Inactive-A Zekon Malware

[Jim recardo]

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

25-04-2014 01:37:47 Restore Operation
25-04-2014 02:04:23 Removed ooVoo
25-04-2014 21:58:24 Restore Operation
26-04-2014 02:28:06 Windows Backup
30-04-2014 00:14:35 Malwarebytes Anti-Rootkit Restore Point
30-04-2014 00:33:06 Restore Operation
30-04-2014 01:35:15 Windows Anytime Upgrade

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16F9B043-0C76-4B9F-AB21-860E6AF5BE99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {17B5D867-B03C-40A1-AB53-58CF063E490C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {1AA13087-8262-417B-9709-7D1A7598A5F8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-10-31] (AVG)
Task: {37E1B72B-B651-4735-8137-CE8D1F61FA59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {38FB874B-96BC-4BBC-B7B2-5E08A2D6D4B3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3A8C34FE-33C4-47B9-AA82-1391D3891A08} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {3DF98932-143C-41D4-BB5D-E6AD8F26DDD0} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {5DF051D3-1BA2-4924-93BB-E797EBE6C7AD} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink)
Task: {5E0C6B05-1490-4EE6-BB0D-593A96659A1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-26] (Adobe Systems Incorporated)
Task: {5EFAEA55-5219-4A65-8536-F353CE31A476} - System32\Tasks\HPCeeScheduleForTyler => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {7A41FBE7-A9B0-4023-A9DB-18FBF212C42C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {7B64FBFB-76E2-433E-BC96-E7CECFBBF7FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {8ECF4308-527C-47D2-BF73-025A159F030F} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {8F4E4A1C-4DB7-4970-B388-6AE277EB475B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {9C11D77B-C130-48EC-95A3-6BE58BEA6F93} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {9CCF4484-89B9-4031-984D-2F00B8C923C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {9F37D9E0-8FD1-49B2-9584-C32939C68D5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A2F2E66B-2527-4257-9E7F-20BEB04D9E55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A3C16EF9-C1F4-45F9-BDCB-2872F5745743} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2014-03-28] (Greatis Software)
Task: {B6FE68FB-3979-418C-B34A-F58634FC7A65} - System32\Tasks\Google Updater and Installer => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B960375F-42A7-492E-9EF2-D7DCEC201B5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {B9BDDCCE-AC63-477F-B396-6B805353EA10} - System32\Tasks\RegCure Pro_sch_98CD0C73-CBF6-11E3-9F42-3860770FA3CC => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: {BDA05A37-95B1-4B24-B7E0-5B40A34D90EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {C53EC174-C35B-414D-B0C5-23062654F0D9} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: {E782BB2B-9E03-4D1A-95CF-2D60976E4633} - \ParetoLogic Registration3 No Task File <==== ATTENTION
Task: {F7B5D72B-678D-41D0-8658-ACAE0FF20784} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTyler.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_98CD0C73-CBF6-11E3-9F42-3860770FA3CC.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-10-28 14:50 - 2013-12-10 22:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-12 17:13 - 2013-03-07 20:07 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-29 18:28 - 2014-04-23 19:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-29 18:28 - 2014-04-23 19:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-29 18:28 - 2014-04-23 19:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-29 18:28 - 2014-04-23 19:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-29 18:28 - 2014-04-23 19:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-29 18:28 - 2014-04-23 19:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-29 18:28 - 2014-04-23 19:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: vToolbarUpdater14.0.0 => 2
MSCONFIG\startupfolder: C:^Users^Tyler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Tyler\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 08:26:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: TuneUpUtilitiesService64.exe, version: 12.0.4020.9, time stamp: 0x527283f0
Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51dba4dc
Exception code: 0xc0020043
Fault offset: 0x000000000008a5d3
Faulting process id: 0x9d0
Faulting application start time: 0xTuneUpUtilitiesService64.exe0
Faulting application path: TuneUpUtilitiesService64.exe1
Faulting module path: TuneUpUtilitiesService64.exe2
Report Id: TuneUpUtilitiesService64.exe3

Error: (04/29/2014 08:20:03 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.23.9\DealPlyLiveHelper.msi

Error: (04/29/2014 08:13:13 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (04/29/2014 08:11:56 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (04/29/2014 08:06:26 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (04/29/2014 08:06:26 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C

Error: (04/29/2014 07:51:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: TuneUpUtilitiesApp64.exe, version: 12.0.4020.9, time stamp: 0x52728428
Faulting module name: TuneUpUtilitiesApp64.exe, version: 12.0.4020.9, time stamp: 0x52728428
Exception code: 0xc0000005
Fault offset: 0x00000000000316c6
Faulting process id: 0xcec
Faulting application start time: 0xTuneUpUtilitiesApp64.exe0
Faulting application path: TuneUpUtilitiesApp64.exe1
Faulting module path: TuneUpUtilitiesApp64.exe2
Report Id: TuneUpUtilitiesApp64.exe3

Error: (04/29/2014 07:47:13 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (04/29/2014 07:45:58 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (04/29/2014 07:44:22 PM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Installed SpyHunter).


