JRumz18
-
Posts
10 -
Joined
-
Last visited
-
I unistalled the IObit toolbar and it has gone off the list. I clicked to uninstall pricepeep and a dialog bx popped up saying that pricepeep appears to have already been uninstalled and asked if I wanted it removed from the list of programs and features. I said yes Is there any final scan I should use to make sure I've gotten rid of everything or am I good from this point. Thanks
-
Hi, I have carried out all these steps. combofix uninstalled properly. When I was going through my list of installed programs I saw two programs that sounded fishy. 1. IObit Apps Toolbar v7.2 2. PricePeep I thought I had removed all of the IObit programs but this one is still there, also I have absolutely no idea what PricePeep is. Thanks
-
My computer seems to be running better. Here is the log All processes killed========== FILES ==========C:\Users\Jeremy\Downloads\cbsidlm-tr1_13-Hacker_Freeze-ORG-75449632.exe moved successfully.< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Jeremy\Desktop\cmd.bat deleted successfully.C:\Users\Jeremy\Desktop\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 56475 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Jeremy->Temp folder emptied: 40162 bytes->Temporary Internet Files folder emptied: 7182713 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 61753951 bytes->Google Chrome cache emptied: 359038946 bytes->Flash cache emptied: 72333 bytes User: Public->Temp folder emptied: 0 bytes User: Users->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 74846289 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8508531 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304013 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 528.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 07102013_191917 Files moved on Reboot...C:\Users\Jeremy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. Registry entries deleted on Reboot... Can I get rid of all of the tools that I have used throughout this process? Thanks for your continued help.
-
I realized that I was supposed to have my antivirus and firewall active while I ran the system check so I ran it again. Here is the log. checkup2.txt
-
Hi, sorry I took so long in replying, been busy past few days. Attached please find the logs requested. ComboFix.txt ESET SCAN.txt checkup.txt
-
I am also wondering if I can uninstall/ delte a few other tools I had downloaded to try to deal with the problem, Farbar, rkill, security task manager, sophos virus removal, roguekiller,
-
Hi, So an update, I uninstalled all of my IOBit and system care programs, (Are they malware because I told my girlfriend to install them) and immediately avast popped up saying that it had found a rootkit. It said to let it delete it, which I did, and It said to run a boot-time scan, which I did. Very shortly into the boot-time scan, I realized that it was going to take forever, and was also not what you had said I should do. I cancelled the scan, let the computer load, deleted the old combofix from my desktop, disabled defender, firewall and avast and reinstalled and ran combofix. Here is the log. I can already tell that my computer is feeling more stable. Please let me know if I'm in the clear, or if there are anymore steps that are required. Thanks so much once again ComboFix.txt
-
I realized that it will take far too long to copy and paste it all so I sent the log files to another computer, copies and pasted them into new notepad documents and am attaching them below. I transferred the files via a blank usb thumb drive which, according to my brother-in-law (a computer engineer), is a safe process as long as there is no internet connection. I temporarily turned off my wireless adapter and had no LAN plugged in. Please see log files attached. Also, Thank you so much for taking the time to help me. I appreciate it so much. Addition copy.txt FRSTlog copy.txt
-
