Jump to content

trouble with PUM.Bad.Proxy


borstm

Recommended Posts

I have been reading through the previous topics relating to the removal of this annoying bugger.  I have downloaded and used malwarebytes, roguekiller and JRT. I always remove the malware and it comes back.  Whenever it is removed in safemode it says gone, but the instant I restart it comes right back. I definitely need professional help on this one.

 

Thanks in advance.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 



 
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"



 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Thanks TwinHeadedEagle. 

 

I downloaded and ran the rootkit tool and it didn't find anything.  I can run a regular malwarebytes scan later after i get back from school to see if it has magically reappeared but that won't be until after 6pm my time.

 

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.02.17.06
  rootkit: v2015.02.03.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17631
M :: FELICITY [administrator]
 
2/17/2015 6:07:34 AM
mbar-log-2015-02-17 (06-07-34).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 348941
Time elapsed: 4 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.3.9200 Windows 8.1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17631
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 3.398000 GHz
Memory total: 8524439552, free: 6040158208
 
Downloaded database version: v2015.02.17.06
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
------------ Kernel report ------------
     02/17/2015 06:07:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1i63x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athwnx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\sthid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\drivers\xusb22.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\System32\drivers\Dot4Prt.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\??\C:\WINDOWS\system32\Drivers\CatWSw864.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
 
Scan started
Database versions:
  main:    v2015.02.17.06
  rootkit: v2015.02.03.01
 
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xffffe00132a58060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffe00132a5b8f0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffe001352a0090
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xffffe00132adc770
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xffffe00132aecb10
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffe0013596c520
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffe00132af2060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004f\
Lower Device Object: 0xffffe00132af3b10
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffe0013547e300
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffe00132290770
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004e\
Lower Device Object: 0xffffe00132ae5b10
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffe00135467d30
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffe00132948770
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004d\
Lower Device Object: 0xffffe00132af2b10
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffe001356194a0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffe001302ed060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000033\
Lower Device Object: 0xffffe0012f927060
Lower Device Driver Name: \Driver\storahci\
Device already Exists: 0xffffe0013372ca50
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffe001302ec060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000032\
Lower Device Object: 0xffffe0012f929060
Lower Device Driver Name: \Driver\storahci\
Device already Exists: 0xffffe00135963090
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe001302ea450
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000031\
Lower Device Object: 0xffffe0012f92a060
Lower Device Driver Name: \Driver\storahci\
Device already Exists: 0xffffe00135831530
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe001302ec060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001302eca40, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001302ec060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0012f929a70, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0012f92ed40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0012f929060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffc001214dc6d0, 0xffffe001302ec060, 0xffffe00135862090
Lower DeviceData: 0xffffc0010fe2a190, 0xffffe0012f929060, 0xffffe00135963090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001302ea450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001302eb040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001302ea450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0012f929c60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0012f92aa70, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0012f92a060, DeviceName: \Device\00000031\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffc00117f85e00, 0xffffe001302ea450, 0xffffe00135860090
Lower DeviceData: 0xffffc0011e4d9520, 0xffffe0012f92a060, 0xffffe00135831530
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 17A2ABB
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 54B2A12D
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 487675904
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe001302ed060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001302ee040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001302ed060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0012f8a4d40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0012f929e50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0012f927060, DeviceName: \Device\00000033\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffc00118f04620, 0xffffe001302ed060, 0xffffe0013585a090
Lower DeviceData: 0xffffc0011c68b720, 0xffffe0012f927060, 0xffffe0013372ca50
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 330522778
    GPT Header CurrentLba = 1 BackupLba 7814037167
    GPT Header FirstUsableLba 34  LastUsableLba 7814037134
    GPT Header Guid 5de417ad-9df7-4e2e-a672-0c7bc7d50cb
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 00000000
    Backup GPT header Revision 0 Size 0 CRC 0
    Backup GPT header CurrentLba = 0 BackupLba 0
    Backup GPT header FirstUsableLba 0  LastUsableLba 0
    Backup GPT header Guid 0-0-0-00-000000
    Backup GPT header Contains 0 partition entries starting at LBA 0
    Backup GPT header Partition entry size = 0
 
