Jump to content

the setup files are corrupted. please obtain a new copy of the program


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report". Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Next,

 

Please download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe Save to your desktop.

 

  • Double click theaswMBR.exe icon, and click Run
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

 

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

Kevin..

Link to post
Share on other sites

RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Vartotojas [Admin rights]
Mode : Scan -- Date : 07/19/2014  14:34:27

¤¤¤ Bad processes : 2 ¤¤¤
[suspicious.Path] (SVC) IePluginServices -- C:\ProgramData\IePluginServices\PluginService.exe -service[7] -> STOPPED
[suspicious.Path] (SVC) TorchCrashHandler -- C:\Users\Vartotojas\AppData\Local\Torch\Update\TorchCrashHandler.exe[7] -> STOPPED

¤¤¤ Registry Entries : 14 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginServices -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TorchCrashHandler -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginServices -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TorchCrashHandler -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IePluginServices -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TorchCrashHandler -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM641JI SATA Disk Device +++++
--- User ---
[MBR] 9b35bac83835a969e8471a30523578ec
[bSP] bfb9c82d7aa9e39f90d8124ba528b9d2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 510478 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 7da398cdb8c5a2a7fa18410fdd7e0ca4
[bSP] e060136c0a6c54b54fc3b541b38b0fc2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 159793152 | Size: 40000 MB
2 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 241713152 | Size: 800 MB

 

 

 

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-19 14:39:06
-----------------------------
14:39:06.181    OS Version: Windows x64 6.1.7601 Service Pack 1
14:39:06.182    Number of processors: 2 586 0x100
14:39:06.184    ComputerName: WINCTRL-940QOK4  UserName: Vartotojas
14:39:07.283    Initialize success
14:39:07.284    VM: initialized successfully
14:39:07.291    VM: Amd CPU supported virtualizedSuspended
14:39:17.404    VM: supported disk I/O storport.sys
14:43:30.808    AVAST engine defs: 14071900
14:43:42.034    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
14:43:42.044    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 11
14:43:42.194    Disk 0 MBR read successfully
14:43:42.204    Disk 0 MBR scan
14:43:42.234    Disk 0 Windows 7 default MBR code
14:43:42.244    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:43:42.254    Disk 0 default boot code
14:43:42.274    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99900 MB offset 206848
14:43:42.304    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       510478 MB offset 204802048
14:43:42.354    Disk 0 scanning C:\Windows\system32\drivers
14:43:56.046    Service scanning
14:44:36.443    Modules scanning
14:44:36.453    Disk 0 trace - called modules:
14:44:36.503    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:44:36.523    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003721060]
14:44:36.533    3 CLASSPNP.SYS[fffff880013c643f] -> nt!IofCallDriver -> [0xfffffa800362d720]
14:44:36.553    5 amd_xata.sys[fffff8800112cb3f] -> nt!IofCallDriver -> \Device\00000067[0xfffffa800362b060]
14:44:36.933    AVAST engine scan C:\Windows
14:44:38.927    AVAST engine scan C:\Windows\system32
14:51:23.788    AVAST engine scan C:\Windows\system32\drivers
14:51:41.742    AVAST engine scan C:\Users\Vartotojas
15:01:12.324    AVAST engine scan C:\ProgramData
15:03:10.076    Scan finished successfully
15:15:46.366    Disk 0 MBR has been saved successfully to "C:\Users\Vartotojas\Desktop\MBR.dat"
15:15:46.386    The log file has been saved successfully to "C:\Users\Vartotojas\Desktop\aswMBR.txt"

 

Link to post
Share on other sites

Continue and run the following:

 

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.