Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Seedworm Spy Gang Stores Malware on GitHub, Keeps Up with Infosec Advances

Featured Deal: Get 99% off The The 2019 Ethical Hacker Master Class Bundle

Photo

Suspicious registry paths & severe problems with yahoo mail program

Started by Julesverne , Jan 25 2017 05:40 AM

  • This topic is locked This topic is locked
4 replies to this topic

#1 Julesverne

Julesverne

  • Members
  • 82 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Local time:01:06 PM

Posted 25 January 2017 - 05:40 AM

Despite my computer's scanning clear as per help I received last month, I'm still having severe problems with yahoo mail - freezing, pages not loading properly, inability to delete messages, and now so many of my own emails going unanswered, it seems they're not being delivered. (Here is the original topic, now closed: https://www.bleepingcomputer.com/forums/t/634865/avast-mbam-dont-id-infection-that-keeps-returning-upon-startup/#entry4141572 )

 

I was advised then to run RogueKiller if any problems returned. The scan turns up four suspicious paths related to my firewall. Here's the report:

 

Thanks so much for the assistance.

 

RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Janet [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/25/2017 10:30:52 (Duration : 00:41:49)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C24BCDF3-CCF5-4445-95C3-12FB8DCC86F4} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Janet\AppData\Local\Temp\7zS3216\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0540C7F9-904B-4F8E-A499-E4E915305465} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Janet\AppData\Local\Temp\7zS3216\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {395BF7FB-88B7-404F-B21B-DE3AF213D821} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Janet\AppData\Local\Temp\7zS5278\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0ABE247F-83C2-4451-9E67-A5AFB58B1A43} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Janet\AppData\Local\Temp\7zS5278\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-60JC3T0 SATA Disk Device +++++
--- User ---
[MBR] 718108248237bd7a6fb5c674a80f158c
[BSP] 36e824859a7492ec4de06826f6f47e7e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 928939 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1904596992 | Size: 857 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1906352128 | Size: 23028 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

 

 

 

 


BC AdBot (Login to Remove)

 

#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,782 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 29 January 2017 - 11:28 PM

My sincere apology for the late reply. Do you still require assistance?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 

#3 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Local time:01:06 PM

Posted 30 January 2017 - 11:56 AM

Yes I do, thank you. I may be also a little slow to reply because I'll be on the road this week, with limited time and internet access. But yes, I'd love some help. Thanks so much.


#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,782 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 30 January 2017 - 02:33 PM

  • Step # 1Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 

#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,782 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 02 February 2017 - 11:38 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·