    GPT header and Backup GPT header have conflicting data
 
    Backup GPT partition header signature doesn't match "EFI PART" magic
 
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 3cdfb295-692-41c3-a0bc-9af82e3bf1ca
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 43b5275c-282e-4e72-85e7-cdadb3a3686
    FirstLBA 264192  Last LBA 7814035455
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 4000787030016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffe00132948770, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00132909a10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00132948770, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00132af2b10, DeviceName: \Device\0000004d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffe00132290770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00132357b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00132290770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00132ae5b10, DeviceName: \Device\0000004e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffe00132af2060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0013228ab20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00132af2060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00132af3b10, DeviceName: \Device\0000004f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xffffe00132adc770, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00132b45b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00132adc770, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00132aecb10, DeviceName: \Device\00000050\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xffffe00132a58060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00132a58b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00132a58060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00132a5b8f0, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

RogueKiller.png Scan with RogueKiller
 
Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

Link to post
Share on other sites

RogueKiller V10.4.0.0 [Feb 18 2015] by Adlice Software





 

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version

Started in : Normal mode

User : M [Administrator]

Mode : Scan -- Date : 02/18/2015  18:08:12

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 14 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\RK_M_ON_E_8580\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : C:\Users\M\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED  -> Found

[suspicious.Path] (X86) HKEY_USERS\RK_M_ON_E_8580\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : C:\Users\M\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED  -> Found

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

 

¤¤¤ Antirootkit : 10 (Driver: Not loaded [0xc000036b]) ¤¤¤

[iAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) NETAPI32.dll - NetGetJoinInformation : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x73162d60

[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74cbb80d (jmp dword near [0x74c06268])

[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74cbb80d (jmp dword near [0x74c06268])

[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74cbb80d (jmp dword near [0x74c06268])

[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x62b21b7a

[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x626cfa68

[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74cbb80d (jmp dword near [0x74c06268])

[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74cbb80d (jmp dword near [0x74c06268])

[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x62b21b7a

[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x626cfa68

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 +++++

--- User ---

[MBR] 69490af2ba9b0227ba9aa729b58bfeb8

[bSP] d81db82b1638dd8279fc9e5af0d8b94d : Windows Vista/7/8 MBR Code

Partition table:

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Samsung SSD 840 EVO 250GB +++++

--- User ---

[MBR] bc21521e603371555ce225c8cdb728e6

[bSP] b8e6f32c21c637aef843d91a1363651b : Windows Vista/7/8 MBR Code

Partition table:

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive2: WDC WD40EZRX-00SPEB0 +++++

--- User ---

[MBR] 0086f36f0b7bc8b257f89fc226376c3d

[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code

Partition table:

0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB

1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive7: HP Photosmart C4600 USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

============================================

RKreport_DEL_02152015_190613.log - RKreport_DEL_02152015_192336.log - RKreport_DEL_02152015_194210.log - RKreport_DEL_02152015_203147.log

RKreport_DEL_02152015_204553.log - RKreport_DEL_02152015_210325.log - RKreport_DEL_02152015_212911.log - RKreport_DEL_02152015_212948.log

RKreport_DEL_02152015_224438.log - RKreport_DEL_02152015_231908.log - RKreport_DEL_02152015_232225.log - RKreport_DEL_02152015_232248.log

RKreport_DEL_02152015_232510.log - RKreport_DEL_02152015_233018.log - RKreport_DEL_02162015_062248.log - RKreport_DEL_02162015_195004.log

RKreport_SCN_02152015_185840.log - RKreport_SCN_02152015_192311.log - RKreport_SCN_02152015_192412.log - RKreport_SCN_02152015_194136.log

RKreport_SCN_02152015_194944.log - RKreport_SCN_02152015_203051.log - RKreport_SCN_02152015_204538.log - RKreport_SCN_02152015_204634.log

