\sechost.dll\Windows\System32\Wldap32.dll\Windows\System32\imagehlp.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\usp10.dll\Windows\System32\oleaut32.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\difxapi.dll\Windows\System32\ole32.dll\Windows\System32\msctf.dll\Windows\System32\iertutil.dll\Windows\System32\shell32.dll\Windows\System32\setupapi.dll\Windows\System32\imm32.dll\Windows\System32\lpk.dll\Windows\System32\msvcrt.dll\Windows\System32\advapi32.dll\Windows\System32\wininet.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\userenv.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll\Windows\System32\profapi.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007767060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000062\Lower Device Object: 0xfffffa80074b4060Lower Device Driver Name: \Driver\amd_sata\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007767060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007767b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007767060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80074b6ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\DevicePointer: 0xfffffa80074b4060, DeviceName: \Device\00000062\, DriverName: \Driver\amd_sata\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...Done!Drive 0This is a System driveScanning MBR on drive 0...Inspecting partition table:This drive is a GPT Drive.MBR Signature: 55AADisk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2597893236 GPT Header CurrentLba = 1 BackupLba 3907029167 GPT Header FirstUsableLba 34 LastUsableLba 3907029134 GPT Header Guid 413d6c90-9582-4b1e-a5e6-777618d98ce6 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2597893236 Backup GPT header CurrentLba = 3907029167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134 Backup GPT header Guid 413d6c90-9582-4b1e-a5e6-777618d98ce6 Backup GPT header Contains 128 partition entries starting at LBA 3907029135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID bc999464-fac4-4a92-9d4f-7a8072d2423d FirstLBA 2048 Last LBA 206847 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 4ac65cd1-89bc-43b5-9b6e-5af484efbce9 FirstLBA 206848 Last LBA 468991 Attributes 0 Partition Name Microsoft reserved partition Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 78ff52bf-639e-4d2c-932c-1287db833b81 FirstLBA 468992 Last LBA 3907028991 Attributes 0 Partition Name Basic data partition Disk Size: 2000398934016 bytesSector size: 512 bytes Done!Infected: HKU\S-1-5-21-523426175-356860739-210023203-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]Scan finishedCreating System Restore point...Cleaning up...Executing an action cmd.exe...Success!Executing an action cmd.exe...Success!Removal successful. No system shutdown is required.=======================================
  4. One additional note is that on the resource monitor fixmapi.exe and dllhost.exe are by far the largest memory, CPU, and network users.
  5. Have had issues with high CPU and memory usage, multiple dllhost.exe files, and in general some weird stuff. Installed and ran Malwarebytes Anti-Malware, continue to get "Malicious Website Blocked", different domain names, different IP, different ports, always "Outbound", and process is always C:\Windows\SysWOW64\dllhost.exe Ran FRST and attached FRST.txt and Addition.txt. Also attached FixLog.txt Ran Malwarebytes Anti-Malware, and attached scan log entitled ScanLog.txt. Ran AdwCleaner, and attached log entitled AdwCleaner[s0].txt Still getting "Malicious Website Blocked" notices every few seconds. Could use some help continuing to troubleshoot and ensure nothing else is hanging onto my computer. Thanks. FRST.txt Addition.txt ScanLog.txt Fixlog.txt AdwCleanerS0.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.