Jump to content

Cameron

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I disconnected from the internet on my pc and everything runs perfectly fine, whenever I reconnect it seems to get loud and slow without any increase of CPU memory etc. Any help?
  2. Okay I downloaded a few things for a game and after running them I noticed the next time I logged onto my pc it was running very slow and loud, I checked the CPU it was at %1 then ran stress tests and it seemed to go up to %100 so I know the CPU isn't limited, I noticed a window called icon encoder and it wouldn't respond when I went to close it it was called wipeshadows (forces itself to open as much as possible when this happens) whenever I'm watching anything or even at my desktop with nothing open my computer becomes incredibly slow and then back to normal for about thirty seconds and repeats this. I thought it would be a program like Spotify or steam or maybe it was a game I have left open, but all of these run really easily on my computer so it can't be those. Either way I ran scans on my computer and found some malware and removed it, (malware bytes and sophos removal) but the problem still occurs. My computer is running quiet then loud but there is no temperature changes at all or anything being opened up. Any help would be appreciated
  3. adw cleaner and junkware removal didnt find anything SophosVirusRemovalTool.log Addition.txt FRST.txt JRT.txt
  4. They all now say its clean although when i ran the anti root kit i seemed to run into a couple of backdoors and other things like that FRST.txt Addition.txt
  5. Ok here is what i got (5 things found) mbar-log-2017-04-11 (20-53-46).txt
  6. After about a month i ran into a similar issue again. Nearly everytime my pc starts up it is very slow to the point that if i click something it takes nearly a minute to load, my mouse moves very slow and everything is choppy also whenever i shutdown or restart it says "this app is preventing you from shutting down" occasionally it starts up normal speed and all im not entirely sure whats going on anymore
  7. Hey i ran into an issue now, one of these apps changed my ip address and i have purchased things that i cant change that ip on, Basically if i dont fix my ip its going to never let me use them until i reset it back, anyway of fixing this problem?
  8. SophosVirusRemovalTool.log FRST.txt Addition.txt JRT.txt
  9. It couldnt clean the Troj/Ransom-AIB
  10. Its almost impossible to scan because it wont stop opening
  11. Every time i restart it opens up Reverse.exe - Application Error The application was unable to start correctly (0xc0000005) Click OK to close the application.
  12. I ran this software 4 different times and 4 different scans each had given different results, First time it found 80 and i cleaned that, restarted and scanned again, found 40 threats i cleaned it then after it restarted i did it a third time, 37 threats were found and i cleaned it and restarted it, the final time it says 0 threats were found (sorry for the extra work though) Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2014.11.18.05 rootkit: v2014.11.12.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 4:55:47 PM mbar-log-2017-03-07 (16-55-47).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 324360 Time elapsed: 11 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 64 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot. [74c9ac9165174aec4d65e809e61dcb35] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Security.Hijack) -> Delete on reboot. [53ea0a33ccb06bcb4372a74a7d86de22] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Security.Hijack) -> Delete on reboot. [56e7da63582466d07e4971808083768a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Security.Hijack) -> Delete on reboot. [76c70934c6b60333399720d10ef59070] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Security.Hijack) -> Delete on reboot. [62db34096616ce68636f1ed32bd8c937] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot. [90adc974a5d7fe38efecfcf54fb4966a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Security.Hijack) -> Delete on reboot. [6ecf0f2e8bf1fd39e7f5737e9d66b947] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Security.Hijack) -> Delete on reboot. [3b029aa3473590a61cc6e1104db6c33d] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe (Security.Hijack) -> Delete on reboot. [231ad865bbc139fd36d67a78758ebd43] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\blindman.exe (Security.Hijack) -> Delete on reboot. [221ba39a4d2f72c4d7c38dc51fe4827e] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot. [3409132a275543f3a5d2e8b0f50fdf21] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot. [60dda796f7851e1807b0b43e47bcf010] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot. [d766a79623596fc7decbac472dd6b64a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot. [9aa3de5fde9ef442da9cdeba01037f81] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot. [023bd36aaece23133e46b93bdb28c23e] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Security.Hijack) -> Delete