possible virus or multiple problems including lack of or false updating and keylogger
- Thread starter meltonclan4
- Start date
- Status
meltonclan4
New member
recent scan with keyboard disconnected
Search results from Spybot - Search & Destroy
9/25/2014 3:33:58 PM
Scan took 00:27:09.
11 items found.
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: kristen (default)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: kristen (default)) (Browser: Cookie, nothing done)
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cache: [SBI $49804B54] Browser: Cache (24) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (13) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (416) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-09-22 sd2-installer.exe (2.4.40.0)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-10 spybotsd2-translation-nlx.exe
2014-09-23 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-09-24 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-09-17 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-09-24 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-09-24 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Search results from Spybot - Search & Destroy
9/25/2014 3:33:58 PM
Scan took 00:27:09.
11 items found.
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: kristen (default)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: kristen (default)) (Browser: Cookie, nothing done)
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cache: [SBI $49804B54] Browser: Cache (24) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (13) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (416) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-09-22 sd2-installer.exe (2.4.40.0)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-10 spybotsd2-translation-nlx.exe
2014-09-23 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-09-24 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-09-17 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-09-24 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-09-24 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
ken545
Emeritus-Security Expert
Just looking at a couple of tracking cookies .
Lets run Combofix, this will pick up bad entries in case the other scanners missed them
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Lets run Combofix, this will pick up bad entries in case the other scanners missed them
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
meltonclan4
New member
the scan
I ran the scan, but now I can't find it. The more I read about it, I think my computer may have been hacked by a Remote Access Tool Keylogger. It explains what I and others have seen but the software cannot detect. Advise?
I ran the scan, but now I can't find it. The more I read about it, I think my computer may have been hacked by a Remote Access Tool Keylogger. It explains what I and others have seen but the software cannot detect. Advise?
meltonclan4
New member
found it
ComboFix 14-09-24.01 - kristen 09/25/2014 19:54:15.1.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3980.3132 [GMT -7:00]
Running from: c:\users\kristen\Desktop\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-08-26 to 2014-09-26 )))))))))))))))))))))))))))))))
.
.
2014-09-25 19:01 . 2014-09-25 19:01 556696 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-25 19:00 . 2014-09-25 19:00 -------- d-----w- c:\program files\Microsoft Office 15
2014-09-25 13:39 . 2014-09-25 13:39 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-09-24 15:02 . 2014-09-24 15:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-09-24 15:02 . 2014-09-24 15:02 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2014-09-24 14:59 . 2014-09-24 14:59 -------- d-----w- c:\programdata\Brother
2014-09-23 22:45 . 2014-09-23 22:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-09-23 21:49 . 2014-09-23 21:49 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2014-09-23 21:49 . 2014-09-23 21:49 -------- d-----w- c:\programdata\Foolish IT
2014-09-23 21:49 . 2014-09-23 21:49 -------- d-----w- c:\program files (x86)\Foolish IT
2014-09-23 21:48 . 2014-09-23 22:12 -------- d-----w- c:\programdata\OnlineArmor
2014-09-23 21:47 . 2014-09-25 13:02 64720 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys
2014-09-23 21:47 . 2014-09-25 13:02 52360 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys
2014-09-23 21:47 . 2014-09-25 13:02 35368 ----a-w- c:\windows\system32\drivers\OAnet.sys
2014-09-23 21:47 . 2014-09-25 13:00 62008 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys
2014-09-23 21:47 . 2014-09-26 01:08 -------- d-----w- c:\program files (x86)\Online Armor
2014-09-23 21:41 . 2014-09-23 21:41 -------- d-----w- c:\program files\WOT