System errors:
=============
Error: (04/29/2014 08:26:07 PM) (Source: Service Control Manager) (User: )
Description: The AVG PC TuneUp Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/29/2014 08:06:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (04/29/2014 08:06:35 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/29/2014 08:06:35 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/29/2014 08:06:34 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/29/2014 08:06:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2014 08:06:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2014 08:06:26 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2014 08:06:24 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgdiska
AVGIDSDriver
Avgldx64
discache
spldr
Wanarpv6

Error: (04/29/2014 08:06:23 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203


Microsoft Office Sessions:
=========================
Error: (04/29/2014 08:26:00 PM) (Source: Application Error)(User: )
Description: TuneUpUtilitiesService64.exe12.0.4020.9527283f0RPCRT4.dll6.1.7601.1820551dba4dcc0020043000000000008a5d39d001cf6410d798b13fC:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exeC:\Windows\system32\RPCRT4.dll62f35331-d006-11e3-91ab-3860770fa3cc

Error: (04/29/2014 08:20:03 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.23.9\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 08:13:13 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (04/29/2014 08:11:56 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (04/29/2014 08:06:26 PM) (Source: Winlogon)(User: )
Description: 0x000000000x00000001

Error: (04/29/2014 08:06:26 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007043C

Error: (04/29/2014 07:51:51 PM) (Source: Application Error)(User: )
Description: TuneUpUtilitiesApp64.exe12.0.4020.952728428TuneUpUtilitiesApp64.exe12.0.4020.952728428c000000500000000000316c6cec01cf640e5eda334bC:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exeC:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe9d41e089-d001-11e3-ad05-3860770fa3cc

Error: (04/29/2014 07:47:13 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (04/29/2014 07:45:58 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (04/29/2014 07:44:22 PM) (Source: System Restore)(User: )
Description: Installed SpyHunter


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 5616.6 MB
Available physical RAM: 2951.45 MB
Total Pagefile: 11231.38 MB
Available Pagefile: 8210.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1851.27 GB) (Free:1291.64 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.65 GB) (Free:1.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0E9FE267)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-211236683776) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Jim recardo]

Doing good so far. got my legit windows copy back!!!! is the virus gone? am I safe to get on facebook and email and such?

 

[Jim recardo]

Audio hi jacking gone!

 

[Broni]

Very good

Uninstall Google Update Helper

Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Jim recardo]

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.30.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Tyler :: BOB [administrator]

4/30/2014 7:08:55 AM
mbar-log-2014-04-30 (07-08-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 279433
Time elapsed: 24 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[Jim recardo]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tyler [Admin rights]
Mode : Scan -- Date : 04/30/2014 16:08:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS723020BLA642 SATA Disk Device +++++
--- User ---
[MBR] 267e1dd9bb393b4ec5c8dc94b3ad3465
[BSP] 4d381cbbbcc5247f3334f2ce2f7dde50 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1895701 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): -412364800 | Size: 11926 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] a945dfbb19fec5fce2cadd3af6f09829
[BSP] 15d4a6d356fd53ec9607481fc9df82ed : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 MB

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04302014_160813.txt >>
RKreport[0]_D_04292014_173958.txt;RKreport[0]_D_04292014_174852.txt;RKreport[0]_D_04292014_175138.txt
RKreport[0]_D_04292014_192025.txt;RKreport[0]_S_04292014_172052.txt;RKreport[0]_S_04292014_172411.txt
RKreport[0]_S_04292014_174759.txt;RKreport[0]_S_04292014_175042.txt;RKreport[0]_S_04292014_175928.txt
RKreport[0]_S_04292014_191907.txt;RKreport[0]_S_04292014_193142.txt

 

[Jim recardo]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tyler [Admin rights]
Mode : Remove -- Date : 04/30/2014 16:08:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS723020BLA642 SATA Disk Device +++++
--- User ---
[MBR] 267e1dd9bb393b4ec5c8dc94b3ad3465
[BSP] 4d381cbbbcc5247f3334f2ce2f7dde50 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1895701 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): -412364800 | Size: 11926 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] a945dfbb19fec5fce2cadd3af6f09829
[BSP] 15d4a6d356fd53ec9607481fc9df82ed : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 MB

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_04302014_160841.txt >>
RKreport[0]_D_04292014_173958.txt;RKreport[0]_D_04292014_174852.txt;RKreport[0]_D_04292014_175138.txt
RKreport[0]_D_04292014_192025.txt;RKreport[0]_S_04292014_172052.txt;RKreport[0]_S_04292014_172411.txt
RKreport[0]_S_04292014_174759.txt;RKreport[0]_S_04292014_175042.txt;RKreport[0]_S_04292014_175928.txt
RKreport[0]_S_04292014_191907.txt;RKreport[0]_S_04292014_193142.txt;RKreport[0]_S_04302014_160813.txt

 

[Jim recardo]

Mbam won't run. it loads. but dosn't start up. comp doing good though so far.

 

[Broni]

Cool.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Jim recardo]

Vacation! sorry! umm I'll be back in around a week.. is this alright?? leaving whenever I get a reply!

 

[Broni]

Have a nice time

 

[Broni]

Are you back?

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.