Jump to content

windows version installer problem


Recommended Posts

Hi!

 

After several months of non-use I updated a bunch of software including the Java plug-in. Tried to get rid of the pesky payload without success. Windows Version Installer keeps popping up. Have run Rogue Killer and have the following log:

 

RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ING [Admin rights]
Mode : Scan -- Date : 08/12/2014  14:08:03
 
¤¤¤ Bad processes : 1 ¤¤¤
[suspicious.Path] (SVC) servervo -- C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe[-] -> STOPPED
 
¤¤¤ Registry Entries : 12 ¤¤¤
[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\Windows\VM305_STI.EXE USB PC Camera VC305  -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\servervo -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\servervo -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\servervo -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13945;https=127.0.0.1:13945  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13945;https=127.0.0.1:13945  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EALX-229BA0 ATA Device +++++
--- User ---
[MBR] 18b1fce4b2db1c4af291bab08f7bda61
[bSP] dc96e5d8ffecd3a4f406bec3e2552dce : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 853667 MB
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 1748723710 | Size: 100000 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Have not deleted anything.
 
Will appreciate advice on the next steps.
 

RKreport_SCN_08122014_140803.log

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.