TechSpot

Malware infected

By laiyee
Jun 3, 2013
  1. Hi, I had recently found that my laptop (DELL inspiron1420-quite some ages:( ) could not access any antivirus websites or download any antivirus software and my laptop does not have any antivirus software installed. I'm worry it might due to any malware or virus infected?

    Could you please help me up for the issues?

    Thanks.
    Good day
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. laiyee

    laiyee TS Rookie Topic Starter

    Hi, thanks for the reply.
    My laptop back to normal after ran Malwarebytes Anti-Malware (MBAM) and it helped me to remove all infected files.

    Its really help a lot. thank you.
    Good day.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    It doesn't work that way.

    I strongly suggest you follow my previous reply.
     
  5. laiyee

    laiyee TS Rookie Topic Starter

    Thanks for the advice.
    I'm gonna follow your instructions to start the steps.
    I need to backup my files before starting.
    Thanks.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

  7. laiyee

    laiyee TS Rookie Topic Starter

    • Malwarebytes Anti-Malware log
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.03.02

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    YULE :: YULE-PC [administrator]

    Protection: Enabled

    03-Jun-13 2:45:54 PM
    MBAM-log-2013-06-03 (15-06-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228793
    Time elapsed: 18 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 59
    HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
    HKCR\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> No action taken.
    HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03} (Adware.BDSearch) -> No action taken.
    HKCR\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172} (Adware.BDSearch) -> No action taken.
    HKCR\Interface\{2923508C-9425-4A61-B9CE-A98239055916} (Adware.BDSearch) -> No action taken.
    HKCR\BarBroker.BDBroker.1 (Adware.BDSearch) -> No action taken.
    HKCR\BarBroker.BDBroker (Adware.BDSearch) -> No action taken.
    HKCR\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
    HKCR\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6} (Trojan.Cinmus) -> No action taken.
    HKCR\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC} (Trojan.Cinmus) -> No action taken.
    HKCR\BaiduBarX.BandIE.1 (Trojan.Cinmus) -> No action taken.
    HKCR\BaiduBarX.BandIE (Trojan.Cinmus) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
    HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
    HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
    HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
    HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
    HKCR\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> No action taken.
    HKCR\BaiduBar.Tool.1 (Trojan.Cinmus) -> No action taken.
    HKCR\BaiduBar.Tool (Trojan.Cinmus) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> No action taken.
    HKCR\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> No action taken.
    HKCR\BaiduBarX.ToolBand.1 (Trojan.Cinmus) -> No action taken.
    HKCR\BaiduBarX.ToolBand (Trojan.Cinmus) -> No action taken.
    HKCR\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage.5 (Adware.BDSearch) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage (Adware.BDSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> No action taken.
    HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
    HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} (Adware.Sogou) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} (Adware.Sogou) -> No action taken.
    HKCR\BaiduBar.Tool (PUP.Baidu) -> No action taken.
    HKCR\BaiduBar.Tool.1 (PUP.Baidu) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage (PUP.Baidu) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage.1 (PUP.Baidu) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage.2 (PUP.Baidu) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage.3 (PUP.Baidu) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage.4 (PUP.Baidu) -> No action taken.
    HKCR\BaiduBarEx.BDHomePage.5 (PUP.Baidu) -> No action taken.
    HKCR\HTTP\shell\SogouExplorer (Adware.Sogou) -> No action taken.
    HKCR\file\shell\SogouExplorer (Adware.Sogou) -> No action taken.
    HKCR\htmlfile\shell\SogouExplorer (Adware.Sogou) -> No action taken.
    HKCR\https\shell\SogouExplorer (Adware.Sogou) -> No action taken.
    HKCR\mhtmlfile\shell\SogouExplorer (Adware.Sogou) -> No action taken.
    HKCR\xmlfile\shell\SogouExplorer (Adware.Sogou) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> No action taken.

    Registry Values Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Gscico (Backdoor.IRCBot) -> Data: C:\Users\YULE\AppData\Roaming\Gscico.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: e蟺礠崦I?p?蕩?CLSID -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: 12 -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    c:\users\yule\appdata\roaming\gscico.exe (Backdoor.IRCBot) -> No action taken.
    C:\Users\YULE\Downloads\u.kiss.0330.piano.sheet.music.mac_downloader.exe (PUP.MediaFinder) -> No action taken.