I tried copy and pasting the logs into the reply but it said that the post was too long so I'm sending it in a couple parts. PART 1 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013Ran by Jeremy (administrator) on 07-07-2013 08:28:45Running from C:\Users\Jeremy\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IObit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ascsvc.exe(IOBit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ascavsvc.exe(AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe(Microsoft Corporation) C:\Windows\System32\lpksetup.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Windows\AsScrPro.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe(IObit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ASCTray.exe( ) C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\system32\wbengine.exe(Microsoft Corporation) C:\Windows\System32\vds.exe(IObit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ASC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2278504 2011-10-14] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)HKCU\...\Run: [Facebook Update] "C:\Users\Jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-13] (Facebook Inc.)HKCU\...\Run: [Google Update] "C:\Users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-22] (Google Inc.)HKCU\...\Run: [Advanced SystemCare Ultimate] "C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart [512384 2012-11-07] (IObit)MountPoints2: {2a272257-0b48-11e1-9637-14dae9a2d2ba} - F:\setup.exe -aHKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-02] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-01] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.)HKLM-x32\...\Run: [ASUSWebStorage] c:\program files (x86)\asus\asus webstorage\3.0.84.161\asuswspanel.exe /s [731472 2011-02-23] (ecareme)HKLM-x32\...\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [1514816 2013-06-07] (IObit)Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnkShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()Startup: C:\ProgramData\Start Menu\Programs\Startup\Bitmeter2.lnkShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( ) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.search.yahoo.com?type=902615&fr=spigot-yhp-ieHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comURLSearchHook: (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No FileSearchScopes: HKCU - {AFF948A3-28C7-43DC-B750-6C2976E141F1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: No Name - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - No FileBHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Users\Jeremy\Desktop\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No FileToolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B}: [NameServer]54.215.2.33,54.251.253.63
-
Hi. My computer has been running very slowly for about 2 weeks now and I started trying to figure out what was wrong. My regular security consists of avast free. I downloaded and ran each of malwarebytes, spybot S&D and advanced systemcare ultimate. The problem seems to be fixed for a few minutes but it always goes back to the way it was before. while running one of the scans, a system popup appeared saying that windows had detected a possible rootkit. It told me to restart and run a boot-time scan. It ran an avast boot-time scan but found nothing. I have been looking up info on rootkits and they sound pretty nasty. I found two sources telling me different programs to try and use. http://forums.malwarebytes.org/index.php?showtopic=115149 and http://www.computerweekly.com/feature/Rootkit-and-malware-detection-and-removal-guide Based on the advice of these two sources, I installed sophos virus removal tool and roguekiller I will post the scan logs of those two programs. From rogue killer the first time I ran it. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jeremy [Admin rights]Mode : Scan -- Date : 07/06/2013 12:51:59| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[DNS] HKLM\[...]\CCSet\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS001\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS002\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : Mal.Hosts ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 download-winmx-free.com --> Potentially malicious!127.0.0.1 www.download-winmx-free.com --> Potentially malicious!127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!127.0.0.1 free-winmx-downloads.com --> Potentially malicious!127.0.0.1 www.google.dospop.com --> Potentially malicious!127.0.0.1 www.mp3winmx.com --> Potentially malicious!127.0.0.1 mp3winmx.com --> Potentially malicious!127.0.0.1 winmx.click-new-download.com --> Potentially malicious!127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!127.0.0.1 winmx-d0wnload.com --> Potentially malicious!127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!127.0.0.1 winmxfrance.com --> Potentially malicious!127.0.0.1 www.winmxfrance.com --> Potentially malicious!127.0.0.1 winmx-freebie.com --> Potentially malicious!127.0.0.1 www.winmx-freebie.com --> Potentially malicious!127.0.0.1 winmx-music-download.com --> Potentially malicious!127.0.0.1 www.winmx-music-download.com --> Potentially malicious!127.0.0.1 www.winmx-usa.com --> Potentially malicious!127.0.0.1 winmx-usa.com --> Potentially malicious! 