Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rovnix.T infection


  • Please log in to reply
5 replies to this topic

#1 NapoleonDynamite

NapoleonDynamite

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 09 February 2014 - 04:56 PM

I've had this issue with my dads computer for a few weeks. First the computer couldn't connect to the internet, so I ran MSE, Windows Defender, which I had to download from another computer since my dads computer could not connect to the internet. I ran defender in safe mode, but the infection keeps reoccuring. So I am now here for help.

 

6gluyt.png

 

The Logs

 

Security Check Results

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Ad-Aware Antivirus              
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 29  
 Java version out of Date!
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareTray.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 

 

FSS Results

 

Farbar Service Scanner Version: 02-02-2014
Ran by RuandJu (administrator) on 09-02-2014 at 13:31:35
Running from "C:\Users\RuandJu\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

 

 

 

Mini Toolbox Results

 

MiniToolBox by Farbar  Version: 23-01-2014

Ran by RuandJu (administrator) on 09-02-2014 at 13:26:46
Running from "C:\Users\RuandJu\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
 
There are 14805 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Broadcom 4313 802.11b/g/n = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : RuandJu-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : AC-81-12-37-EE-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
   Physical Address. . . . . . . . . : AC-81-12-37-EE-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a9c4:d6e7:466e:e590%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, February 09, 2014 7:40:33 AM
   Lease Expires . . . . . . . . . . : Sunday, February 16, 2014 7:40:42 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 313295122
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C8-4B-4B-64-31-50-7B-B0-02
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 18:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:28f1:331c:b896:7c5c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::28f1:331c:b896:7c5c%17(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.Home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{4FF32263-F7D0-4154-81D0-1CEA9B5CF69D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Broadcom.Home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:804::1004
 74.125.224.103
 74.125.224.99
 74.125.224.96
 74.125.224.105
 74.125.224.97
 74.125.224.110
 74.125.224.100
 74.125.224.104
 74.125.224.102
 74.125.224.101
 74.125.224.98
 
 
Pinging google.com [74.125.224.97] with 32 bytes of data:
Reply from 74.125.224.97: bytes=32 time=34ms TTL=57
Reply from 74.125.224.97: bytes=32 time=35ms TTL=55
 
Ping statistics for 74.125.224.97:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 35ms, Average = 34ms
Server:  Broadcom.Home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=113ms TTL=51
Reply from 98.139.183.24: bytes=32 time=113ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 113ms, Maximum = 113ms, Average = 113ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...ac 81 12 37 ee d5 ......Microsoft Virtual WiFi Miniport Adapter
 11...ac 81 12 37 ee d5 ......Broadcom 4313 802.11b/g/n
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    286
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    286
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:5ef5:79fd:28f1:331c:b896:7c5c/128
                                    On-link
 11    286 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::28f1:331c:b896:7c5c/128
                                    On-link
 11    286 fe80::a9c4:d6e7:466e:e590/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/09/2014 07:42:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.124, time stamp: 0x52444fdc
Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bda75
Exception code: 0xc0000005
Fault offset: 0x70c62505
Faulting process id: 0x1358
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3
 
Error: (02/08/2014 06:25:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.124, time stamp: 0x52444fdc
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x1190
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3
 
Error: (02/08/2014 00:32:09 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/07/2014 06:51:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.124, time stamp: 0x52444fdc
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00048a46
Faulting process id: 0x1220
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3
 
Error: (02/05/2014 04:23:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.124, time stamp: 0x52444fdc
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x420
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3
 
Error: (02/02/2014 11:38:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004751d
Faulting process id: 0x12d8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/31/2014 10:04:43 PM) (Source: Validity USDK) (User: )
Description: Sensor device initialization failed: State:0x00000005 Status:0x00000004.
 
Error: (01/31/2014 07:06:16 PM) (Source: ESENT) (User: )
Description: svchost (480) Locale ID 0x00000409 (English (United States) English) is either invalid or not installed on this machine.
 
