Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - zep516

Pages: [1] 2
2
Computer Problems, Questions and Solutions! / reset edge browser
« on: May 13, 2017, 02:20:36 PM »
Anyone know the best way to do this?

3
Testing / TEST
« on: July 28, 2014, 09:42:33 PM »
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

[img=https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG]

Go back to the Dashboard and select Scan Now

[img=https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG]

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

[img=https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG]

[img=https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG]

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

4
Testing / test
« on: May 24, 2014, 01:05:44 PM »
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code: [Select]
:filefind
yaimo.crx
:regfind
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt






5
Testing / test
« on: August 25, 2013, 01:24:34 AM »
test

6
Analysis and Malware Removal / Infected logs posted
« on: August 10, 2012, 09:24:43 PM »
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_32
Run by JOE at 18:08:56 on 2012-08-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1918.1360 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Start Menu 7\StartMenu7.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Users\JOE\Desktop\programs\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.help2go.com/
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [StartMenu7] "c:\program files\start menu 7\StartMenu7.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\v6lkgcwz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-10-19 21992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-13 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-13 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-13 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-8 1343400]
.
=============== Created Last 30 ================
.
2012-08-10 21:53:57   --------   d-----w-   C:\$RECYCLE.BIN
2012-08-10 21:52:38   --------   d-----w-   c:\users\joe\appdata\local\temp
2012-08-10 19:32:06   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2012-08-09 12:12:15   6891424   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{0ccb15a6-0fb4-488f-9efe-fdea1e1a70e2}\mpengine.dll
2012-08-08 02:01:41   6891424   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2012-08-10 21:22:04   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-10 21:22:04   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-12 02:40:48   2345984   ----a-w-   c:\windows\system32\win32k.sys
2012-06-06 05:05:52   1390080   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 05:05:52   1236992   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 05:03:06   805376   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-02 22:12:32   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:12:13   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 19:19:42   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-02 08:33:25   1800192   ----a-w-   c:\windows\system32\jscript9.dll
2012-06-02 08:25:08   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-06-02 08:25:03   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04   67440   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03   134000   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59   369336   ----a-w-   c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39   225280   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 04:39:10   219136   ----a-w-   c:\windows\system32\ncrypt.dll
2010-01-05 00:03:52   163840   ----a-w-   c:\program files\NetworkIndicator.exe
2005-02-16 16:06:16   218112   ----a-w-   c:\program files\HijackThis.exe
.
============= FINISH: 18:09:24.82 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/7/2010 2:07:27 PM
System Uptime: 8/10/2012 6:02:04 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA74GM-S2H
Processor: AMD Phenom(tm) 9750 Quad-Core Processor | Socket M2 | 2400/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 77 GiB total, 51.618 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
Description: Brother MFC-7420 Fax Only
Device ID: USB\VID_04F9&PID_0180&MI_02\6&152347B3&0&0002
Manufacturer: Brother
Name: Brother MFC-7420 Fax Only
PNP Device ID: USB\VID_04F9&PID_0180&MI_02\6&152347B3&0&0002
Service: Modem
.
==== System Restore Points ===================
.
RP598: 8/4/2012 11:52:53 AM - Windows Update
RP599: 8/7/2012 10:01:23 PM - Windows Update
RP600: 8/10/2012 5:45:39 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
CCleaner
Compatibility Pack for the 2007 Office system
CPUID CPU-Z 1.58
CPUID HWMonitor 1.18
Defraggler
ERUNT 1.1j
Foxit Reader
Google Chrome
Google Update Helper
HiJackThis
HijackThis 1.99.1
ISO Recorder
Java Auto Updater
Java(TM) 6 Update 32
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
PaperPort
Recuva
SIW version 2010.07.14
Sophos Windows Shortcut Exploit Protection Tool
Start Menu 7 3.62
SUPERAntiSpyware
swMSM
TreeSize Free V2.6
WinDirStat 1.1.2
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 5:17:46 PM, Error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
8/10/2012 5:49:59 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/10/2012 5:44:06 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
8/10/2012 5:44:02 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
8/10/2012 4:08:51 PM, Error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/10/2012 3:26:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
.
==== End Of File ===========================

 Results of screen317's Security Check version 0.99.24 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:

