Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mvs91xx


  • Please log in to reply
5 replies to this topic

#1 RoofedSpade969

RoofedSpade969

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 23 July 2014 - 10:35 PM

http://www.bleepingcomputer.com/forums/t/447370/removed-virus-now-cant-connect-to-internet/#entry3430067

 

While in this thread I was told to ask about a certain problem here.

 

The problem I'm having is that my internet goes out at random intervals. This only started occurring after I removed a virus from my computer using avast! Using steps taken in the linked topic I'm able to restore my internet for several hours until it stops again. Usually I restart my computer and the internet lasts for about thirty minutes before stopping again

 

I was told to ask about this error:

 

The following boot-start or system-start driver(s) failed to load:

 

mvs91xx


Edited by hamluis, 24 July 2014 - 07:02 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 23 July 2014 - 11:46 PM

What was the Virus name?

 

You should run a couple more Scans IMO

 

Please download Junkware Removal Tool and save it on your desktop.

 


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log.


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Please download Malwarebytes Anti-Malware to your desktop.

 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

 

As far as this. mvs91xx what is the exact make and model of your machine?  http://www.carrona.org/drivers/driver.php?id=mvs91xx.sys

 

Also a speccy report would be nice.

 

 


  • Please go here and download Speccy.
  • Install and run the program.
  • Upon Completion:
  • Hit File
  • Publish Snap Shot
  • A link will pop-up on your desktop, please post the link here in your next reply.

Edited by InadequateInfirmity, 23 July 2014 - 11:48 PM.


#3 RoofedSpade969

RoofedSpade969
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2014 - 12:36 AM

JRT Report:

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Michael on Wed 07/23/2014 at 23:53:18.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2579171420-847655166-1480796386-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{378B8467-27D4-9D2E-9429-9F9BB4FB067B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{378B8467-27D4-9D2E-9429-9F9BB4FB067B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{378B8467-27D4-9D2E-9429-9F9BB4FB067B}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Michael\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\Michael\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\Michael\documents\optimizer pro"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/23/2014 at 23:59:08.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner[S0] Report:
 
# AdwCleaner v3.216 - Report created 24/07/2014 at 00:06:56
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Michael - MICHAEL-PC
# Running from : C:\Users\Michael\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\DigiSaver
Folder Deleted : C:\ProgramData\SoftWarehouse
Folder Deleted : C:\ProgramData\5u00CoupuoNs
Folder Deleted : C:\ProgramData\Funa2Savee
Folder Deleted : C:\ProgramData\SaveLotse
Folder Deleted : C:\Program Files (x86)\YourFileDownloader Updater
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Michael\AppData\Local\torch
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhphhlnphgajnnajiolbikcpjficpbbn
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhphhlnphgajnnajiolbikcpjficpbbn
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhphhlnphgajnnajiolbikcpjficpbbn
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Fuuna2Save.Fuuna2Save
Key Deleted : HKLM\SOFTWARE\Classes\Fuuna2Save.Fuuna2Save.4.5
Key Deleted : HKLM\SOFTWARE\Classes\50CoupoNs.50CoupoNs
Key Deleted : HKLM\SOFTWARE\Classes\50CoupoNs.50CoupoNs.1.8
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-926685765
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26082AB0-4302-F95E-ABC7-CBBD01D9EBAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C5F1DAA2-F533-E9B0-2D9C-505A34D1109B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26082AB0-4302-F95E-ABC7-CBBD01D9EBAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C5F1DAA2-F533-E9B0-2D9C-505A34D1109B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26082AB0-4302-F95E-ABC7-CBBD01D9EBAC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C5F1DAA2-F533-E9B0-2D9C-505A34D1109B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26082AB0-4302-F95E-ABC7-CBBD01D9EBAC}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\GS.Enabler
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search&ss=fn
Deleted [Extension] : jhphhlnphgajnnajiolbikcpjficpbbn
 
*************************
 
AdwCleaner[R0].txt - [5504 octets] - [24/07/2014 00:00:18]
AdwCleaner[S0].txt - [5681 octets] - [24/07/2014 00:06:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5741 octets] ##########
 
Speccy Link:
 


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 24 July 2014 - 01:00 AM

Malwarebytes log?



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 24 July 2014 - 01:06 AM

Please disable your antivirus, prior and during this scan.

Please Download Emisoft Emergency Kit from here.
Save the file to your desktop.

Now boot your machine into safemode with networking. 

 

Right click and run as administrator. (xp users double click)
Click Accept and Extract.
This file will appear on the desktop.
5mDYl2s.png
Right click it, select run as administrator. (xp users double click)
Select Emergency Kit Scanner.
XD8s6GY.png
A pop up requesting an update will appear, select yes.
GhaXlHz.png
After the update go to scan pc select the option in the picture below.
vo6qCbW.png
Now select Quarantine Detected Objects.

Bx2A8B2.png
When the update has finshed, go to scan pc ,select deep scan.
YUZY8NB.png
This scan will take a long time this is normal, as it scans your entire hard drive.
Click on view report, save report to your desktop attach here in your next reply.   



#6 RoofedSpade969

RoofedSpade969
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 July 2014 - 06:12 PM

I don't have the first Malwarebytes Report since I didn't understand how to get it, here's the one I got today:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/24/2014
Scan Time: 10:45:36 AM
Logfile: Malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271159
Time Elapsed: 6 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c584e01f1f5b51e5ba69beb6b94916ea], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c584e01f1f5b51e5ba69beb6b94916ea], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Also, my internet has been running all day, the problem might have gone away without using the Emisoft. (I was also unsuccessful in several attempts to enter Safety and Networking mode)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users