Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop won't stay connected to the internet!? Help?


  • Please log in to reply
34 replies to this topic

#31 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:24 PM

Posted 13 December 2015 - 11:59 PM

oh dear... I thought the new connection time out errors were just where you hadn't connected yet, rather than new errors to play with :(

 

It appears Bonjour did not successfully uninstall either, and now Windows update and System Restore is failing too. (amongst other things)

 

Something is running amok in your system...

 

Humour me here please.

 

Please download and install MalwareBytes Anti-Malware.

  • You may want to uncheck the free trial for the premium version during installation.
  • Let the database version update on first run, before proceeding
  • Click "Scan now"
  • Click "remove threats" to remove all and follow the reboot instructions.
  • To export the log click on History > then click your scan log > Export > text file
  • Copy and paste the log in your reply.

TsVk!



BC AdBot (Login to Remove)

 


#32 Gobo707

Gobo707
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 15 December 2015 - 12:21 PM

Here ya go, not sure why it's not letting me attach, probably doing something wrong, I ran this last night, hope it helps

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/14/2015
Scan Time: 9:35 PM
Logfile: malscan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.13.01
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bob-0

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360649
Time Elapsed: 41 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.ArcadeCandy, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac, Quarantined, [078eb8ec9af1dc5ad05eb5c3a161b24e],
PUP.Optional.ArcadeCandy, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\2.0.3_0, Quarantined, [078eb8ec9af1dc5ad05eb5c3a161b24e],
PUP.Optional.ArcadeCandy, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\2.0.3_0\_metadata, Quarantined, [078eb8ec9af1dc5ad05eb5c3a161b24e],
PUP.Optional.ArcadeFrontier, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl, Quarantined, [e2b3594bacdf70c68da5e692a85a0df3],
PUP.Optional.ArcadeFrontier, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.3.4_0, Quarantined, [e2b3594bacdf70c68da5e692a85a0df3],
PUP.Optional.ArcadeFrontier, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.3.4_0\_metadata, Quarantined, [e2b3594bacdf70c68da5e692a85a0df3],

Files: 4
PUP.Optional.ArcadeCandy, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\2.0.3_0\_metadata\computed_hashes.json, Quarantined, [078eb8ec9af1dc5ad05eb5c3a161b24e],
PUP.Optional.ArcadeCandy, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\2.0.3_0\_metadata\verified_contents.json, Quarantined, [078eb8ec9af1dc5ad05eb5c3a161b24e],
PUP.Optional.ArcadeFrontier, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.3.4_0\_metadata\computed_hashes.json, Quarantined, [e2b3594bacdf70c68da5e692a85a0df3],
PUP.Optional.ArcadeFrontier, C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.3.4_0\_metadata\verified_contents.json, Quarantined, [e2b3594bacdf70c68da5e692a85a0df3],

Physical Sectors: 0
(No malicious items detected)


(end)



#33 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:24 PM

Posted 15 December 2015 - 09:08 PM

Ok... let's keep digging.

 

:step1: Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Report button...a logfile will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool, or you can save it to the desktop to be easily found for your reply.

Please let me know if this application removes something you want to keep on your system

 

:step2:  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

:step3:  Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

:step4:  ESET Online scanner

 

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications and click Start again.

 

ESET will then download updates, install and begin scanning your computer. Please be patient as this can take some time.

 

  • When the scan completes, click List of found threats. Note: If no malware was found you will not get a list.

 

1446ya9.jpg

  • Click Export to text file and save the log on your desktop. Then click the Back button.

hry77t.jpg

  • Check Uninstall application on close and Delete quarantined files, then click the Finish button.

 

106x9g7.jpg

 

When you click finish the browser will not close but will offer you ESET products. Be aware the scan has actually finished and you need to close the browser window and reboot your computer to complete the process.

  • Please copy the log in your reply.

 

TsVk!



#34 Gobo707

Gobo707
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 17 December 2015 - 02:25 PM

Here are all the logs that had threats, I ran all the scans. Can't attach for some reason. The online scan got stuck on a WildTangent file, so I deleted the folder. It was some game folder that I think came with the computer but not certain. 

