Jump to content

Scan for inspiron


Recommended Posts

For a long time, Chrome has behaved oddly,always delaying 5-30 seconds before echoing text in address bar. Recently MWB found a couple of threats, and removed them, but I'm suspicious. Also got an Apple ID change notice, and another after changing pw. Is it paranoid to think 'keystroke logger'? 

Farbar scans attached.

Many thanks

FRST.txt

Addition.txt

Link to post
Share on other sites

Thanks, TWE.

Hmm. I see mbam logs, which really just list the scan parameters. And protection logs, which are all about sites trapped during the day. I don't see a report listing the threats found. 

I attach a screenshot of what's in quarantine, which reminds me that there was some targeted threat several months back for which I, um, actually paid for another program that purported to solve it (Plumbytes). No further obvious issues, but looking at the quarantine, clearly an issue.

Especially since the directory listed in that shot is not visible to me in explorer or command (attached).

Is there another file I should be looking for?

threat_a.png

threat_b.png

Link to post
Share on other sites

From 6/6:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/6/2016
Scan Time: 8:40 AM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.06.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Jay

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386574
Time Elapsed: 43 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe, 2308, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7]

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Plumbytes, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pbamw_service, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plumbytes Anti-Malware 2016, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, HKLM\SOFTWARE\Plumbytes Software, Quarantined, [fac13cbde5b436000341826a08fba45c], 

Registry Values: 2
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Plumbytes Anti-Malware, "C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\plumbytes.exe" /tray, Quarantined, [c6f53bbe3d5ca6903012668622e129d7]
PUP.Optional.Plumbytes, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PBAMW_SERVICE|Description, Plumbytes Anti-Malware Service, Quarantined, [e2d9ef0a2c6d40f680c549a30af920e0]

Registry Data: 0
(No malicious items detected)

Folders: 10
PUP.Optional.Plumbytes, C:\Users\Jay\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}, Quarantined, [fac14faa1584cc6aa7997c70897a0df3], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\de, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\es-ES, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\fr, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\it, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\nl, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\pt-BR, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware, Quarantined, [615afaffb2e793a3dc67717bba49867a], 

Files: 34
PUP.Optional.Plumbytes, C:\Users\Jay\Desktop\Plumbytes Anti-Malware.lnk, Quarantined, [4972f5047029280e73cc6f7dbc47a45c], 
PUP.Optional.Plumbytes, C:\Users\Jay\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}\ScanLogs.xml, Quarantined, [fac14faa1584cc6aa7997c70897a0df3], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Scanner.log, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\log4net.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe.log, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\BugTrap.dll, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\CmdProxy.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\DB.dll, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\GalaSoft.MvvmLight.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\GalaSoft.MvvmLight.Extras.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Hardcodet.Wpf.TaskbarNotification.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Infralution.Localization.Wpf.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\mfc120u.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Microsoft.Practices.ServiceLocation.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\msvcp120.dll, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\msvcr120.dll, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Newtonsoft.Json.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\PCRE_16.dll, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.Common.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Scan.dll, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\System.Windows.Interactivity.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\uninstall.exe, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\vx.db3, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Zlib.dll, Delete-on-Reboot, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\de\Plumbytes.resources.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\es-ES\Plumbytes.resources.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\fr\Plumbytes.resources.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\it\Plumbytes.resources.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\nl\Plumbytes.resources.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\pt-BR\Plumbytes.resources.dll, Quarantined, [c6f53bbe3d5ca6903012668622e129d7], 
PUP.Optional.Plumbytes, C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware\Plumbytes Anti-Malware.lnk, Quarantined, [615afaffb2e793a3dc67717bba49867a], 
PUP.Optional.Plumbytes, C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware\Uninstall.lnk, Quarantined, [615afaffb2e793a3dc67717bba49867a], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Let's check your PC with farbar again.

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.