dev1dev1

Members

View Profile See their activity

Posts
4
Joined
December 4, 2016
Last visited
December 7, 2016

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Rogue Killer Log

dev1dev1 replied to dev1dev1's topic in Resolved Malware Removal Logs

PC isn't actually behaving that badly anymore. Disk usage is down from 90% to 1-5%. Although a virus called poweliks returned twice on my computer, does it not look like it's there anymore?
Rogue Killer Log

dev1dev1 replied to dev1dev1's topic in Resolved Malware Removal Logs

Hi there! Ran the scans and here are the results. 2016.12.05-19.23.50-i0-t92-d15.txt log.txt
Rogue Killer Log

dev1dev1 replied to dev1dev1's topic in Resolved Malware Removal Logs

Hi there! Thanks for the reply. I ran the program and will attach the files. Thank you again for your help! FRST.txt Addition.txt
Rogue Killer Log

dev1dev1 posted a topic in Resolved Malware Removal Logs

Hi there, I recently found out my computer is infested with Malware. I ran Adwcleaner and it removed most Malware. I then ran Rogue Killer and all this shows up. I don't know what to remove and what to keep. Please help! RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8 (6.2.9200) 64 bits version Started in : Normal mode User : Karl [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 12/04/2016 03:56:13 (Duration : 01:34:31) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 87 ¤¤¤ [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Found [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Found [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{9FF9AE6F-4553-41a7-B645-B0E88850EABF} (C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll) -> Found [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{B5963225-DC80-4D1A-960B-F983006F2FCE} (C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\amd64\RzSurroundVADSettingsStreamROT.dll) -> Found [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468} (C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll) -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG SafeGuard toolbar -> Found [PUP] (X64) HKEY_USERS\.DEFAULT\Software\AVG SafeGuard toolbar -> Found [PUP] (X86) HKEY_USERS\.DEFAULT\Software\AVG SafeGuard toolbar -> Found [PUP] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\AVG SafeGuard toolbar -> Found [PUP] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\IM -> Found [PUP] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\AVG SafeGuard toolbar -> Found [PUP] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\IM -> Found [PUP] (X64) HKEY_USERS\S-1-5-18\Software\AVG SafeGuard toolbar -> Found [PUP] (X86) HKEY_USERS\S-1-5-18\Software\AVG SafeGuard toolbar -> Found [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0814avt : C:\Users\Karl\AppData\Roaming\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=0814avt [x] -> Found [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1114avt : C:\Users\Karl\AppData\Roaming\Avg_Update_1114avt\AVG-Secure-Search-Update_1114avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1114avt [x] -> Found [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1214av : C:\Users\Karl\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1214av [x] -> Found [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0814avt : C:\Users\Karl\AppData\Roaming\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=0814avt [x] -> Found [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1114avt : C:\Users\Karl\AppData\Roaming\Avg_Update_1114avt\AVG-Secure-Search-Update_1114avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1114avt [x] -> Found [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1214av : C:\Users\Karl\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1214av [x] -> Found [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54309;https=127.0.0.1:54309 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54309;https=127.0.0.1:54309 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930 -> Found [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548 -> Found [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548 -> Found [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548 -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548 -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548 -> Found [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms} -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7A31F899-4436-42A5-9CB9-B46A4069E8BE} | DhcpNameServer : 172.20.10.1 ([]) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8156ABDF-BFB5-4D2A-804D-37543AEFA997} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe|Name=Blizzard Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {15239EC1-11B9-43BB-8AC5-C787ACC3A6F7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe|Name=Blizzard Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {20C20BCC-223A-4E23-9F1B-BE4E63237EA4} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDC75D61-FE98-49F7-88DA-5688484524F7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1AC38EA2-28FF-4841-9DC5-BCA719577930} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe|Name=TERA| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F78A636E-D8F5-422C-9A56-C60E3BDE2046} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe|Name=TERA| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2E324F65-9902-4938-844F-DC4E452980CB} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB6C7E21-2C1B-43CC-AA9A-0CB84E7A18C9} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3666D6BE-D60D-4C28-B748-4A3ECF683D8E} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe|Name=TERA| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A773DC06-D557-4359-8839-F14531956F56} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe|Name=TERA| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A765BF54-18B3-4853-8951-EB2C7F7F0837} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D64AAD56-2337-41E6-B2E7-C59F983455D7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {128F181D-7235-4D1E-880E-21CB2134F261} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F9789088-BEA9-4CD3-BB27-17D88014D696} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9826AFA7-347F-4138-9835-7A81124C7E2A} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4C58FC4B-5844-4F6C-BEC3-A7EC98B60326} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {24E024FD-DB39-4C28-9674-68E80AADDFD3} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {49D510BB-F786-4146-B64B-8F7F3538EEAD} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {895DDBC8-6BA2-4F5B-BE50-1F9C7C5FF643} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {290896D9-7843-43A5-9B47-9B5E0A462035} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DE7221E1-7C9E-4D86-AFA5-1BC317966A2F} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3F314565-D90C-4032-81C3-9B93090E78AA} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {367264A1-7161-4198-879A-417597155D51} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EDEE7D0D-7C8E-475D-ACE9-36316C39BBF7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A78026C6-692E-4FC6-9903-D2D4169597EA} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E73A8669-1042-4088-B93D-086249BB9D01} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9AED6A67-D128-479B-95D3-08F0763E6412} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9018F5FB-BC74-473B-B036-AD816E4A6202} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{63AE077E-FE71-4BAE-8077-D604EB9D6A72}C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{ED5BE0B7-400D-48E8-934D-8DFA4D86BA45}C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A98A9BA3-8DE5-4CE2-B167-1FBEC005E0D5} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3BE0D155-4C39-4883-B3C7-88A7BF59CFE3} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F5665A48-837F-4894-B74F-DF5A874B95F8} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83B6976E-659F-45B5-890F-8C8D0AD6FFAB} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D1C762BC-8B42-48C5-9DB7-487A4465BCAB} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2366D3A8-3A5E-4F0A-AC97-F7013285E78A} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {630BDBEE-4B02-4B94-93D0-63E5F6B78350} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F70A275-9B08-4EE3-8D73-C229F619EAE5} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F0C2F5FE-8256-45B9-8DC3-2C860F73F556} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {411380A4-70C5-460B-83F4-69479325E257} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found ¤¤¤ Tasks : 30 ¤¤¤ [Suspicious.Path] %WINDIR%\Tasks\AVG-SSU_1116avz.job -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe (/CMPID=1116avz /RUNBY=AV) -> Found [Suspicious.Path] %WINDIR%\Tasks\AVG-SSU_1116avz_DELETE.job -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe ( /CMPID=1116avz /CMPN_DELETE_ALL /RUNBY=AV) -> Found [Suspicious.Path] %WINDIR%\Tasks\DingRing.job -- c:\programdata\{7cf640ba-e0d8-b6d7-7cf6-640bae0d02eb}\6331770522753531716b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\EasyLinks.job -- c:\programdata\{a86a7b52-2f78-43e0-a86a-a7b522f7ed48}\584384711206213629b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\EasyUpdate.job -- c:\programdata\{e760a475-4bf3-9aed-e760-0a4754bf91d5}\8997366422892820817b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\InvestQuest.job -- c:\programdata\{d5506e9e-1097-3061-d550-06e9e109ba78}\2239782516067653546b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\JavaLava.job -- c:\programdata\{6a7e1e11-c4f7-097d-6a7e-e1e11c4f7847}\7183946674602915571b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\PhraseSmartifier.job -- c:\programdata\{a81ed437-bea4-6b5b-a81e-ed437bea50de}\5494190051056317166b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\ShadowLoader.job -- c:\programdata\{4e236a2a-f69d-1b0c-4e23-36a2af69a8ab}\4697978085396306384b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\StashCache.job -- c:\programdata\{96e6491d-eb1f-b59e-96e6-6491deb12477}\8972440561097148295b.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\SW.Booster-S-4606583622.job -- c:\programdata\greenapp\sw.booster\SW.Booster.exe (/schedule /profile "c:\programdata\greenapp\sw.booster\4606583622.ini") -> Found [Suspicious.Path] %WINDIR%\Tasks\TourMaster.job -- c:\programdata\{40aead7f-bcb2-4a6c-40ae-ead7fbcbb5fe}\6006290760717598913c.