mearon0

JRT.txt

The post was too long for the JRT so I will attach it to the next post instead. Here are the logs for the other two: AdwCleaner # AdwCleaner v2.306 - Logfile created 07/19/2013 at 19:34:12 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # Boot Mode : Normal # Running from : C:\Users\B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X6400BA\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [1466 octets] - [19/07/2013 19:34:12] ########## EOF - C:\AdwCleaner[s1].txt - [1526 octets] ########## RK report RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : B [Admin rights] Mode : Scan -- Date : 07/19/2013 19:45:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[50] : NtClose @ 0x836629DE -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC297C00) [Address] SSDT[70] : NtCreateKey @ 0x83642780 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC297A30) [Address] SSDT[103] : NtDeleteKey @ 0x835F617F -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC297E20) [Address] SSDT[106] : NtDeleteValueKey @ 0x835FBE2F -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC298000) [Address] SSDT[116] : NtEnumerateKey @ 0x8364381D -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2983A0) [Address] SSDT[119] : NtEnumerateValueKey @ 0x83661D50 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2985F0) [Address] SSDT[126] : NtFlushKey @ 0x835FD86E -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC297D30) [Address] SSDT[156] : NtLoadKey @ 0x835A7F76 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2988C0) [Address] SSDT[182] : NtOpenKey @ 0x8366EF8B -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2978E0) [Address] SSDT[244] : NtQueryKey @ 0x83647199 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2984D0) [Address] SSDT[266] : NtQueryValueKey @ 0x8367E13B -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC298720) [Address] SSDT[290] : NtRenameKey @ 0x836B1005 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC297F10) [Address] SSDT[358] : NtSetValueKey @ 0x836809B5 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2981A0) [Address] SSDT[380] : NtUnloadKey @ 0x836999DE -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2989A0) [inline] SSDT[155] : NtLoadDriver @ 0x835BF474 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC292290) [inline] SSDT[350] : NtSetSystemInformation @ 0x83602664 -> HOOKED (C:\Windows\System32\drivers\AhnRghNt.sys @ 0xBC2922F0) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 ATA Device +++++ --- User --- [MBR] ff61da8fefaca5fdb8e60780be0e337f [bSP] 21d8b8bd290dea9d536b1751d1d52568 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 102300 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 374538 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07192013_194504.txt >>

Hello, I updated Malwarebytes today and when after I scanned in quick mode, some Trojan.Fakealerts came up, so I removed them. However, I was doing the full scan for Malwarebytes, when I got the BSOD. Attach.txtDDS.txt