Error: (01/30/2014 04:00:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004751d
Faulting process id: 0xe8c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/30/2014 03:50:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: AdobeARM.exe, version: 1.7.2.0, time stamp: 0x50bc5610
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003b1d1
Faulting process id: 0x112c
Faulting application start time: 0xAdobeARM.exe0
Faulting application path: AdobeARM.exe1
Faulting module path: AdobeARM.exe2
Report Id: AdobeARM.exe3
 
 
System errors:
=============
Error: (02/09/2014 07:41:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/09/2014 07:40:59 AM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:DOS/Rovnix.T60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Virus:DOS/Rovnix.T603
 
Name: Virus:DOS/Rovnix.T
 
ID: 2147684133
 
Severity: %Virus:DOS/Rovnix.T600
 
Category: %Virus:DOS/Rovnix.T602
 
Path: 4.4.0304.02
 
Detection Origin: 4.4.0304.04
 
Detection Type: 4.4.0304.08
 
Detection Source: %Virus:DOS/Rovnix.T608
 
User: {B38221D7-12B8-4248-8AE8-FAFDEFC05B3F}9
 
Process Name: %Virus:DOS/Rovnix.T609
 
Action: {B38221D7-12B8-4248-8AE8-FAFDEFC05B3F}1
 
Action Status:  {B38221D7-12B8-4248-8AE8-FAFDEFC05B3F}8
 
Error Code: {B38221D7-12B8-4248-8AE8-FAFDEFC05B3F}3
 
Error description: {B38221D7-12B8-4248-8AE8-FAFDEFC05B3F}4
 
Signature Version: 2014-02-09T15:40:48.878Z1
 
Engine Version: 2014-02-09T15:40:48.878Z2
 
Error: (02/09/2014 07:40:41 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
Error: (02/09/2014 07:40:28 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:06:24 PM on ?2/?8/?2014 was unexpected.
 
Error: (02/08/2014 06:26:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/08/2014 06:25:49 PM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:DOS/Rovnix.T60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Virus:DOS/Rovnix.T603
 
Name: Virus:DOS/Rovnix.T
 
ID: 2147684133
 
Severity: %Virus:DOS/Rovnix.T600
 
Category: %Virus:DOS/Rovnix.T602
 
Path: 4.4.0304.02
 
Detection Origin: 4.4.0304.04
 
Detection Type: 4.4.0304.08
 
Detection Source: %Virus:DOS/Rovnix.T608
 
User: {793ED3D3-9642-4D9B-BCD4-D230168658D2}9
 
Process Name: %Virus:DOS/Rovnix.T609
 
Action: {793ED3D3-9642-4D9B-BCD4-D230168658D2}1
 
Action Status:  {793ED3D3-9642-4D9B-BCD4-D230168658D2}8
 
Error Code: {793ED3D3-9642-4D9B-BCD4-D230168658D2}3
 
Error description: {793ED3D3-9642-4D9B-BCD4-D230168658D2}4
 
Signature Version: 2014-02-09T02:25:06.334Z1
 
Engine Version: 2014-02-09T02:25:06.334Z2
 
Error: (02/08/2014 06:25:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
Error: (02/08/2014 00:32:19 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.165.3571.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (02/08/2014 00:23:11 PM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:DOS/Rovnix.T60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Virus:DOS/Rovnix.T603
 
Name: Virus:DOS/Rovnix.T
 
ID: 2147684133
 
Severity: %Virus:DOS/Rovnix.T600
 
Category: %Virus:DOS/Rovnix.T602
 
Path: 4.4.0304.02
 
Detection Origin: 4.4.0304.04
 
Detection Type: 4.4.0304.08
 
Detection Source: %Virus:DOS/Rovnix.T608
 
User: {51B7184E-54CC-4B60-8E39-2AC9E0F81465}9
 
Process Name: %Virus:DOS/Rovnix.T609
 
Action: {51B7184E-54CC-4B60-8E39-2AC9E0F81465}1
 
Action Status:  {51B7184E-54CC-4B60-8E39-2AC9E0F81465}8
 
Error Code: {51B7184E-54CC-4B60-8E39-2AC9E0F81465}3
 
Error description: {51B7184E-54CC-4B60-8E39-2AC9E0F81465}4
 
Signature Version: 2014-02-08T20:22:21.279Z1
 
Engine Version: 2014-02-08T20:22:21.279Z2
 
Error: (02/08/2014 00:23:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (02/09/2014 07:42:20 AM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.12452444fdcnetprofm.dll_unloaded0.0.0.04a5bda75c000000570c62505135801cf25ad5ec6a925C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exenetprofm.dllc293a84c-91a0-11e3-9cb4-8f7eb0b95d6f
 