    (end)
     
  8. laiyee

    laiyee TS Rookie Topic Starter

    DDS logs: both DDS.txt
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
    Run by YULE at 10:35:41 on 2013-06-04
    Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.2038.640 [GMT 8:00]
    .
    AV: Kaspersky Anti-Virus *Enabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    C:\Windows\system32\ChgService.exe
    C:\Windows\system32\crypserv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\kuwo\KWMUSIC\bin\kwmusic.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\kuwo\KWMUSIC\bin\IESandBox.exe
    C:\Program Files\kuwo\KWMUSIC\bin\KwService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\YULE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.hk/
    uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.1\ytdToolbarIE.dll
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
    mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: GCiBaBHO Class: {76F8B2BF-4A1B-449E-AF7A-A50DD2F85EF9} - c:\program files\kingsoft\powerword lite\addins\ieaddin\CBIEAddin.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CCB9509F-5011-26C9-709E-DD124EF55A80 Class: {CCB9509F-5011-26C9-709E-DD124EF55A80} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
    BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.1\ytdToolbarIE.dll
    TB: Softonic-Eng7 Toolbar: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} -
    TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -
    TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.1\ytdToolbarIE.dll
    uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
    uRun: [Google Update] "c:\users\yule\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Facebook Update] "c:\users\yule\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [AROReminder] c:\program files\aro 2013\ARO.exe -rem
    uRun: [Gscico] c:\users\yule\appdata\roaming\Gscico.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [kwmusic] "c:\program files\kuwo\kwmusic\Kwmusic.exe" /autorun
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe"
    dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: c:\users\yule\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBC} - <orphaned>
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A22C622B-B304-472f-88EF-5933BB255F63} - {2D40AC3B-42F2-4787-8D8B-2B63F03C6541} - c:\program files\kingsoft\powerword lite\addins\ieaddin\CBIEAddin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCE1} - hxxps://www2.pbebank.com/ebroking/wecos/control/csoex_pbb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_09-windows-i586.cab
    DPF: {B9B2EE1A-E314-4338-A305-BE845EACB113} - hxxps://www2.pbebank.com/ebroking/wecos/control/csw25.cab
    DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_09-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 172.16.240.250 172.16.240.251
    TCP: Interfaces\{1B290AF0-3F27-444C-B4CE-A486EA38BD10} : DHCPNameServer = 172.16.240.250 172.16.240.251
    TCP: Interfaces\{2C973AF0-4EFC-43F3-BA29-B87464068E7C} : NameServer = 58.71.136.10 58.71.132.10
    TCP: Interfaces\{487309EC-975B-49E2-A33A-D4A88EA3FD9B} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{487309EC-975B-49E2-A33A-D4A88EA3FD9B}\C496D60277966696 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{487309EC-975B-49E2-A33A-D4A88EA3FD9B}\E4544574541425 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{9ACC973B-8DA1-474D-A54B-712646BFBE63} : NameServer = 58.71.136.10 58.71.132.10
    TCP: Interfaces\{BCDC7ED6-1A4D-4B10-B8D5-004C52922CE6} : NameServer = 58.71.136.10 58.71.132.10
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\yule\appdata\roaming\mozilla\firefox\profiles\b5ipxd6f.default\
    FF - prefs.js: browser.search.selectedEngine - 百度
    FF - prefs.js: keyword.URL - hxxp://www.baidu.com/baidu?tn=dealio_dg&wd=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\yule\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\yule\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-3-6 43608]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-8-29 73728]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-5-15 806776]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe [2013-3-6 356376]
    R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-9-5 135168]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-3 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-3 701512]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-3-6 25944]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-3-6 25944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-3 22856]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-9-5 103424]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-3 201168]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-18 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-7-3 101120]
    .
    =============== Created Last 30 ================
    .
    2013-06-04 01:56:1160872----a-w-c:\programdata\microsoft\windows defender\definition updates\{e07f52da-eeb4-40f9-836e-0e74798b7952}\offreg.dll
    2013-06-04 00:41:20--------d-----w-c:\windows\system32\SPReview
    2013-06-04 00:39:23--------d-----w-c:\windows\system32\EventProviders
    2013-06-03 09:06:16--------d-----w-c:\windows\ELAMBKUP
    2013-06-03 09:05:56--------d-----w-c:\programdata\Kaspersky Lab
    2013-06-03 09:05:56--------d-----w-c:\program files\Kaspersky Lab
    2013-06-03 09:04:4375096----a-w-c:\windows\system32\drivers\klflt.sys
    2013-06-03 06:40:28--------d-----w-c:\users\yule\appdata\roaming\Malwarebytes
    2013-06-03 06:40:16--------d-----w-c:\programdata\Malwarebytes
    2013-06-03 06:40:1422856----a-w-c:\windows\system32\drivers\mbam.sys
    2013-06-03 06:40:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-06-03 05:45:31--------d-----w-c:\users\yule\appdata\local\MFAData
    2013-06-03 05:45:31--------d-----w-c:\users\yule\appdata\local\Avg2013
    2013-06-03 05:36:492422272----a-w-c:\windows\system32\wucltux.dll
    2013-06-03 05:36:1988576----a-w-c:\windows\system32\wudriver.dll
    2013-06-03 05:35:5933792----a-w-c:\windows\system32\wuapp.exe
    2013-06-03 05:35:59171904----a-w-c:\windows\system32\wuwebv.dll
    2013-06-03 05:13:53--------d-----w-c:\users\yule\appdata\roaming\Sammsoft
    2013-06-03 05:13:22--------d-----w-c:\program files\ARO 2013
    2013-06-03 05:11:55--------d-----w-c:\users\yule\appdata\local\Programs
    2013-06-03 00:24:49--------d-----w-c:\program files\Application Updater
    2013-06-03 00:24:47--------d-----w-c:\program files\YTD Toolbar
    2013-06-03 00:24:47--------d-----w-c:\program files\common files\Spigot
    2013-05-14 05:31:106128760----a-w-c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    2013-05-14 05:31:106128760----a-w-c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    .
    ==================== Find3M ====================
    .
    2013-05-20 00:51:1971048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-20 00:51:19692104----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-04-21 05:44:06205----a-w-c:\windows\system32\lsprst7.dll
    2013-04-04 02:07:091025----a-w-c:\windows\system32\sysprs7.dll
    2013-04-02 06:20:0494112----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2013-04-02 06:20:01861088----a-w-c:\windows\system32\npdeployJava1.dll
    2013-04-02 06:20:01782240----a-w-c:\windows\system32\deployJava1.dll
    2013-03-06 05:24:1458712----a-w-c:\windows\system32\klfphc.dll
    2013-03-06 05:24:1443608----a-w-c:\windows\system32\drivers\kltdi.sys
    2013-03-06 05:24:1425944----a-w-c:\windows\system32\drivers\klmouflt.sys
    2013-03-06 05:24:1425944----a-w-c:\windows\system32\drivers\klkbdflt.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
    1 ntkrnlpa!IofCallDriver[0x83284458] -> \Device\Harddisk0\DR0[0x866769C8]
    3 CLASSPNP[0x89F8959E] -> ntkrnlpa!IofCallDriver[0x83284458] -> \Device\Ide\IdeDeviceP1T0L0-2[0x85883908]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user != kernel MBR !!!
    .