 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

 Out of date HijackThis installed!
 SUPERAntiSpyware     
 HijackThis 1.99.1   
 CCleaner     
 Java(TM) 6 Update 32 
 Adobe Flash Player    11.3.300.270 
 Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 Microsoft Security Essentials msseces.exe
``````````End of Log````````````

ComboFix 12-08-09.01 - JOE 08/10/2012  17:46:56.7.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1918.1150 [GMT -4:00]
Running from: c:\users\JOE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JOE\AppData\Local\{e26334e7-9f57-4a31-704e-635bd0e538fd}\@
c:\users\JOE\AppData\Local\{e26334e7-9f57-4a31-704e-635bd0e538fd}\n
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\@
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\L\00000004.@
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\L\201d3dde
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\00000004.@
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\00000008.@
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\000000cb.@
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\80000000.@
c:\windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\80000032.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy2_!Windows!System32!services.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-10 to 2012-08-10  )))))))))))))))))))))))))))))))
.
.
2012-08-10 21:52 . 2012-08-10 21:54   --------   d-----w-   c:\users\JOE\AppData\Local\temp
2012-08-10 21:52 . 2012-08-10 21:52   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-08-10 21:52 . 2012-08-10 21:52   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2012-08-10 21:52 . 2012-08-10 21:52   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-08-10 21:52 . 2012-08-10 21:52   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2012-08-10 19:32 . 2012-08-10 19:32   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2012-08-09 12:12 . 2012-06-29 08:44   6891424   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CCB15A6-0FB4-488F-9EFE-FDEA1E1A70E2}\mpengine.dll
2012-08-08 02:01 . 2012-06-29 08:44   6891424   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 21:22 . 2012-03-29 11:55   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-10 21:22 . 2011-05-20 22:45   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2010-02-20 17:40   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-12 02:40 . 2012-07-11 07:02   2345984   ----a-w-   c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-10 20:09   1390080   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 20:09   1236992   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 20:09   805376   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:08   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:08   45080   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:08   35864   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:08   577048   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:08   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:08   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:08   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:08   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 12:08   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 07:05   1800192   ----a-w-   c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 07:05   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 07:05   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 07:05   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 07:05   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-10 20:09   67440   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-10 20:09   134000   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-10 20:09   369336   ----a-w-   c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-10 20:09   225280   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-10 20:09   219136   ----a-w-   c:\windows\system32\ncrypt.dll
2010-01-05 00:03 . 2010-01-05 00:03   163840   ----a-w-   c:\program files\NetworkIndicator.exe
2005-02-16 16:06 . 2005-02-16 16:06   218112   ----a-w-   c:\program files\HijackThis.exe
2012-07-18 19:11 . 2011-08-27 20:04   136672   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartMenu7"="c:\program files\Start Menu 7\StartMenu7.exe" [2010-04-19 2919288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-28 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\JOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02   254696   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe

R3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:22]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 02:56]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.help2go.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\JOE\AppData\Roaming\Mozilla\Firefox\Profiles\v6lkgcwz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - true
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,cd,27,00,ce,bd,5c,4e,9e,cf,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,cd,27,00,ce,bd,5c,4e,9e,cf,12,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2352)
c:\program files\Start Menu 7\VistaStartMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-08-10  17:58:23 - machine was rebooted
ComboFix-quarantined-files.txt  2012-08-10 21:58
ComboFix2.txt  2012-03-22 03:48
ComboFix3.txt  2012-03-22 03:28
ComboFix4.txt  2012-03-21 01:39
.
Pre-Run: 55,515,103,232 bytes free
Post-Run: 55,291,785,216 bytes free
.
- - End Of File - - 0C0AE67D99F340AA84B2D1AE29DC7406


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JOE :: JOE-PC [administrator]

8/10/2012 4:27:01 PM
mbam-log-2012-08-10 (16-52-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216512