Error: (02/08/2014 06:25:59 PM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.12452444fdcole32.dll6.1.7601.175144ce7b96fc000000500039342119001cf253e26c1c532C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dll82ab4b0d-9131-11e3-b451-8cf5fb31cd5a
 
Error: (02/08/2014 00:32:09 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/07/2014 06:51:51 AM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.12452444fdcole32.dll6.1.7601.175144ce7b96fc000000500048a46122001cf2413b03ed91dC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dll6082d5a2-9007-11e3-9435-fad793343853
 
Error: (02/05/2014 04:23:50 AM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.12452444fdcole32.dll6.1.7601.175144ce7b96fc00000050003934242001cf226cf2ce0374C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dll5e1411a4-8e60-11e3-a2e8-e0c605927155
 
Error: (02/02/2014 11:38:25 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000004751d12d801cf204dede34e8fC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll94ddbf7f-8c41-11e3-8bda-ab783614266f
 
Error: (01/31/2014 10:04:43 PM) (Source: Validity USDK)(User: )
Description: State:0x00000005 Status:0x00000004
 
Error: (01/31/2014 07:06:16 PM) (Source: ESENT)(User: )
Description: svchost4800x00000409English (United States)English
 
Error: (01/30/2014 04:00:01 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000004751de8c01cf1e15db92bfddC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dlla0a763f6-8a0a-11e3-b204-afd5647de350
 
Error: (01/30/2014 03:50:26 PM) (Source: Application Error)(User: )
Description: AdobeARM.exe1.7.2.050bc5610ole32.dll6.1.7601.175144ce7b96fc00000050003b1d1112c01cf1e15de6ecea5C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Windows\syswow64\ole32.dll4a29787e-8a09-11e3-b204-afd5647de350
 
 
=========================== Installed Programs ============================
 
Ad-Aware Antivirus (Version: 11.1.5354.0)
Ad-Aware Security Add-on (Version: 3.8.0.2)
AdAwareInstaller (Version: 11.1.5354.0)
AdAwareUpdater (Version: 11.1.5354.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44)
Adobe Reader 9.5.4 MUI (Version: 9.5.4)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Alcor Micro USB Card Reader (Version: 1.14.17.06729)
AntimalwareEngine (Version: 2.6.0.0)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Ashampoo US Toolbar (Version: 6.8.9.0)
Ashampoo WinOptimizer 9 v.9.04.31 (Version: 9.04.31)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.3.124.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BioExcess (Version: 7.0.34.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.0.5350)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CyberLink DVD Suite (Version: 7.0.3320)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Fences Pro (Version: 1.0.1.312)
Fences Pro (Version: 1.0.1.312.19219)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 32.0.1700.107)
Google Update Helper (Version: 1.3.22.3)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Documentation (Version: 1.1.2.0)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MediaSmart DVD (Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (Version: 4.2.4604)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart Webcam (Version: 4.2.3303)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.4.0)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.2.3)
HP Quick Launch (Version: 2.4.4)
HP QuickWeb Installer (Version: 1.4.6.0)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP SimplePass Identity Protection (Version: 7.0.34.0)
HP Software Framework (Version: 4.1.6.1)
HP Support Assistant (Version: 7.4.45.4)
HP Wireless Assistant (Version: 4.0.10.0)
Hulu Desktop (Version: 0.9.13)
IDT Audio (Version: 1.0.6324.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.3.1001)
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 29 (Version: 6.0.290)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3220)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.01.249.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Norton Online Backup (Version: 2.1.17869)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opera 11.64 (Version: 11.64.1403)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.7717)
PictureMover (Version: 3.5.0.33)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4419)
PowerDirector (Version: 8.0.3320)
Realtek Ethernet Controller Driver (Version: 7.25.824.2010)
Recovery Manager (Version: 5.5.3223)
RoxioNow Player (Version: 1.9.5.101)
SopCast 3.3.2 (Version: 3.3.2)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Times Reader (Version: 2.055)
TVUPlayer 2.5.3.1 (Version: 2.5.3.1)
Validity Sensors DDK (Version: 4.1.139.0)
Veetle TV (Version: 0.9.18)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 1.1.10 (Version: 1.1.10)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma Deluxe (Version: 2.2.0.95)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 55%
Total physical RAM: 5941.86 MB
Available physical RAM: 2667.73 MB
Total Pagefile: 11881.9 MB
Available Pagefile: 8997.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.02 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:432.45 GB) (Free:346.21 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:33.02 GB) (Free:4.83 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\RUANDJU-HP
 