2014-09-23 21:41 . 2014-09-23 21:41 -------- d-----w- c:\program files (x86)\WOT
2014-09-23 18:13 . 2013-09-20 17:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-09-23 17:37 . 2014-09-25 17:47 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 17:37 . 2014-09-23 17:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-23 17:37 . 2014-09-23 17:37 -------- d-----w- c:\programdata\Malwarebytes
2014-09-23 17:37 . 2014-05-12 14:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-23 17:37 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-23 17:37 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-23 17:31 . 2014-09-23 17:31 -------- d-----w- c:\windows\ERUNT
2014-09-23 17:24 . 2014-09-23 17:25 -------- d-----w- C:\AdwCleaner
2014-09-23 16:40 . 2014-09-23 16:40 -------- d-----w- C:\sources
2014-09-22 21:40 . 2014-09-23 19:40 -------- d-----w- C:\FRST
2014-09-22 18:56 . 2014-09-22 18:28 -------- d-----w- C:\Windows.old
2014-09-22 18:52 . 2014-09-22 18:08 -------- d-----w- C:\$SysReset
2014-09-22 18:16 . 2014-09-23 18:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-22 18:04 . 2014-09-23 18:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-09-22 18:03 . 2014-09-22 18:03 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-09-22 18:03 . 2014-09-22 18:03 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files\Common Files\Apple
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files\Bonjour
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files (x86)\Bonjour
2014-09-22 18:01 . 2014-09-22 18:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\programdata\Apple
2014-09-22 18:01 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-09-22 17:57 . 2014-09-09 02:06 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{244AF89D-B6E6-4F03-97B7-8D9736289921}\mpengine.dll
2014-09-22 17:57 . 2014-09-22 17:58 -------- d-----w- c:\users\kristen
2014-09-21 15:45 . 2014-09-22 18:23 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-17 15:52 . 2014-09-17 15:52 -------- d-----w- C:\RegBackup
2014-09-17 02:38 . 2014-09-17 02:38 -------- d--h--r- c:\users\Public\AccountPictures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 18:21 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-28 21:52 . 2014-07-28 21:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 21:52 . 2014-07-28 21:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2014-07-15 17:04 . 2014-07-15 17:04 23040 ----a-w- c:\windows\system32\drivers\netaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 Marvell AVASTAR Bluetooth Radio Adapter;Marvell AVASTAR Bluetooth Radio Adapter;c:\windows\system32\mvbtrcsvcx64.exe install;c:\windows\SYSNATIVE\mvbtrcsvcx64.exe install [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x]
S1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x]
S1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
S2 Marvell Bluetooth Radio Control Service;Marvell Bluetooth Radio Control Service;c:\windows\system32\mvbtrcsvcx64.exe;c:\windows\SYSNATIVE\mvbtrcsvcx64.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S3 kbfilter;Surface Touch Cover Filter Device Service;c:\windows\System32\drivers\SurfaceTouchCover.sys;c:\windows\SYSNATIVE\drivers\SurfaceTouchCover.sys [x]
S3 mwlu97w8;mwlu97w8;c:\windows\system32\DRIVERS\mwlu97w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\mwlu97w8x64.sys [x]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys;c:\windows\SYSNATIVE\DRIVERS\oanet.sys [x]
S3 SensorsHIDClassDriver;UMDF Reflector service for SensorsHIDClassDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SensorsServiceDriver;UMDF Reflector service for SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SurfaceAccessoryDevice;Surface Accessory Device Service;c:\windows\System32\drivers\SurfaceAccessoryDevice.sys;c:\windows\SYSNATIVE\drivers\SurfaceAccessoryDevice.sys [x]
S3 TrackpadSettingsDriver;TrackpadSettingsDriver Service;c:\windows\System32\drivers\TrackpadSettingsDriver.sys;c:\windows\SYSNATIVE\drivers\TrackpadSettingsDriver.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 19:01 2322576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 19:01 2322576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 19:01 2322576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
FF - ProfilePath - c:\users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\at3wsm05.default\
.
.
------- File Associations -------
.
.scr=CryptoPreventSCR
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-@OnlineArmor GUI - c:\program files (x86)\Online Armor\OAui.exe
AddRemove-OnlineArmor_is1 - c:\program files (x86)\Online Armor\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-09-25 19:58:48
ComboFix-quarantined-files.txt 2014-09-26 02:58
.
Pre-Run: 66,970,435,584 bytes free
Post-Run: 66,524,782,592 bytes free
.