    ============= FINISH: 10:38:33.75 ===============
    • DDS logs: Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 30-Aug-10 3:10:49 AM
    System Uptime: 04-Jun-13 8:17:42 AM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0DT492
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 220 GiB total, 167.754 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.714 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F31028&REV_12\4&3599CE57&0&0BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F31028&REV_12\4&3599CE57&0&0BF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F31028&REV_12\4&3599CE57&0&0AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F31028&REV_12\4&3599CE57&0&0AF0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP151: 04-Jun-13 8:40:49 AM - Windows 7 Service Pack 1
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.7)
    Advanced Audio FX Engine
    Advanced Video FX Engine
    ARO 2013
    BioEdit
    Color LaserJet 2600n
    D3DX10
    Dell Driver Download Manager
    Dell Webcam Center
    Dell Webcam Manager
    Facebook Video Calling 1.2.0.287
    Flash Player 2.0
    Free Mp3 Wma Converter V 1.93
    Free WMA to MP3 Converter 1.16
    GELSIS v5.0
    GeneSnap from SynGene
    GeneStudio
    Google Chrome
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Java 2 Runtime Environment, SE v1.4.2_09
    Java 7 Update 17
    Java Auto Updater
    Junk Mail filter update
    K-Lite Codec Pack 4.7.5 (Basic)
    Kaspersky Anti-Virus 2013
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Macromedia Flash MX
    Malwarebytes Anti-Malware version 1.75.0.1300
    Maxis Broadband
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Modeller 9v8
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    POV-Ray for Windows v3.6.1c
    QvodPlayer(快播) v3.5
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sequence Scanner v1.0
    SeqVerter
    SigmaTel Audio
    Skype Click to Call
    Skype? 6.3
    SPSS 16.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VMD 1.9
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (32-bit)
    YTD Toolbar v7.1
    YTD Video Downloader 3.9
    暴风影音5
    美图秀秀 3.1.0
    酷我音乐 2012
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31-May-13 11:50:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    03-Jun-13 11:41:29 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer FCYBER1-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1B290AF0-3F27-444C-B4CE-A486EA3. The master browser is stopping or an election is being forced.
    03-Jun-13 1:51:03 PM, Error: Service Control Manager [7034] - The Change Modem Device Service service terminated unexpectedly. It has done this 1 time(s).
    03-Jun-13 1:51:02 PM, Error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
    03-Jun-13 1:48:03 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1B290AF0-3F27-444C-B4CE-A486EA38BD. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
     
  9. laiyee

    laiyee TS Rookie Topic Starter

    Here are the files attached.

    Thanks for help.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    [​IMG] Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...