Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced Performance Platf0rm Revenuestreaming.


  • Please log in to reply
6 replies to this topic

#1 deertroy1

deertroy1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 28 February 2013 - 06:32 PM

I noticed "Advanced Performance Platf0rm Revenuestreaming" in Add Remove Programs.  I did some checking on the net and apparently it is a Virus.  I tried uninstalling it and it says I do not have sufficient privileges.  I ran a scan with Microsoft Security Essentials, Malwarebytes, Mcafee Stinger, Kaspersky Virus removal Tool 2011 and TDSS-Killer but non of them picked it up?

How do I remove it?

I am running Windows 7 x64.
 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 28 February 2013 - 08:15 PM

Hello,it may be in the Boot record.

 

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the  save log button, save it to your desktop, then copy and paste it in your next reply.

 

 

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 deertroy1

deertroy1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 01 March 2013 - 05:44 PM

I tried four times to scan with aswMBR.exe and every time about midway through, the scanner crashes while scanning My Documents.  It seemed to always stop on the same folder so I deleted the folder but it didn't make any difference.  I didn't know if I should run the second scan or not so I didn't.  I'll wait for your direction?

 

Project8_zps4a50a951.jpg


Edited by deertroy1, 01 March 2013 - 06:29 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 01 March 2013 - 08:27 PM

Try again after you turn off your Antivirus. Do not surf while it is off and turn it on again after ASW is done.'' or run ESET then ASW..

 

If ASW still fails run mbr.exe.

 

 


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).

  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 deertroy1

deertroy1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 02 March 2013 - 07:42 AM

Below is the results of both scans.  However,  "Advanced Performance Platf0rm Revenuestreaming" is still listed in control panel?  A file called MBR.dat was also created but I didn't include it.
 
Here is the results of aswMBR.exe:

 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-01 22:19:43
-----------------------------
22:19:43.134    OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:43.134    Number of processors: 8 586 0x2A07
22:19:43.134    ComputerName: TROY-PC  UserName:
22:19:53.898    Initialize success
22:19:58.453    AVAST engine defs: 13030100
22:20:02.650    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:20:02.650    Disk 0 Vendor: ST350041 CC49 Size: 476940MB BusType: 3
22:20:02.650    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:20:02.665    Disk 1 Vendor: SAMSUNG_ VM10 Size: 190782MB BusType: 3
22:20:02.697    Disk 0 MBR read successfully
22:20:02.697    Disk 0 MBR scan
22:20:02.697    Disk 0 Windows 7 default MBR code
22:20:02.712    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS          100 MB offset 2048
22:20:02.728    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       476839 MB offset 206848
22:20:02.775    Disk 0 scanning C:\Windows\system32\drivers
22:20:28.437    Service scanning
22:20:49.029    Modules scanning
22:20:49.029    Disk 0 trace - called modules:
22:20:49.075    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys ACPI.sys iaStor.sys hal.dll
22:20:49.075    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800777e790]
22:20:49.091    3 CLASSPNP.SYS[fffff88001b9d43f] -> nt!IofCallDriver -> [0xfffffa8007699e10]
22:20:49.091    5 vsflt61.sys[fffff88000e520fd] -> nt!IofCallDriver -> [0xfffffa80073784d0]
22:20:49.091    7 ACPI.sys[fffff88000f977a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800737b050]
22:20:50.058    AVAST engine scan C:\Windows
22:21:24.862    AVAST engine scan C:\Windows\system32
22:27:01.245    AVAST engine scan C:\Windows\system32\drivers
22:27:19.060    AVAST engine scan C:\Users\Troy
22:39:53.041    AVAST engine scan C:\ProgramData
23:07:44.273    Scan finished successfully
23:08:29.295    Disk 0 MBR has been saved successfully to "C:\Users\Troy\Desktop\MBR.dat"
23:08:29.295    The log file has been saved successfully to "C:\Users\Troy\Desktop\aswMBR.txt"

 
 
Here is the results of  ESET:
 
C:\$RECYCLE.BIN\S-1-5-21-2643573376-1029651505-1038396291-1000\$RYDUKSW\Adobe Acrobat Pro X v10.0 Multilingual\2. Adobe CS5 All Products Activator by MPT (Fixed)\Adobe.CS5.Products.Activator.Fixed.exe a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined
C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\9bb9c4e-37eb285f a variant of Java/JShrink.A application deleted - quarantined
C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1f50ddb3-14876281 a variant of Java/Exploit.CVE-2012-0507.FA trojan deleted - quarantined
C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1436d0fb-4261f4bf a variant of Java/Exploit.CVE-2012-0507.FA trojan deleted - quarantined
C:\Users\Troy\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe multiple threats cleaned by deleting - quarantined
C:\Users\Troy\Documents\Programs\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Troy\Documents\Programs\Nero 11 Full-zaxo7\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U application deleted - quarantined
C:\Users\Troy\Documents\Programs\Perfect Uninstaller V6.3.3.8 + Serials [TrT-TcT\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
C:\Users\Troy\Documents\Programs\RegistryFix v7.1 Incl Keygen - [Systic-D]\registryfix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\Users\Troy\Downloads\SoftonicDownloader_for_xvid-codec.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Troy\Downloads\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
C:\Users\Troy\Downloads\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\Tom.Clancys.Splinter.Cell.Conviction.v1.03.Update-SKIDROW\SKIDROW\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
F:\Documents and Settings\Troy\My Documents\Downloads\XP Keygen\keyfinder.exe a variant of Win32/PSWTool.RAS.A application deleted - quarantined
F:\Documents and Settings\Troy\My Documents\Programs\ACROBAT\ACTIVATION & UPDATES.iso BAT/HostsChanger.A application deleted - quarantined
F:\Documents and Settings\Troy\My Documents\Programs\ACROBAT\Activation Blocker.cmd BAT/HostsChanger.A application cleaned by deleting - quarantined
F:\Documents and Settings\Troy\My Documents\Programs\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe a variant of Win32/HackKMS.A application deleted - quarantined
F:\Documents and Settings\Troy\My Documents\Programs\RegistryFix v7.1 Incl Keygen - [Systic-D]\registryfix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined

 

 

Here is the mbr.exe log:

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read  The handle is invalid.
kernel: error reading MBR


 


Edited by deertroy1, 02 March 2013 - 07:32 PM.


#6 deertroy1

deertroy1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 05 March 2013 - 05:41 AM

I got rid of "Advanced Performance Platf0rm Revenuestreaming" by using Revo Uninstaller Advanced Mode.

 

Thanks for your help.



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:55 PM

Posted 05 March 2013 - 09:25 PM

Thanks for the update info.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users