127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD50 00BPVT-80HXZT3 SATA Disk Device +++++--- User ---[MBR] 0d9ee0f5bd374532f655877b44e0843d[bSP] ee92ccddf702530e27932213ecc73c2e : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 205084 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 472442880 | Size: 246255 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07062013_125159.txt >> I then fixed the hosts file because it all seemed clearly malicious and rescanned. Log below. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jeremy [Admin rights]Mode : Scan -- Date : 07/06/2013 13:17:12| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[DNS] HKLM\[...]\CCSet\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS001\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS002\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD50 00BPVT-80HXZT3 SATA Disk Device +++++--- User ---[MBR] 0d9ee0f5bd374532f655877b44e0843d[bSP] ee92ccddf702530e27932213ecc73c2e : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 205084 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 472442880 | Size: 246255 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07062013_131711.txt >>RKreport[0]_H_07062013_130017.txt;RKreport[0]_S_07062013_125159.txt Here is the Log (I think) from Sophos 2013-07-06 12:20:11 Sophos Virus Removal Tool version 2.32013-07-06 12:20:11 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2013-07-06 12:20:11 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-07-06 12:20:11 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW642013-07-06 12:20:11 Checking for updates...2013-07-06 12:20:13 Update progress: proxy server not available2013-07-06 12:20:14 Update error: failed to read remote metadata (error 4)Cannot locate server for http://dci.sophosupd.com/update/4/c3/4c3dd7e45665ae0d045a6d5fdec844c8.xml2013-07-06 12:20:23 Option all = no2013-07-06 12:20:23 Option recurse = yes2013-07-06 12:20:23 Option archive = no2013-07-06 12:20:23 Option service = yes2013-07-06 12:20:23 Option confirm = yes2013-07-06 12:20:23 Option sxl = yes2013-07-06 12:20:23 Option max-data-age = 352013-07-06 12:20:23 Component SVRTcli.exe version 2.32013-07-06 12:20:23 Component control.dll version 2.32013-07-06 12:20:23 Component SVRTservice.exe version 2.32013-07-06 12:20:23 Component engine\osdp.dll version 1.44.0.20912013-07-06 12:20:23 Component engine\veex.dll version 3.44.1.20912013-07-06 12:20:23 Component engine\savi.dll version 7.5.12.20912013-07-06 12:20:23 Component rkdisk.dll version 1.5.30.02013-07-06 12:20:23 Version info: Product version 2.32013-07-06 12:20:23 Version info: Detection engine 3.44.12013-07-06 12:20:23 Version info: Detection data 4.902013-07-06 12:20:23 Version info: Build date 13/06/20132013-07-06 12:20:23 Version info: Data files added 4282013-07-06 12:20:23 Version info: Last successful update (not yet updated) 2013-07-06 12:20:46 Scan completed.2013-07-06 12:20:46 ------------------------------------------------------------ 2013-07-06 12:21:24 Sophos Virus Removal Tool version 2.32013-07-06 12:21:24 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2013-07-06 12:21:24 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-07-06 12:21:24 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW642013-07-06 12:21:24 Checking for updates...2013-07-06 12:21:27 Update progress: proxy server not available2013-07-06 12:21:34 Option all = no2013-07-06 12:21:34 Option recurse = yes2013-07-06 12:21:34 Option archive = no2013-07-06 12:21:34 Option service = yes2013-07-06 12:21:34 Option confirm = yes2013-07-06 12:21:34 Option sxl = yes2013-07-06 12:21:34 Option max-data-age = 352013-07-06 12:21:34 Component SVRTcli.exe version 2.32013-07-06 12:21:34 Component control.dll version 2.32013-07-06 12:21:34 Component SVRTservice.exe version 2.32013-07-06 12:21:34 Component engine\osdp.dll version 1.44.0.20912013-07-06 12:21:34 Component engine\veex.dll version 3.44.1.20912013-07-06 12:21:34 Component