on reboot. [c578fb42a7d5e94d9c38c5d936cd8779] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Security.Hijack) -> Delete on reboot. [83ba83ba57252b0b4aabfba6a65eeb15] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Security.Hijack) -> Delete on reboot. [0e2fae8fc8b45adc572f740125dec53b] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Security.Hijack) -> Delete on reboot. [ea53f5487309c0763b4a2cc851b2ec14] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot. [4fee0d30bcc0ab8bba072ec6bd46d030] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot. [73ca8bb24a32d26413c021d35fa412ee] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [a8950f2e116bd2647a6ccf25778c619f] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot. [ac911b22aece74c29b514ea621e2fb05] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot. [f647df5eb0cc96a00e62bd3909fa1be5] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFiles.exe (Security.Hijack) -> Delete on reboot. [d46974c990eca78f53791b4628db946c] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMain.exe (Security.Hijack) -> Delete on reboot. [a29ba598b9c38ea8f2dbd28f32d1c43c] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWinSec.exe (Security.Hijack) -> Delete on reboot. [46f787b690ec8fa7d0fe2839fa0915eb] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot. [d96470cd2f4d191dc19f97df52b234cc] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot. [a09d3eff7ffd7abccaaed8c0848056aa] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot. [112ca59864181422f251d2269e65dc24] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE (Security.Hijack) -> Delete on reboot. [72cbf14c522a290de8c6ed04778c6b95] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot. [231ad36a473572c49a64a94856ad916f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot. [b38a310cf08c979fecc6cc25c53ef20e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Security.Hijack) -> Delete on reboot. [8bb2bb82512b59ddf8bdfaf7a95afd03] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Security.Hijack) -> Delete on reboot. [0a338eaf8cf0a5919037aa470cf76d93] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Security.Hijack) -> Delete on reboot. [ce6f9e9fa1db3df9c10f8c65b54ee020] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Security.Hijack) -> Delete on reboot. [b28bbd80e59764d230a2e70a5ea52dd3] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot. [182555e8730963d312c9ad44f2115aa6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Security.Hijack) -> Delete on reboot. [330a8db0ceae0e28409c16db2cd7da26] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Security.Hijack) -> Delete on reboot. [261707365527290d687a04ed7a8935cb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe (Security.Hijack) -> Delete on reboot. [c776a598bbc16bcbef1db73b60a31de3] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\blindman.exe (Security.Hijack) -> Delete on reboot. [f5486dd0fd7ffa3c504afd5556adae52] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot. [df5e0d3084f847ef0b6c2a6ec341c23e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot. [b08d94a9bbc12d09dfd8fcf6917223dd] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot. [8eaf2419e993cd693c6d42b13ec5d22e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot. [c5789aa3a5d71125accacfc9719349b7] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot. [d56857e682faba7cfa8a9064689bcb35] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Security.Hijack) -> Delete on reboot. [3b02ac91b0cc2e08ffd57c227390f010] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Security.Hijack) -> Delete on reboot. [bc8149f4ccb0b18514e1346d61a38a76] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Security.Hijack) -> Delete on reboot. [e85595a829530e2892f4cbaacb38768a] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Security.Hijack) -> Delete on reboot. [132a3a031666fd39daab8c68a65d857b] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot. [e5583d002a52c67020a1698bc43f8d73] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot. [b4898db0384456e0ffd44da755aea65a] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [53eac27b6d0f4de9db0bd61ee41fd32d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot. [49f450ede9938baba349dd1704ff7c84] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot. [122b42fb186486b0b0c094620ff45aa6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFiles.exe (Security.Hijack) -> Delete on reboot. [1924073691ebc76f517b11505ba81ae6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMain.exe (Security.Hijack) -> Delete on reboot. [de5fae8fb5c72d09329bbda40ef547b9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWinSec.exe (Security.Hijack) -> Delete on reboot. [3508a19cf9839b9b7a54372a0201cf31] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot. [132afd409ae2e452afb16e08f21247b9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot. [a09d7dc0c1bbb2842c4c5b3d35cf43bd] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot. [64d95de0ef8d96a083c0b5435fa42cd4] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE (Security.Hijack) -> Delete on reboot. [69d4fd40dd9ff640c2ecab46927145bb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot. [63dafc41e29a3df9d82634bd09fae31d] Registry Values Detected: 14 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [72cbf14c522a290de8c6ed04778c6b95] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [c07d75c8bebee94d832da948e1223dc3] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [320be7568cf021159d9c6a0531d2a35d] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [231ad36a473572c49a64a94856ad916f] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [320b42fb80fcb1858ca742b06b98cc34] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [94a9a09d5923181e46cfa84b946f44bc] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [1c21a697324aa98d97a386e9f11256aa] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [69d4fd40dd9ff640c2ecab46927145bb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [f8452b125626b1856d439c55be45bf41] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [80bd3d007b0134021029125de91aa957] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [63dafc41e29a3df9d82634bd09fae31d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [44f989b44b31a3935bd8cd253dc649b7] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [221bfb428def4aec48cd0ae921e227d9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [46f79ca17309cd692119adc261a249b7] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\john\AppData\Roaming\sound.exe (Trojan.Agent) -> Delete on reboot. [2716ca73bdbf50e62ebdfca90bf89769] C:\ProgramData\Intel.exe (Trojan.Agent) -> Delete on reboot. [b489cc71adcf57df1b9ac1c160a4669a] Physical Sectors Detected: 0 (No malicious items detected) (end) that was the first time i ran this 2nd time running it Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2014.11.18.05 rootkit: v2014.11.12.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 5:12:30 PM mbar-log-2017-03-07 (17-12-30).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 319600 Time elapsed: 13 minute(s), 43 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) the third time running it Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.07.08 rootkit: v2017.02.27.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 5:27:24 PM mbar-log-2017-03-07 (17-27-24).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 298190 Time elapsed: 11 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE (Backdoor.Zyklon) -> Delete on reboot. [ec489631a3055fd7a5e7cbf105fb9769] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE (Backdoor.Zyklon) -> Delete on reboot. [ec489631a3055fd7a5e7cbf105fb9769] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE (Backdoor.Zyklon) -> Delete on reboot. [4be97255c3e59c9ac8c4506c19e7b947] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE (Backdoor.Zyklon) -> Delete on reboot. [4be97255c3e59c9ac8c4506c19e7b947] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE (Backdoor.Zyklon) -> Delete on reboot. [e74de1e6c5e387af0884259757a90ef2] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE (Backdoor.Zyklon) -> Delete on reboot. [e74de1e6c5e387af0884259757a90ef2] Registry Values Detected: 1 HKU\S-1-5-21-918212172-721134584-3793019280-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|javasched (Trojan.Agent.TPL) -> Data: C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\Slideshows\SlideshowService.exe -> Delete on reboot. [f341e0e72e7a999d21a13b8102fe9967] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 35 C:\Users\john\AppData\Local\Microsoft\Windows\{0E22831C-8140-4202-85BB-971BF59B9032}\dllhost.exe (Backdoor.Zyklon) -> Delete on reboot. [ec489631a3055fd7a5e7cbf105fb9769] C:\Users\john\AppData\Local\Microsoft\Windows\{14F6226D-EAD3-48BE-8758-CC66C420DEEC}\wscript.exe (Backdoor.Zyklon) -> Delete on reboot. [4be97255c3e59c9ac8c4506c19e7b947] C:\Users\john\AppData\Local\Microsoft\Windows\{1951F1EF-81A9-44D7-9CBB-ED95D466826E}\taskmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [a1932b9cdccc1a1c0c731f933ac60000] C:\Users\john\AppData\Local\Microsoft\Windows\{1EBA1F3B-608D-4E03-9B76-368E4CCA8FEF}\System.exe (Backdoor.Zyklon) -> Delete on reboot. [61d37d4aeabe3bfb5a32e8d458a86c94] C:\Users\john\AppData\Local\Microsoft\Windows\{3C8A6C35-339C-40F7-B346-AB860F620130}\WerFault.exe (Backdoor.Zyklon) -> Delete on reboot. [5ed6a5226543ba7ceaa24d6f748cc13f] C:\Users\john\AppData\Local\Microsoft\Windows\{5F2E058F-4549-45B8-A018-CB77CD51581E}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [a68e794e4761de58a6e610ac837d54ac] C:\Users\john\AppData\Local\Microsoft\Windows\{60328A11-EFB4-42DB-B200-AB7CCBAB1B11}\mstask.exe (Backdoor.Zyklon) -> Delete on reboot. [ff3519ae396f75c11973992380801ee2] C:\Users\john\AppData\Local\Microsoft\Windows\{665B9AB5-BFE5-47E3-A6B1-CA52730F7E4C}\config.exe (Backdoor.Zyklon) -> Delete on reboot. [a88c5671b4f40333156ad8daa759956b] C:\Users\john\AppData\Local\Microsoft\Windows\{69EF324B-E2B8-4494-8C8D-B5D9A75903F8}\taskeng.exe (Backdoor.Zyklon) -> Delete on reboot. [fb391cab5d4b54e285073d7f000057a9] C:\Users\john\AppData\Local\Microsoft\Windows\{6F53C0DC-126B-4AF5-B091-55A3EBE1A500}\services.exe (Backdoor.Zyklon) -> Delete on reboot. [c56f45821197b086cac2a21a49b7d52b] C:\Users\john\AppData\Local\Microsoft\Windows\{7985E70C-704D-431E-B4FB-CA28BD94607A}\winlogon.exe (Backdoor.Zyklon) -> Delete on reboot. [2a0a8047377195a1018b0bb1aa56649c] C:\Users\john\AppData\Local\Microsoft\Windows\{8BC9F6E2-1E1E-435E-A589-F74C7B5437D3}\Skype.exe (Backdoor.Zyklon) -> Delete on reboot. [9c989f28693fef474e31c7ebaf517e82] C:\Users\john\AppData\Local\Microsoft\Windows\{8F116B90-A6EC-452A-BF93-894F3FC6D242}\Java.exe (Backdoor.Zyklon) -> Delete on reboot. [46eebb0c10983ff7127a3c80ca36af51] C:\Users\john\AppData\Local\Microsoft\Windows\{98267415-F78E-4F87-A50B-9244C83DF68F}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [38fc00c7c7e1c57108847943b44c5da3] C:\Users\john\AppData\Local\Microsoft\Windows\{A4728E95-11B8-42C3-A4EE-28C683968F66}\taskmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [1d17e9debbedbf77ace0ccf0926ef30d] C:\Users\john\AppData\Local\Microsoft\Windows\{A479B548-8D3D-408C-BDB5-9C1C8718D7C2}\taskhost.exe (Backdoor.Zyklon) -> Delete on reboot. [9a9a5a6d594f91a5b9c60da5817f0ef2] C:\Users\john\AppData\Local\Microsoft\Windows\{ABAC5B4C-95E4-4DCF-ADC3-B03AC02CF965}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [e74de1e6c5e387af0884259757a90ef2] C:\Users\john\AppData\Local\Microsoft\Windows\{ACDCB7E6-48D2-46AE-B929-7C7C6959D824}\dllhost.exe (Backdoor.Zyklon) -> Delete on reboot. [c37109be901867cf5636526aa858e31d] C:\Users\john\AppData\Local\Microsoft\Windows\{B1010CA3-EEBB-4639-A293-1B0D6EB8014C}\csrss.exe (Backdoor.Zyklon) -> Delete on reboot. [270d923568405adca3e9fac2f90755ab] C:\Users\john\AppData\Local\Microsoft\Windows\{BEB3331A-9254-4CD7-8626-E25766FD7E4D}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [4be94186d1d773c37b118a32c23ed030] C:\Users\john\AppData\Local\Microsoft\Windows\{D0034287-8B42-4BF6-83C7-4ACA348B9C81}\cleanmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [161e1daa9513ff37dfad2894758b28d8] C:\Users\john\AppData\Local\Microsoft\Windows\{3DDC4472-1299-42B4-B966-A95CF7EB7E78}\taskmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [3df73097aff94cea9af20ab257a99769] C:\Users\john\AppData\Local\Microsoft\Windows\{4926130E-F605-47FD-BD2E-C314FFC6EB82}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [5fd5d8efc2e6c76fd0bcdae2aa56fc04] C:\Users\john\AppData\Local\Microsoft\Windows\{53C4BB8B-A822-4FF5-977C-466764970432}\System.exe (Backdoor.Zyklon) -> Delete on reboot. [3103794ed3d549ed4e3ee6d6c8387987] C:\Users\john\AppData\Local\Microsoft\Windows\{5AAB9970-38A3-47FE-BA5A-3D294B16DCDF}\wscript.exe (Backdoor.Zyklon) -> Delete on reboot. [df55497eaff92d091478ccf0f30dba46] C:\Users\john\AppData\Local\Microsoft\Windows\{5D1B8451-E52D-40D9-89F9-69154EE0AC8D}\Skype.exe (Backdoor.Zyklon) -> Delete on reboot. [5adae0e7654314227e01ecc620e0847c] C:\Users\john\AppData\Local\Microsoft\Windows\{DCA3773E-8F62-49DD-89E6-BBE1B6BE8591}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [fc383097e4c458de94f84379827eed13] C:\Users\john\AppData\Local\Microsoft\Windows\{DD347ACA-B3A7-4F54-80C6-85A90DB5C32B}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [ca6ab2152f7922143f4dcdeff30d03fd] C:\Users\john\AppData\Local\Microsoft\Windows\{F77B9D3C-834E-4272-8747-7A8C62FD72B7}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [58dc1bacf1b735015e2ee0dca65a20e0] C:\Users\john\AppData\Local\Microsoft\Windows\{F80B868E-A06A-4AD9-B1B7-A8926FC0CCB5}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [c76d06c1c2e655e1721a2a92ca366b95] C:\Users\john\AppData\Local\Temp\58698.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [35ff4a7db5f342f4313fa02b1be63cc4] C:\Users\john\AppData\Local\Temp\xm.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [e054d5f22d7b9c9af47cd3f8cc355ba5] C:\Users\john\AppData\Local\Temp\14946.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [5fd52b9c5a4e56e07df3b5165fa22cd4] C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\minerd.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [b2822d9a58507db90abdedd77f81a25e] C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\Slideshows\SlideshowService.exe (Trojan.Agent.TPL) -> Delete on reboot. [f341e0e72e7a999d21a13b8102fe9967] Physical Sectors Detected: 0 (No malicious items detected) (end) the final time i ran it it detected nothing Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.07.08 rootkit: v2017.02.27.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 5:45:14 PM mbar-log-2017-03-07 (17-45-14).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 297684 Time elapsed: 16 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) i ran it a total of 4 times and 3 of the times it found 80 then i cleaned it, then 40 then i cleaned it, then 30 and i cleaned it, it now says 0
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.