Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dmed

Dmed

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 30 September 2013 - 02:03 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:56 PM, on 9/30/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Users\rabbu\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\rabbu\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8957 bytes

 


Edited by Dmed, 30 September 2013 - 02:08 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 30 September 2013 - 02:37 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Dmed

Dmed
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 30 September 2013 - 12:32 PM

I am currently running Windows 8.1. On double-clicking DDS.scr, I get "DDS is not meant to run in 'Compatibility Mode'. The program shall now exit." message.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-30 23:11:51
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 WDC_WD5000BPVT-75HXZT3 rev.01.01A01 465.76GB
Running: gv9z4539.exe; Driver: C:\Users\rabbu\AppData\Local\Temp\fftyipow.sys


---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [624:2812]                                                                                                                                                     fffff9600082c4d0
Thread   C:\Windows\System32\SettingSyncHost.exe [4260:5008]                                                                                                                                          00007ffe17384b30
Thread   C:\Windows\System32\SettingSyncHost.exe [4260:4504]                                                                                                                                          00007ffe22a71b44
Thread   C:\Windows\System32\SettingSyncHost.exe [4260:4316]                                                                                                                                          00007ffe097f8320

---- Services - GMER 2.1 ----

Service  C:\Windows\SysWow64\IntelCpHeciSvc.exe (*** hidden *** )                                                                                                                                     [AUTO] cphs                                                                                                                                                                                                                                                                                                                                 <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control@DirtyShutdownCount                                                                                                                                     3
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                                                                            0x37 0x7A 0x94 0xA5 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                                                                        0xC9 0xC4 0x81 0x71 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime                                                                                                                           0xEB 0x27 0x84 0x71 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US                                                                                                                        6
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO22EC0_01_07D9_D4^CB5A97934E6477FA782863D9CD475CC6@Timestamp                                                           0x2A 0x8A 0xAD 0x75 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                                                                             684
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9FD1D9F1-CC3C-4800-B9C1-7DF7BCF9F2ED}\Connection@Name                                                  isatap.{FC0ABB5E-56C6-4417-AC13-2320975B97A0}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a\7516b95f-f776-4464-8c53-06167f40cc99\3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e@ACSettingIndex  180
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                                                                           3899985
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                            -2038890231
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                                                                            7
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                                                                          392825869
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                                                                         5941
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                                                                             619ba2a0-ac87-4f1f-be86-5872164
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId                                                                                                                         7
Reg      HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName                                                                                                                                  \BaseNamedObjects\WDI_{f045b91e-6f05-40ff-87cf-31fd151bfda1}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\avchv\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                 0x22 0xAF 0x0B 0x21 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                 0xC6 0xD3 0x48 0x82 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog                                                                                                          0xDE 0xD5 0x0A 0x82 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\cphs@Start                                                                                                                                            2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\cphs                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog                                                                                                              0x7F 0xA9 0x50 0x82 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog                                                                                                              0x14 0x0F 0x44 0x82 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\6To4\{95E05992-C6AC-47F5-91CA-9344A4250CAB}@InterfaceName                                                                         6TO4 Adapter
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\6To4\{95E05992-C6AC-47F5-91CA-9344A4250CAB}@ReusableType                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\6To4\{95E05992-C6AC-47F5-91CA-9344A4250CAB}@DefunctTimestamp                                                                      0x60 0x80 0x49 0x52 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9FD1D9F1-CC3C-4800-B9C1-7DF7BCF9F2ED}@InterfaceName                                                                       isatap.{FC0ABB5E-56C6-4417-AC13-2320975B97A0}
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9FD1D9F1-CC3C-4800-B9C1-7DF7BCF9F2ED}@ReusableType                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9FD1D9F1-CC3C-4800-B9C1-7DF7BCF9F2ED}@DefunctTimestamp                                                                    0x60 0x80 0x49 0x52 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog                                                                                                               0x82 0xE3 0x3B 0x89 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MsLldp\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                0x4B 0x2A 0x22 0xA1 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog                                                                                                        0xDE 0xD5 0x0A 0x82 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{FC0ABB5E-56C6-4417-AC13-2320975B97A0}@NetbiosOptions                                                               2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                0x62 0x06 0xC9 0x95 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge                                                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                              ?Sun?, ?Sep ?29 ?13, 06:31:28 PM???????????????????????????????
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                              516
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                             202
Reg      HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                                                                       5
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage@Bind                                                                                                                                    \Device\{FC0ABB5E-56C6-4417-AC13-2320975B97A0}?\Device\{C424113C-35C0-4C06-80D1-775836CB9CA0}?\Device\{D26CBF7B-80A7-4AA9-9577-94AC9222831C}?\Device\{9E9F726E-D15F-4C12-971E-D9DB7A266023}?\Device\{06F7DA4E-3786-4E0E-A182-9CDCED576FFA}?\Device\{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\{F58A5F6F-35DA-472A-8FF3-1D01BB3DC1B4}?
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FC0ABB5E-56C6-4417-AC13-2320975B97A0}@DhcpIPAddress                                                                      124.41.228.4
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FC0ABB5E-56C6-4417-AC13-2320975B97A0}@DhcpSubnetMask                                                                     255.255.255.255
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FC0ABB5E-56C6-4417-AC13-2320975B97A0}@NameServer                                                                         202.79.32.4 202.79.32.35
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog                                                                                                              0x1B 0xC4 0xF0 0x7B ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                 0xDE 0xD5 0x0A 0x82 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog                                                                                                               0x0C 0xC0 0x0C 0x7C ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog                                                                                                               0x14 0xB0 0xFC 0x7B ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\VBoxNetFlt@DriverMajorVersion                                                                                                                         8
Reg      HKLM\SYSTEM\CurrentControlSet\Services\VBoxNetFlt@DriverMinorVersion                                                                                                                         1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore@ProcessedPackageStateChangeVersion                                                                                  222
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks                                                                                               4
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudUsertileDirtyMarks                                                                                               4
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter                                                                                         15513
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsBandwidthBucketDrainTime                                                                                   0x57 0x90 0x6B 0x46 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                                                                     0x5A 0x1C 0x92 0xA0 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                                                                0x5A 0x1C 0x92 0xA0 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter                                                                                           12777
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                                                                       0x5A 0x1C 0x92 0xA0 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter                                                                                          1205506
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalBandwidthBucketDrainTime                                                                                    0xE3 0xA5 0x51 0x4F ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                                                                      0x5A 0x1C 0x92 0xA0 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken                                                                                                      LM%3d63516131552817%3bID%3d9FE1BE29C8C37626!106%3bLR%3d63516133333523%3bEP%3d3%3bTD%3dTrue
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime                                                                                                        0x0C 0x74 0xD2 0xC6 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                                                                                        15
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\browsersettings\typedurls-internet-explorer@PendingOperations                                                  8
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\browsersettings\wininet-internet-explorer@PendingOperations                                                    8
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\remotesyncdummyid@PendingOperations                                                                    8192
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\startlayout@PendingOperations                                                                          8
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\userlibraries@AttemptedOperations                                                                      1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastStoreActivity                                                                                                                       0x72 0xB3 0xAC 0x4A ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh                                                                                                                         0x56 0x7B 0xA2 0x38 ...

---- EOF - GMER 2.1 ----
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 01 October 2013 - 12:26 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 08 October 2013 - 02:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users