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\TrackGraph.job -- c:\programdata\{5572febc-05bd-a912-5572-2febc05bfaf0}\2831529604139760544c.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\VidMustSee.job -- c:\programdata\{2bfe864f-28d6-f46e-2bfe-e864f28d193c}\9032780107734129261c.exe (--startup=1 --single) -> Found [Suspicious.Path] %WINDIR%\Tasks\YourTea.job -- c:\programdata\{21d19db1-fb74-278b-21d1-19db1fb776c7}\3545640803519789852b.exe (--startup=1 --single) -> Found [Suspicious.Path] \AVG-SSU_1116avz -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe (/CMPID=1116avz /RUNBY=AV) -> Found [Suspicious.Path] \AVG-SSU_1116avz_DELETE -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe (/CMPID=1116avz /CMPN_DELETE_ALL /RUNBY=AV) -> Found [Suspicious.Path] \DingRing -- c:\programdata\{7cf640ba-e0d8-b6d7-7cf6-640bae0d02eb}\6331770522753531716b.exe (--startup=1 --single) -> Found [Suspicious.Path] \EasyLinks -- c:\programdata\{a86a7b52-2f78-43e0-a86a-a7b522f7ed48}\584384711206213629b.exe (--startup=1 --single) -> Found [Suspicious.Path] \EasyUpdate -- c:\programdata\{e760a475-4bf3-9aed-e760-0a4754bf91d5}\8997366422892820817b.exe (--startup=1 --single) -> Found [Suspicious.Path] \InvestQuest -- c:\programdata\{d5506e9e-1097-3061-d550-06e9e109ba78}\2239782516067653546b.exe (--startup=1 --single) -> Found [Suspicious.Path] \JavaLava -- c:\programdata\{6a7e1e11-c4f7-097d-6a7e-e1e11c4f7847}\7183946674602915571b.exe (--startup=1 --single) -> Found [Suspicious.Path] \PhraseSmartifier -- c:\programdata\{a81ed437-bea4-6b5b-a81e-ed437bea50de}\5494190051056317166b.exe (--startup=1 --single) -> Found [Suspicious.Path] \ShadowLoader -- c:\programdata\{4e236a2a-f69d-1b0c-4e23-36a2af69a8ab}\4697978085396306384b.exe (--startup=1 --single) -> Found [Suspicious.Path] \StashCache -- c:\programdata\{96e6491d-eb1f-b59e-96e6-6491deb12477}\8972440561097148295b.exe (--startup=1 --single) -> Found [Suspicious.Path] \SW.Booster-S-4606583622 -- c:\programdata\greenapp\sw.booster\SW.Booster.exe (/schedule /profile "c:\programdata\greenapp\sw.booster\4606583622.ini") -> Found [Suspicious.Path] \TourMaster -- c:\programdata\{40aead7f-bcb2-4a6c-40ae-ead7fbcbb5fe}\6006290760717598913c.exe (--startup=1 --single) -> Found [Suspicious.Path] \TrackGraph -- c:\programdata\{5572febc-05bd-a912-5572-2febc05bfaf0}\2831529604139760544c.exe (--startup=1 --single) -> Found [Suspicious.Path] \VidMustSee -- c:\programdata\{2bfe864f-28d6-f46e-2bfe-e864f28d193c}\9032780107734129261c.exe (--startup=1 --single) -> Found [Suspicious.Path] \YourTea -- c:\programdata\{21d19db1-fb74-278b-21d1-19db1fb776c7}\3545640803519789852b.exe (--startup=1 --single) -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 6 ¤¤¤ [PUP][Firefox:Addon] 368vt0s5.default : Widget context [{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}] -> Found [PUP][Firefox:Addon] 368vt0s5.default : SeeSimilar02 [seesimilar02@SeeSimilar.com] -> Found [PUM.SearchEngine][Firefox:Config] 368vt0s5.default : user_pref("browser.search.selectedEngine", "Default"); -> Found [PUM.SearchEngine][Firefox:Config] 368vt0s5.default : user_pref("browser.search.defaultenginename", "Default"); -> Found [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.istartsurf.com/?type=hp&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548] -> Found [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.istartsurf.com/?type=hp&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548|http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548|http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_32&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCtByByDtCzyyD0F0CtC0AtN0D0Tzu0StCtAtCtBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0BtCtA0AyDzztGyE0D0E0BtGyEyE0CyEtGyCtDtAtAtGzz0CtBtCyCyCyDtAyEyE0Azy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0CyCyE0E0DtCtGtAyC0B0FtGyE0DtD0CtGzyyD0FtBtGyCzztDyCyCyByC0C0EtB0Fzy2QtN0A0LzuyE%26cr%3D228330861%26a%3Dwncy_ir_15_32%26os%3DWindows%2B8|http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_32&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dca%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCtByByDtCzyyD0F0CtC0AtN0D0Tzu0StCtAtCtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EtCtAyC0CtBtCtGtCzzyBtDtG0EtC0ByCtGyBtDtB0BtG0D0AtCtBtAzy0EzyyDtDyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0CyCyE0E0DtCtGtAyC0B0FtGyE0DtD0CtGzyyD0FtBtGyCzztDyCyCyByC0C0EtB0Fzy2QtN0A0LzuyE%26cr%3D562425129%26a%3Dwny_ir_15_32%26os%3DWindows 8] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD10EZEX-75ZF5A0 +++++ --- User --- [MBR] 6fabe91d9341cd6b6c6b873c6f0e71fc [BSP] 40466e23af3d87d026e7578eda66d7a4 : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB 1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB 4 - Basic data partition | Offset (sectors): 2394112 | Size: 940981 MB 5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1929523200 | Size: 11718 MB User = LL1 ... OK User = LL2 ... OK

Sign In

dev1dev1

Posts

Joined

Last visited

Reputation

Recent Profile Visitors

Rogue Killer Log

Rogue Killer Log

Rogue Killer Log

Rogue Killer Log

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information