Administrator            Guest                    RuandJu                  
 
 
**** End of log ****
 

 

Malwarebytes Log

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.02.01.04
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.16476
RuandJu :: RUANDJU-HP [administrator]
 
2/2/2014 1:22:45 PM
mbam-log-2014-02-02 (13-22-45).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 526637
Time elapsed: 1 hour(s), 26 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
MBAR System Log
 
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.533000 GHz
Memory total: 6230491136, free: 3594067968
 
=======================================
Initializing...
------------ Kernel report ------------
     01/29/2014 18:24:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\sbwtis.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa80063d5380
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa80064d1330
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006bb8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80068a5050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006bb8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a2c9b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006bb8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006a2bb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa80068a5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A2E41962
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 906909696
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 907319296  Numsec = 69240832
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80063d5380, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80064c2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80063d5380, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d1330, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 245  Numsec = 1999627
    Partition file system is FAT
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1024966656 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-245-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.533000 GHz
Memory total: 6230491136, free: 2061418496
 
Downloaded database version: v2014.01.31.11
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/31/2014 14:55:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\sbwtis.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18E806BE-59AA-47C9-B15A-652A11012232}\MpKsld18a07d1.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008e0a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xfffffa8008e69b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b16060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006877050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b16060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a0f930, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b16060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006a0eb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006877050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A2E41962
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 906909696
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 907319296  Numsec = 69240832
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008e0a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008e60b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008e0a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008e69b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 245  Numsec = 1999627
    Partition file system is FAT
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1024966656 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-245-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.533000 GHz
Memory total: 6230491136, free: 2826297344
 
Downloaded database version: v2014.02.09.06
 
 
MBAR Log
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.01.31.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
RuandJu :: RUANDJU-HP [administrator]
 
1/31/2014 2:56:26 PM
mbar-log-2014-01-31 (14-56-26).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 258113
Time elapsed: 3 hour(s), 55 minute(s), 16 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Rkill Log
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/01/2014 07:47:52 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 14825 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 02/01/2014 08:01:45 PM
Execution time: 0 hours(s), 13 minute(s), and 52 seconds(s)
 
 

Edited by NapoleonDynamite, 09 February 2014 - 05:05 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:30 AM

Posted 09 February 2014 - 05:53 PM

Hello -

First Fully read and follow uninstall Ad-Aware Antivirus
Now do the same for Spybot - Search & Destroy as both are causing problems and are not wanted.

 

Open your M.S.E. program and go to Settings > Realtime protection, and make sure the box is ticked.

 

 Java™ 6 Update 29  - Java version out of Date!

Do Not accept any offered add-ons or toolbars as they are just advertising .........
Uninstall all old Java and go Here to download Version7 Update51

 

Uninstall SopCast 3.3.2 as it is a direct link to infections

 

Re-run RKill as it should not take that long to run :

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Next -

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

 

Next -

 Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
If you see any which you do not want removed, remove the check mark next to it. 
Next: Click on the Clean button (only once) to remove the selected items. 
You will receive a message telling you that all programs will be close so that the infections can be removed. 
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
Please copy and the paste this log in your next post.

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



#3 NapoleonDynamite

NapoleonDynamite
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 16 February 2014 - 04:43 PM

Sorry for the delay, this is my dads computer and i've finally got a chance to work on it.

 

Eset Scan

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1dc345522696284b94a934043e54b703
# engine=17006
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-10 02:43:00
# local_time=2014-02-09 06:43:00 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17528774 143543630 0 0
# scanned=332105
# found=7
# cleaned=7
# scan_time=11048
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Ashampoo_US\Ashampoo_USToolbarHelper.exe"
sh=0B6EDE277F9EC5D0B9848885781DCE7F79E42382 ft=1 fh=5b07ce7f608edc1f vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=B745063A09BD9B16054C2B4F21BE5EAE5FA24884 ft=1 fh=c034a68ab79e1ac8 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\RuandJu\AppData\Local\Temp\b2f00251-6384-445e-893c-bdb15e7becb9.exe"
sh=543D029D054B92FFD8A07364B513B357944CCB18 ft=1 fh=de581dc30d8e8ae9 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\RuandJu\AppData\Local\Temp\JavaIC.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="a variant of Win32/PriceGong.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\RuandJu\AppData\LocalLow\Ashampoo_US\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1dc345522696284b94a934043e54b703
# engine=17063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-13 10:49:49
# local_time=2014-02-13 02:49:49 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17860383 143875239 0 0
# scanned=336125
# found=0
# cleaned=0
# scan_time=12483
 