- - End Of File - - 91CF728C9D286BDB9ACB6101BB652E17
5FB38429D5D77768867C76DCBDB35194
ComboFix 14-09-24.01 - kristen 09/25/2014 19:54:15.1.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3980.3132 [GMT -7:00]
Running from: c:\users\kristen\Desktop\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-08-26 to 2014-09-26 )))))))))))))))))))))))))))))))
.
.
2014-09-25 19:01 . 2014-09-25 19:01 556696 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-25 19:00 . 2014-09-25 19:00 -------- d-----w- c:\program files\Microsoft Office 15
2014-09-25 13:39 . 2014-09-25 13:39 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-09-24 15:02 . 2014-09-24 15:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-09-24 15:02 . 2014-09-24 15:02 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2014-09-24 14:59 . 2014-09-24 14:59 -------- d-----w- c:\programdata\Brother
2014-09-23 22:45 . 2014-09-23 22:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-09-23 21:49 . 2014-09-23 21:49 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2014-09-23 21:49 . 2014-09-23 21:49 -------- d-----w- c:\programdata\Foolish IT
2014-09-23 21:49 . 2014-09-23 21:49 -------- d-----w- c:\program files (x86)\Foolish IT
2014-09-23 21:48 . 2014-09-23 22:12 -------- d-----w- c:\programdata\OnlineArmor
2014-09-23 21:47 . 2014-09-25 13:02 64720 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys
2014-09-23 21:47 . 2014-09-25 13:02 52360 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys
2014-09-23 21:47 . 2014-09-25 13:02 35368 ----a-w- c:\windows\system32\drivers\OAnet.sys
2014-09-23 21:47 . 2014-09-25 13:00 62008 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys
2014-09-23 21:47 . 2014-09-26 01:08 -------- d-----w- c:\program files (x86)\Online Armor
2014-09-23 21:41 . 2014-09-23 21:41 -------- d-----w- c:\program files\WOT
2014-09-23 21:41 . 2014-09-23 21:41 -------- d-----w- c:\program files (x86)\WOT
2014-09-23 18:13 . 2013-09-20 17:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-09-23 17:37 . 2014-09-25 17:47 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 17:37 . 2014-09-23 17:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-23 17:37 . 2014-09-23 17:37 -------- d-----w- c:\programdata\Malwarebytes
2014-09-23 17:37 . 2014-05-12 14:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-23 17:37 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-23 17:37 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-23 17:31 . 2014-09-23 17:31 -------- d-----w- c:\windows\ERUNT
2014-09-23 17:24 . 2014-09-23 17:25 -------- d-----w- C:\AdwCleaner
2014-09-23 16:40 . 2014-09-23 16:40 -------- d-----w- C:\sources
2014-09-22 21:40 . 2014-09-23 19:40 -------- d-----w- C:\FRST
2014-09-22 18:56 . 2014-09-22 18:28 -------- d-----w- C:\Windows.old
2014-09-22 18:52 . 2014-09-22 18:08 -------- d-----w- C:\$SysReset
2014-09-22 18:16 . 2014-09-23 18:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-22 18:04 . 2014-09-23 18:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-09-22 18:03 . 2014-09-22 18:03 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-09-22 18:03 . 2014-09-22 18:03 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files\Common Files\Apple
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files\Bonjour
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\program files (x86)\Bonjour
2014-09-22 18:01 . 2014-09-22 18:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-09-22 18:01 . 2014-09-22 18:01 -------- d-----w- c:\programdata\Apple
2014-09-22 18:01 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-09-22 17:57 . 2014-09-09 02:06 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{244AF89D-B6E6-4F03-97B7-8D9736289921}\mpengine.dll
2014-09-22 17:57 . 2014-09-22 17:58 -------- d-----w- c:\users\kristen
2014-09-21 15:45 . 2014-09-22 18:23 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-17 15:52 . 2014-09-17 15:52 -------- d-----w- C:\RegBackup
2014-09-17 02:38 . 2014-09-17 02:38 -------- d--h--r- c:\users\Public\AccountPictures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 18:21 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-28 21:52 . 2014-07-28 21:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 21:52 . 2014-07-28 21:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2014-07-15 17:04 . 2014-07-15 17:04 23040 ----a-w- c:\windows\system32\drivers\netaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 Marvell AVASTAR Bluetooth Radio Adapter;Marvell AVASTAR Bluetooth Radio Adapter;c:\windows\system32\mvbtrcsvcx64.exe install;c:\windows\SYSNATIVE\mvbtrcsvcx64.exe install [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x]