RKreport_SCN_02152015_204816.log - RKreport_SCN_02152015_210248.log - RKreport_SCN_02152015_212741.log - RKreport_SCN_02152015_213056.log

RKreport_SCN_02152015_224419.log - RKreport_SCN_02152015_231832.log - RKreport_SCN_02152015_232209.log - RKreport_SCN_02152015_232432.log

RKreport_SCN_02152015_232900.log - RKreport_SCN_02162015_062207.log - RKreport_SCN_02162015_065141.log - RKreport_SCN_02162015_173156.log

RKreport_SCN_02162015_194930.log - RKreport_SCN_02162015_195331.log

Link to post
Share on other sites

Okay, run Rogue Killer scan again.

 

When it finish, place checkmark next to each of these items:

 

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
 
Leave the others unchecked. Now press Delete button.
Attach report when it finish.
Link to post
Share on other sites

It isn't showing up anymore! Although when I run RogueKiller just to scan it shows the "PUM.desktop icons" but not the proxy ones that we deleted earlier, the current ones shouldn't cause us any trouble right?  Also, when I did run RKiller it pulled up a website that said it had found an IAT/EAT hook. Are those something that I should try and delete or fix?  Some of them look like they are from processes from regular programs.

 

Thanks for all of your help btw.

 

 

RogueKiller V10.4.0.0 [Feb 18 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : M [Administrator]
Mode : Scan -- Date : 02/19/2015  05:42:55
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 18 (Driver: Not loaded [0x20]) ¤¤¤
[iAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) NETAPI32.dll - NetGetJoinInformation : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x73112d60
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74d3b80d (jmp dword near [0x74c86268])
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74d3b80d (jmp dword near [0x74c86268])
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74d3b80d (jmp dword near [0x74c86268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x61831b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x613dfa68
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74d3b80d (jmp dword near [0x74c86268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x61831b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x613dfa68
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74d3b80d (jmp dword near [0x74c86268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x61831b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x613dfa68
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74d3b80d (jmp dword near [0x74c86268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x61831b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x613dfa68
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x74d3b80d (jmp dword near [0x74c86268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x61831b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x613dfa68
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 +++++
--- User ---
[MBR] 69490af2ba9b0227ba9aa729b58bfeb8
[bSP] d81db82b1638dd8279fc9e5af0d8b94d : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 840 EVO 250GB +++++
--- User ---
[MBR] bc21521e603371555ce225c8cdb728e6
[bSP] b8e6f32c21c637aef843d91a1363651b : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD40EZRX-00SPEB0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive7: HP Photosmart C4600 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_02152015_190613.log - RKreport_DEL_02152015_192336.log - RKreport_DEL_02152015_194210.log - RKreport_DEL_02152015_203147.log
RKreport_DEL_02152015_204553.log - RKreport_DEL_02152015_210325.log - RKreport_DEL_02152015_212911.log - RKreport_DEL_02152015_212948.log
RKreport_DEL_02152015_224438.log - RKreport_DEL_02152015_231908.log - RKreport_DEL_02152015_232225.log - RKreport_DEL_02152015_232248.log
RKreport_DEL_02152015_232510.log - RKreport_DEL_02152015_233018.log - RKreport_DEL_02162015_062248.log - RKreport_DEL_02162015_195004.log
RKreport_DEL_02182015_184702.log - RKreport_DEL_02182015_223601.log - RKreport_SCN_02152015_185840.log - RKreport_SCN_02152015_192311.log
RKreport_SCN_02152015_192412.log - RKreport_SCN_02152015_194136.log - RKreport_SCN_02152015_194944.log - RKreport_SCN_02152015_203051.log
RKreport_SCN_02152015_204538.log - RKreport_SCN_02152015_204634.log - RKreport_SCN_02152015_204816.log - RKreport_SCN_02152015_210248.log
RKreport_SCN_02152015_212741.log - RKreport_SCN_02152015_213056.log - RKreport_SCN_02152015_224419.log - RKreport_SCN_02152015_231832.log
RKreport_SCN_02152015_232209.log - RKreport_SCN_02152015_232432.log - RKreport_SCN_02152015_232900.log - RKreport_SCN_02162015_062207.log
RKreport_SCN_02162015_065141.log - RKreport_SCN_02162015_173156.log - RKreport_SCN_02162015_194930.log - RKreport_SCN_02162015_195331.log
RKreport_SCN_02182015_180812.log - RKreport_SCN_02182015_214849.log - RKreport_SCN_02182015_223526.log - RKreport_SCN_02182015_223750.log

