Jump to content

RReube

Members
  • Content Count

    9
  • Joined

  • Last visited

About RReube

  • Rank
    New Member
  1. problem seems to have been resolved, no longer getting .temp.exe block warnings on startup. Any way of knowing how i may have gotten this?
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home x64 Ran by RReub (Administrator) on Sat 07/08/2017 at 21:48:42.71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DD8F3CE0-1692-478D-BEA2-D857BC8C314C} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 07/08/2017 at 21:53:26.04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. step 3: # AdwCleaner v6.047 - Logfile created 06/07/2017 at 00:41:43 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-07-06.1 [Server] # Operating System : Windows 10 Home (X64) # Username : RReub - LAPTOP-F9KC7O72 # Running from : C:\Users\RReub\Downloads\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Default\AppData\Local\Host App Service [-] Folder deleted: C:\Users\Public\Pokki [-] Folder deleted: C:\Users\Public\App Explorer ***** [ Files ] ***** [-] File deleted: C:\Users\RReub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk [-] File deleted: C:\END [-] File deleted: C:\Users\Public\Desktop\eBay.lnk [-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: App Explorer ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} [-] Key deleted: HKU\S-1-5-21-925126538-334947261-793745087-1001\Software\Host App Service [-] Key deleted: HKU\S-1-5-21-925126538-334947261-793745087-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service [#] Key deleted on reboot: HKCU\Software\Host App Service [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service [#] Key deleted on reboot: [x64] HKCU\Software\Host App Service [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared :: " Image File Execution Options" keys deleted :: "Prefetch" files deleted :: Proxy settings cleared :: TCP/IP settings cleared :: Firewall rules cleared :: IPSec settings cleared :: BITS queue cleared :: IE policies deleted :: Chrome policies deleted :: Chrome preferences reset: C:\Users\RReub\AppData\Local\Google\Chrome\User Data\Default :: Hosts file cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3855 Bytes] - [06/07/2017 00:41:43] C:\AdwCleaner\AdwCleaner[S0].txt - [3542 Bytes] - [06/07/2017 00:39:23] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4001 Bytes] ##########
  4. step 2: i may do step 3 tonight or first thing tomorrow around 10 Fix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017 Ran by RReub (06-07-2017 00:03:00) Run:1 Running from C:\Users\RReub\Desktop Loaded Profiles: RReub (Available Profiles: RReub) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: EmptyTemp: C:\Users\RReub\AppData\Local\Host App Service\ HKU\S-1-5-21-925126538-334947261-793745087-1001\...\RunOnce: [Uninstall C:\Users\RReub\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RReub\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" 2017-06-12 22:19 - 2017-06-12 22:19 - 00000000 ____D C:\Users\RReub\AppData\Local\GOG.com 2017-06-12 22:14 - 2017-07-03 13:27 - 00000000 ____D C:\ProgramData\GOG.com 2017-06-12 22:14 - 2017-07-03 13:27 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy 2017-06-12 22:12 - 2017-06-12 22:13 - 157116344 _____ (GOG.com ) C:\Users\RReub\Downloads\setup_gwent_1.2.10.31_en.exe 2017-06-12 22:12 - 2017-06-12 22:13 - 00000064 _____ C:\Users\RReub\Downloads\gogGalaxy(1).auth 2016-09-16 14:35 - 2016-09-16 14:36 - 58523704 _____ (SweetLabs,Inc.) C:\Users\RReub\AppData\Local\Temp\oct1F9D.tmp.exe 2017-06-17 12:23 - 2017-06-17 12:23 - 39831840 _____ (SweetLabs,Inc.) C:\Users\RReub\AppData\Local\Temp\octB32D.tmp.exe File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe CMD: bitsadmin /reset /allusers CMD: ipconfig /flushdns End ***************** Restore point was successfully created. Processes closed successfully. C:\Users\RReub\AppData\Local\Host App Service => moved successfully HKU\S-1-5-21-925126538-334947261-793745087-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\RReub\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 => value removed successfully C:\Users\RReub\AppData\Local\GOG.com => moved successfully C:\ProgramData\GOG.com => moved successfully C:\Program Files (x86)\GOG Galaxy => moved successfully C:\Users\RReub\Downloads\setup_gwent_1.2.10.31_en.exe => moved successfully C:\Users\RReub\Downloads\gogGalaxy(1).auth => moved successfully C:\Users\RReub\AppData\Local\Temp\oct1F9D.tmp.exe => moved successfully C:\Users\RReub\AppData\Local\Temp\octB32D.tmp.exe => moved successfully ========================= File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe ======================== File not signed MD5: 8213094EA736A9C575AB0E22AD09B0BA Creation and modification date: 2015-05-19 13:11 - 2015-05-19 13:11 Size: 0335872 Attributes: ----A Company Name: Intel Corporation Internal Name: isa.exe Original Name: isa.exe Product: Intel(R) Security Assist Description: Intel(R) Security Assist File Version: 1.0.0.532 Product Version: 1.0.0.532 Copyright: Copyright © 2014 ====== End of File: ====== ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 1671335 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34526701 B Java, Flash, Steam htmlcache => 21017650 B Windows/system/drivers => 645509187 B Edge => 33239220 B Chrome => 0 B Firefox => 375526001 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 5337088 B systemprofile32 => 0 B LocalService => 30435890 B NetworkService => 6154 B RReub => 2883017150 B RecycleBin => 150311055 B EmptyTemp: => 3.9 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 00:17:29 ====
  5. scan was run once prior to me creating the forum here are the results of that as some items were quarantined Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/17 Scan Time: 12:17 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2285 License: Trial -System Information- OS: Windows 10 (Build 14393.1358) CPU: x64 File System: NTFS User: LAPTOP-F9KC7O72\RReub -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 404959 Threats Detected: 21 Threats Quarantined: 21 Time Elapsed: 12 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 21 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.AmazonRuntimeServer, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, Quarantined, [1507], [386607],1.0.2285 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.Amazon1ButtonRuntime, Quarantined, [1507], [386607],1.0.2285 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  6. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/4/17 Scan Time: 9:40 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2290 License: Trial -System Information- OS: Windows 10 (Build 14393.1358) CPU: x64 File System: NTFS User: LAPTOP-F9KC7O72\RReub -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 404756 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 13 min, 36 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  7. Sorry about that here are the logs FRST.txt Addition.txt
  8. good afternoon, recently my laptop symantec program started sending messages with an oct4ba2.tmp.exe file being reported as having been downloaded and of suspicious origin, each time im given the option of removing the program but it persists each time on computer startup. I downloaded malwarebytes and have attempted to use that program but havent seen any proogress from simply scanning and quaraanting the problem, any help would be greatly appreciated.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.