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\JOE\AppData\Local\{e26334e7-9f57-4a31-704e-635bd0e538fd}\n. -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.
C:\Windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\n (Trojan.Agent.BVGen) -> No action taken.
C:\Windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\00000004.@ (Rootkit.Zaccess) -> No action taken.
C:\Windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\80000000.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{e26334e7-9f57-4a31-704e-635bd0e538fd}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

I did take action using Malwarebytes, although this log does not show it.

Symptons were Google redirects sort of. After running combofix everything seems normal, I did notice a rogue pop up, and a flashplayer download that I ignored on a perticular site called Utube.  Everthing seemed normal until I used Googel in an attempt to help someone, tech support forum link was blocked and so was bleeping computer combofix download, I flushed out the DNS and was able to get to combofix Bleeping computer link and ran it, lof is posted. Could someone look at the logs for me.


7
Hi,

User error is need to validate windows that my windows is not genuine

 I have a user HERE

Does anyone have a clue? Not sure how to proceed .

The only thing I see is as a possible source.

File Scan Data-->
File Mismatch: C:\windows\system32\sppobjs.dll[Hr = 0x80092003]

Did see some reference to this,

Download and install the latest IntelĀ® Rapid Storage Technology drivers.

From Here

Any advice would be welcome....

Joe


8
Testing / hi
« on: July 07, 2012, 09:20:32 PM »
test ava

9
Testing / test attachment
« on: October 24, 2011, 01:21:14 PM »
Test Attachment file

10
Jokes / new Corvette convertible
« on: August 27, 2010, 11:59:49 PM »
A  senior citizen in Texas  drove his brand new Corvette convertible out of the dealership. Taking off down the road, he pushed it to 80 mph, enjoying the wind blowing through what little hair he had left. "Amazing," he thought as he flew down I-40, pushing the pedal even more.

Looking in his rear view mirror, he saw a Texas State Trooper, blue lights flashing and siren blaring. He floored it to 100 mph, then 110, then 120. Suddenly he thought, "What am I doing? I'm too old for this!"and pulled over to await the trooper's arrival.
 
Pulling in behind him, the trooper got out of his vehicle and walked up to the Corvette. He looked at his watch, then said, "Sir, my shift ends in 30 minutes. Today is Friday. If you can give me a new reason for speeding--a reason I've never before heard -- I'll let you go."
 
The old gentleman paused then said: "Three years ago, my wife ran off with a Texas State Trooper. I thought you were bringing her back."
 
"Have a good day, Sir," replied the trooper.
 
 
 
 
 


11
Analysis and Malware Removal / Windows 7 home prem. hijackthis log
« on: February 19, 2010, 08:57:43 PM »
Hello,

Everyone.


Was wondering why hijackthis is not listing some entries and stops at the 013. Just recently installed Windows 7 Home Prem. Ran as adminstrator too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:24 PM, on 2/19/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\JOE\Documents\network-activity-indicator\NetworkIndicator.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.help2go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix:

--
End of file - 2322 bytes

zep516

12
LandzDown Lounge / God mode
« on: January 29, 2010, 12:45:09 PM »
Pasted form another forum.

Hello, heres a little tip i just picked up from the internet and thought id share it with you all.
People have been calling this "God Mode" although its really just a handy control panel type program built into windows vista and windows 7 with alot more options at hand and its very easy to set up.
1) First, on your desktop, create a new folder (using the right mouse button and select new and folder from the menu)
2) rename the folder to this :
God Mode.{ED7BA470-8E54-465E-825C-99712043E01C}

and thats it, the icon for the folder will change to a control panel and once you access it you will have loads of handy options to tinker with.
Enjoy :)

13
Jokes / wife nearly falls off her chair!
« on: January 11, 2010, 04:58:09 PM »
A woman is helping her computer-illiterate husband set up his
computer. She instructs him to choose and enter a password he wants
to use when logging on.

The husband, in a rather amorous mood, figures he will try for a
shock effect to bring his mood to his wife's attention. When the
computer asks him to enter his password, he makes it plainly obvious
to his wife that he is keying in "penis"...

His wife nearly falls off her chair from laughing so hard when
the computer replies:
***PASSWORD REJECTED. NOT LONG ENOUGH **
*** PLEASE TRY A NEW ONE ***

14
Jokes / A body builder
« on: March 16, 2009, 04:15:30 PM »
The body builder takes off his shirt and the blonde says, "What a Great chest you have!"
He tells her, "That's 100 lbs. of dynamite, Baby."

He takes off his pants and the blonde says, "What massive calves you have!" The body builder tells her, "That's 100 lbs. of dynamite, Baby."

He then removes his underwear and the blonde goes running out of the apartment screaming in fear. The body builder puts his clothes back on and chases after her. He catches up to her and asks why she ran out of the apartment like that.

The blonde replies, "I was afraid to be around all that dynamite after I saw how short the fuse was!"

15
LandzDown Lounge / Status change jr member
« on: January 16, 2009, 12:09:17 AM »
Status change jr member now,

Do I get a Prize or anything like that?

Pages: [1] 2