malwarebytes log 2-19-2014.txt

Link to post
Share on other sites

No, do not touch these lines, they are fine.
 
 
 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

The proxy entries are back in Rkiller too.

 

RogueKiller V10.4.0.0 [Feb 18 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : M [Administrator]
Mode : Scan -- Date : 02/19/2015  06:16:56
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-426721387-3403381134-2824838836-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 15 (Driver: Not loaded [0xc000036b]) ¤¤¤
[iAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) NETAPI32.dll - NetGetJoinInformation : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x72792d60
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x742eb80d (jmp dword near [0x74236268])
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x742eb80d (jmp dword near [0x74236268])
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x742eb80d (jmp dword near [0x74236268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x628d1b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6247fa68
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x742eb80d (jmp dword near [0x74236268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x628d1b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6247fa68
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x742eb80d (jmp dword near [0x74236268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x628d1b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6247fa68
[iAT:Inl(Hook.IEAT)] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x742eb80d (jmp dword near [0x74236268])
[iAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x628d1b7a
[iAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6247fa68
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 +++++
--- User ---
[MBR] 69490af2ba9b0227ba9aa729b58bfeb8
[bSP] d81db82b1638dd8279fc9e5af0d8b94d : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 840 EVO 250GB +++++
--- User ---
[MBR] bc21521e603371555ce225c8cdb728e6
[bSP] b8e6f32c21c637aef843d91a1363651b : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD40EZRX-00SPEB0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive7: HP Photosmart C4600 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_02152015_190613.log - RKreport_DEL_02152015_192336.log - RKreport_DEL_02152015_194210.log - RKreport_DEL_02152015_203147.log
RKreport_DEL_02152015_204553.log - RKreport_DEL_02152015_210325.log - RKreport_DEL_02152015_212911.log - RKreport_DEL_02152015_212948.log
RKreport_DEL_02152015_224438.log - RKreport_DEL_02152015_231908.log - RKreport_DEL_02152015_232225.log - RKreport_DEL_02152015_232248.log
RKreport_DEL_02152015_232510.log - RKreport_DEL_02152015_233018.log - RKreport_DEL_02162015_062248.log - RKreport_DEL_02162015_195004.log
RKreport_DEL_02182015_184702.log - RKreport_DEL_02182015_223601.log - RKreport_SCN_02152015_185840.log - RKreport_SCN_02152015_192311.log
RKreport_SCN_02152015_192412.log - RKreport_SCN_02152015_194136.log - RKreport_SCN_02152015_194944.log - RKreport_SCN_02152015_203051.log
RKreport_SCN_02152015_204538.log - RKreport_SCN_02152015_204634.log - RKreport_SCN_02152015_204816.log - RKreport_SCN_02152015_210248.log
RKreport_SCN_02152015_212741.log - RKreport_SCN_02152015_213056.log - RKreport_SCN_02152015_224419.log - RKreport_SCN_02152015_231832.log
RKreport_SCN_02152015_232209.log - RKreport_SCN_02152015_232432.log - RKreport_SCN_02152015_232900.log - RKreport_SCN_02162015_062207.log
RKreport_SCN_02162015_065141.log - RKreport_SCN_02162015_173156.log - RKreport_SCN_02162015_194930.log - RKreport_SCN_02162015_195331.log
RKreport_SCN_02182015_180812.log - RKreport_SCN_02182015_214849.log - RKreport_SCN_02182015_223526.log - RKreport_SCN_02182015_223750.log
RKreport_SCN_02192015_054255.log
Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.