S1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x]
S1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
S2 Marvell Bluetooth Radio Control Service;Marvell Bluetooth Radio Control Service;c:\windows\system32\mvbtrcsvcx64.exe;c:\windows\SYSNATIVE\mvbtrcsvcx64.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S3 kbfilter;Surface Touch Cover Filter Device Service;c:\windows\System32\drivers\SurfaceTouchCover.sys;c:\windows\SYSNATIVE\drivers\SurfaceTouchCover.sys [x]
S3 mwlu97w8;mwlu97w8;c:\windows\system32\DRIVERS\mwlu97w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\mwlu97w8x64.sys [x]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys;c:\windows\SYSNATIVE\DRIVERS\oanet.sys [x]
S3 SensorsHIDClassDriver;UMDF Reflector service for SensorsHIDClassDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SensorsServiceDriver;UMDF Reflector service for SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SurfaceAccessoryDevice;Surface Accessory Device Service;c:\windows\System32\drivers\SurfaceAccessoryDevice.sys;c:\windows\SYSNATIVE\drivers\SurfaceAccessoryDevice.sys [x]
S3 TrackpadSettingsDriver;TrackpadSettingsDriver Service;c:\windows\System32\drivers\TrackpadSettingsDriver.sys;c:\windows\SYSNATIVE\drivers\TrackpadSettingsDriver.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 19:01 2322576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 19:01 2322576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 19:01 2322576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
FF - ProfilePath - c:\users\kristen\AppData\Roaming\Mozilla\Firefox\Profiles\at3wsm05.default\
.
.
------- File Associations -------
.
.scr=CryptoPreventSCR
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-@OnlineArmor GUI - c:\program files (x86)\Online Armor\OAui.exe
AddRemove-OnlineArmor_is1 - c:\program files (x86)\Online Armor\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-09-25 19:58:48
ComboFix-quarantined-files.txt 2014-09-26 02:58
.
Pre-Run: 66,970,435,584 bytes free
Post-Run: 66,524,782,592 bytes free
.
- - End Of File - - 91CF728C9D286BDB9ACB6101BB652E17
5FB38429D5D77768867C76DCBDB35194
ken545
Emeritus-Security Expert
Thanks for the logs. If you had a keylogger Combofix would have found it.
Why dont you try flushing out your router, flush out all the old data
1. Turn off your computer
2. Turn off your router by unplugging the power cord on the back of the unit
3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit
Leave everything off for about 5 minutes, this lets it all flush out
Then
1. Plug in your Cable / DSL modem and wait until all the lights come back on
2. Now do the same thing with your router
3. Turn your computer back on and see if it made a difference
If you don't see any difference try just resetting your router back to company defaults by pressing the reset button and holding it in for at least 10 seconds, its usually located on either the back or bottom of the router, you can use a ball point pen or a paper clip. After its reset you will have to use the install CD that came with your router and set it up again
Why dont you try flushing out your router, flush out all the old data
1. Turn off your computer
2. Turn off your router by unplugging the power cord on the back of the unit
3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit
Leave everything off for about 5 minutes, this lets it all flush out
Then
1. Plug in your Cable / DSL modem and wait until all the lights come back on
2. Now do the same thing with your router
3. Turn your computer back on and see if it made a difference
If you don't see any difference try just resetting your router back to company defaults by pressing the reset button and holding it in for at least 10 seconds, its usually located on either the back or bottom of the router, you can use a ball point pen or a paper clip. After its reset you will have to use the install CD that came with your router and set it up again
ken545
Emeritus-Security Expert
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
It takes time to analyze logs and prepare a response. Volunteers help users at several sites, and take X number of new topics in order to give each member their attention.
--------------------------------------------------
Admin Edit
"Thank you" Ken.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
It takes time to analyze logs and prepare a response. Volunteers help users at several sites, and take X number of new topics in order to give each member their attention.
--------------------------------------------------
Admin Edit
"Thank you" Ken.
- Status