engine\savi.dll version 7.5.12.20912013-07-06 12:21:34 Component rkdisk.dll version 1.5.30.02013-07-06 12:21:34 Version info: Product version 2.32013-07-06 12:21:34 Version info: Detection engine 3.44.12013-07-06 12:21:34 Version info: Detection data 4.902013-07-06 12:21:34 Version info: Build date 13/06/20132013-07-06 12:21:34 Version info: Data files added 4282013-07-06 12:21:34 Version info: Last successful update (not yet updated)2013-07-06 12:23:44 Downloading updates...2013-07-06 12:23:44 Update progress: [i96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2013-07-06 12:23:44 Update progress: [i49502] Found supplement SAVIW32 LATEST 42013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE491 LATEST 2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE492 LATEST 2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE493 LATEST 2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE494 LATEST 2013-07-06 12:23:44 Update progress: [i19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 12013-07-06 12:23:44 Update progress: [i19463] Syncing product SAVIW32 292013-07-06 12:23:58 Update progress: [i19463] Syncing product IDE491 1812013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE492 2222013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE493 322013-07-06 12:24:00 Installing updates...2013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE494 12013-07-06 12:24:13 Update successful2013-07-06 12:24:30 Option all = no2013-07-06 12:24:30 Option recurse = yes2013-07-06 12:24:30 Option archive = no2013-07-06 12:24:30 Option service = yes2013-07-06 12:24:30 Option confirm = yes2013-07-06 12:24:30 Option sxl = yes2013-07-06 12:24:30 Option max-data-age = 352013-07-06 12:24:30 Component SVRTcli.exe version 2.32013-07-06 12:24:30 Component control.dll version 2.32013-07-06 12:24:30 Component SVRTservice.exe version 2.32013-07-06 12:24:30 Component engine\osdp.dll version 1.44.0.20912013-07-06 12:24:30 Component engine\veex.dll version 3.44.1.20912013-07-06 12:24:30 Component engine\savi.dll version 7.5.12.20912013-07-06 12:24:30 Component rkdisk.dll version 1.5.30.02013-07-06 12:24:30 Version info: Product version 2.32013-07-06 12:24:30 Version info: Detection engine 3.44.12013-07-06 12:24:30 Version info: Detection data 4.90G2013-07-06 12:24:30 Version info: Build date 13/06/20132013-07-06 12:24:30 Version info: Data files added 4292013-07-06 12:24:30 Version info: Last successful update 06/07/2013 12:24:13 PM 2013-07-06 13:36:53 Sophos Virus Removal Tool version 2.32013-07-06 13:36:53 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2013-07-06 13:36:53 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-07-06 13:36:53 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW642013-07-06 13:36:53 Checking for updates...2013-07-06 13:36:57 Update progress: proxy server not available2013-07-06 13:38:05 Option all = no2013-07-06 13:38:05 Option recurse = yes2013-07-06 13:38:05 Option archive = no2013-07-06 13:38:05 Option service = yes2013-07-06 13:38:05 Option confirm = yes2013-07-06 13:38:05 Option sxl = yes2013-07-06 13:38:05 Option max-data-age = 352013-07-06 13:38:05 Component SVRTcli.exe version 2.32013-07-06 13:38:05 Component control.dll version 2.32013-07-06 13:38:05 Component SVRTservice.exe version 2.32013-07-06 13:38:05 Component engine\osdp.dll version 1.44.0.20912013-07-06 13:38:05 Component engine\veex.dll version 3.44.1.20912013-07-06 13:38:05 Component engine\savi.dll version 7.5.12.20912013-07-06 13:38:05 Component rkdisk.dll version 1.5.30.02013-07-06 13:38:05 Version info: Product version 2.32013-07-06 13:38:05 Version info: Detection engine 3.44.12013-07-06 13:38:05 Version info: Detection data 4.90G2013-07-06 13:38:05 Version info: Build date 13/06/20132013-07-06 13:38:05 Version info: Data files added 4292013-07-06 13:38:05 Version info: Last successful update 06/07/2013 12:24:13 PM2013-07-06 13:38:24 Update not required The next step according to the first link I posted, is to run Farbar from System Recovery options in Repair you Computer after selecting Advanced boot options during startup. It says that Rogue Killer finds false positives and recommends having someone knowledgeable look over the log file first Any information that you can provide would be immensely appreciated. I am running a backup and have created a system repair disk already. The sooner you can reply the better. Thank you so much