 

 

 

 

 

# AdwCleaner v5.025 - Logfile created 16/12/2015 at 13:48:40
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Bob-0 - NECRON99
# Running from : C:\Users\Bob-0\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac
[-] Folder Deleted : C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage
[-] File Deleted : C:\Windows\Reimage.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3324803&octid=EB_ORIGINAL_CTID&ISID=M260B6EAB-5C07-4A60-B754-5100D37997CE&SearchSource=55&CUI=&UM=8&UP=SPA6CC157D-93D1-46FE-857F-0691C04F90DC&D=031215&SSPV=
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.avg.com/?cid={33F87AD2-E86E-4D0D-B9F6-390181B6D374}&mid=bdea03fce63847d0b340d15aef610417-d49dc47fd69bf08cf0f771a5424b601a4edc4b81&lang=en&ds=AVG&pr=fr&d=2012-10-05%2018:54:47&v=14.0.2.14&pid=avg&sg=&sap=hp
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.avg.com/?cid={33F87AD2-E86E-4D0D-B9F6-390181B6D374}&mid=bdea03fce63847d0b340d15aef610417-d49dc47fd69bf08cf0f771a5424b601a4edc4b81&lang=en&ds=AVG&pr=fr&d=2012-10-05%2018:54:47&v=14.2.0.1&pid=avg&sg=&sap=hp
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.avg.com/?cid={33F87AD2-E86E-4D0D-B9F6-390181B6D374}&mid=bdea03fce63847d0b340d15aef610417-d49dc47fd69bf08cf0f771a5424b601a4edc4b81&lang=en&ds=AVG&pr=fr&d=2012-10-05%2018:54:47&v=15.3.0.11&pid=avg&sg=0&sap=hp
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3324803&octid=EB_ORIGINAL_CTID&ISID=M260B6EAB-5C07-4A60-B754-5100D37997CE&SearchSource=55&CUI=&UM=8&UP=SPA6CC157D-93D1-46FE-857F-0691C04F90DC&D=031215&SSPV=
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nnfegheljpcijmdgonkecjpcaopjlpac
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : peglehonblabfemopkgmfcpofbchegcl
[-] [C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3324803&octid=EB_ORIGINAL_CTID&ISID=M260B6EAB-5C07-4A60-B754-5100D37997CE&SearchSource=55&CUI=&UM=8&UP=SPA6CC157D-93D1-46FE-857F-0691C04F90DC&D=031215&SSPV=
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4634 bytes] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64 
Ran by Bob-0 (Administrator) on Wed 12/16/2015 at 18:22:04.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\ProgramData\1449721969.bdinstall.bin (File) 
Successfully deleted: C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac (Folder) 
Successfully deleted: C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl (Folder) 
Successfully deleted: C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nnfegheljpcijmdgonkecjpcaopjlpac_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nnfegheljpcijmdgonkecjpcaopjlpac_0.localstorage (File) 
Successfully deleted: C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Bob-0\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF83EEE8-0288-4386-A61B-D1967880F9B5} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF83EEE8-0288-4386-A61B-D1967880F9B5} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/16/2015 at 18:28:25.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.12.16.06
  rootkit: v2015.12.16.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18124
Bob-0 :: NECRON99 [administrator]
 
12/16/2015 2:03:32 PM
mbar-log-2015-12-16 (14-03-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 359820
Time elapsed: 34 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18124
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 12816007168, free: 10427150336
 
Downloaded database version: v2015.12.16.06
Downloaded database version: v2015.12.16.01
Downloaded database version: v2015.12.15.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/16/2015 14:03:08
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\iaStorA.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\drivers\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\drivers\vpchbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\user32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.12.16.06
  rootkit: v2015.12.16.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d7f0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d7f0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d7f0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d5e7950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa800d5e6970, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800af65670, DeviceName: \Device\0000006a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91FBD4EF
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 1905401856
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1905811456  Numsec = 47501312
    Partition is bootable
    Partition file system is NTFS
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1953312768  Numsec = 208896
    Partition is not bootable
    Partition file system is FAT32
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1905811456-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-1953312768-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
sorry, not sure why I can't attach. Hope this helps. so far after the latest reboot my internet has worked for about 20 minutes without kicking me off. Thanks so much for your help and let me know what else to do and/or if I messed up on something!
 
 
 
 
 
 


#35 Gobo707

Gobo707
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 17 December 2015 - 02:38 PM

Right after posting this I got kicked off, also BitDefender had 16 things quarentined that I deleted. I exported the last 6 or so to text file if you think those might be helpful. 

 

Scan Results
The Virus Shield detected one infected item.
Scan Results
File Name Infection Action
C:\Users\Bob-0\Documents\Visual Studio 2015\Projects\ConsoleApplication20\Debug\consoleapplication20.exe Gen:Variant.Graftor.260127 Already in Quarantine
 
 
 
That was the most recent one, I have 5 others if you'd like me to post. Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users