 
 
I ran a second scan and it was clean.
 
 
AdwCleaner
 
I haven't cleaned anything yet with ADW, but here is what it found.
 
# AdwCleaner v3.018 - Report created 13/02/2014 at 17:33:15
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RuandJu - RUANDJU-HP
# Running from : C:\Users\RuandJu\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : DvmMDES
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\Program Files (x86)\adawaretb
Folder Found C:\Program Files (x86)\Ashampoo_US
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\Users\RuandJu\AppData\Local\Conduit
Folder Found C:\Users\RuandJu\AppData\LocalLow\adawaretb
Folder Found C:\Users\RuandJu\AppData\LocalLow\Ashampoo_US
Folder Found C:\Users\RuandJu\AppData\LocalLow\Conduit
Folder Found C:\Users\RuandJu\AppData\LocalLow\PriceGong
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Ashampoo_US
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6568F275-5827-43C5-9778-A8A037FF06B8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\Ashampoo_US
Key Found : HKLM\SOFTWARE\Classes\CLSID\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6568F275-5827-43C5-9778-A8A037FF06B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2481032
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF629D3-1DF9-4CA2-9341-3B7160354B64}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0917829-88EB-4347-8B19-23D9B3841982}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6568F275-5827-43C5-9778-A8A037FF06B8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_US Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\DeviceVM
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{124D001A-BDCB-472F-AA59-BBE7E4BC3204}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{124D001A-BDCB-472F-AA59-BBE7E4BC3204}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{124D001A-BDCB-472F-AA59-BBE7E4BC3204}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{124D001A-BDCB-472F-AA59-BBE7E4BC3204}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\RuandJu\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6206 octets] - [13/02/2014 17:33:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6266 octets] ##########
 

 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:30 AM

Posted 17 February 2014 - 03:31 AM

Hi -

I have still been waiting and watching :hello:

 

You can run the Clean section on AdwCleaner now, as those are minor infections / advertising mainly.

Then after it reboots the computer, please open the program and hit the Uninstall button.

 

Next -

Please re- run Rkill and then straight away see below for MBAM

Now Update your Malwarebytes Anti-Malware and run another full scan

 

There is still an infection that I can not find yet, so I am  searching for it.

 

You can hit "Remove All" in M.S.E. Antivirus, and later run a Full scan with that also -



#5 NapoleonDynamite

NapoleonDynamite
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 23 February 2014 - 06:10 PM

Here is the log after running Rkill and updating MBAM

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.21.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
RuandJu :: RUANDJU-HP [administrator]
 
2/21/2014 10:12:33 AM
mbam-log-2014-02-21 (10-12-33).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 523065
Time elapsed: 2 hour(s), 9 minute(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 I also ran a full MSE scan and Rovnix.T is still there. I ran TDSS Killer awhile back and it looks like the "infection" is in the TDSS quarantine folder. Is it safe to delete the folder?

 

s5kz9f.png



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:30 AM

Posted 23 February 2014 - 07:28 PM

 I ran TDSS Killer awhile back and it looks like the "infection" is in the TDSS quarantine folder. Is it safe to delete the folder?

Yes - Delete the folder -

 

Sorry but if the infection is still there the Experts Area may be better to help you.

This is one step above this area, and it is for those with hard to remove infections.

 

If you need more assistance, please Fully read and follow the instructions in the Preparation Guide For Requesting Help starting at Step #6.

 

If you are unable to complete any step, still post the topic and leave a full description of your problems.

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT Here, for assistance by the Malware Response Team Experts.

 

Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

If HelpBot responds to your topic, please follw his Step #1 so the team will be notified.

 

After doing this, please reply back in this thread with a link to the new topic so we can close this one.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users