Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Malicious Website constantly been blocked
Message
<blockquote data-quote="LAGP" data-source="post: 329579" data-attributes="member: 32909"><p>Thank you sir for such a quick response! I opene Malwarebyt Anti-Rootkit and it gave me a notification that a dll file, dont remember the specific name sorry, maybe a rootkit if not sure to click no so I did, Afterward the program ran as instructed. The program detected two files and I "cleanup" and rebooted.</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version: v2015.01.07.06</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 11.0.9600.17501</p><p>Gerardo :: GERARDO-PC [administrator]</p><p></p><p>1/7/2015 3:42:38 AM</p><p>mbar-log-2015-01-07 (03-42-38).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 324994</p><p>Time elapsed: 7 minute(s), 33 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 2</p><p>HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [9200aa4aafdaca6cf97425ddee12f40c]</p><p>HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [deb420d4e2a78fa7581841c1b24ec838]</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17501</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 3.600000 GHz</p><p>Memory total: 17092030464, free: 13329133568</p><p></p><p>Downloaded database version: v2015.01.07.06</p><p>Downloaded database version: v2015.01.06.01</p><p>Downloaded database version: v2014.12.06.01</p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 01/07/2015 03:42:29</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\System32\drivers\whnj.sys</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\iaStorA.sys</p><p>\SystemRoot\system32\drivers\storport.sys</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\SysWOW64\speedfan.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\system32\drivers\iaStorF.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\avgrkx64.sys</p><p>\SystemRoot\system32\DRIVERS\avgloga.sys</p><p>\SystemRoot\system32\DRIVERS\avgmfx64.sys</p><p>\SystemRoot\system32\DRIVERS\avgidsha.sys</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\??\C:\Windows\system32\drivers\avgtpx64.sys</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\avgfwd6a.sys</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\DRIVERS\avgtdia.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\serial.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\System32\Drivers\SCDEmu.SYS</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\avgldx64.sys</p><p>\SystemRoot\system32\DRIVERS\avgidsdrivera.sys</p><p>\SystemRoot\system32\DRIVERS\avgdiska.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\nvlddmkm.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\rusb3xhc.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\serenum.sys</p><p>\SystemRoot\system32\DRIVERS\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\drivers\LGBusEnum.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\drivers\nvvad64v.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\DRIVERS\rusb3hub.sys</p><p>\SystemRoot\system32\drivers\nvhda64v.sys</p><p>\SystemRoot\system32\drivers\RTKVHD64.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\drivers\usbaudio.sys</p><p>\SystemRoot\system32\DRIVERS\ladfGSRamd64.sys</p><p>\SystemRoot\system32\DRIVERS\ladfGSCamd64.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_diskdump.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStorA.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\??\C:\Windows\nvflsh64.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\Windows\nvoclk64.sys</p><p>\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys</p><p>\SystemRoot\system32\drivers\LGVirHid.sys</p><p>\??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa800e3e0790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\0000006f\</p><p>Lower Device Object: 0xfffffa800e0102b0</p><p>Lower Device Driver Name: \Driver\iaStorA\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa800e3e0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa800e3e02c0, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa800e3e0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800e2f2b00, DeviceName: Unknown, DriverName: \Driver\iaStorF\</p><p>DevicePointer: 0xfffffa800cdb27a0, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xfffffa800e0102b0, DeviceName: \Device\0000006f\, DriverName: \Driver\iaStorA\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>This drive is a GPT Drive.</p><p>MBR Signature: 55AA</p><p>Disk Signature: 21D543A</p><p></p><p>GPT Protective MBR Partition information:</p><p></p><p> Partition 0 type is EFI-GPT (0xee)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1 Numsec = 4294967295</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>GPT Partition information:</p><p></p><p> GPT Header Signature 4546492050415254</p><p> GPT Header Revision 65536 Size 92 CRC 146429516</p><p> GPT Header CurrentLba = 1 BackupLba 5860533167</p><p> GPT Header FirstUsableLba 34 LastUsableLba 5860533134</p><p> GPT Header Guid 635a12b0-e35e-4ab8-a636-ff6a9d4b4d9a</p><p> GPT Header Contains 128 partition entries starting at LBA 2</p><p> GPT Header Partition entry size = 128</p><p></p><p> Backup GPT header Signature 4546492050415254</p><p> Backup GPT header Revision 65536 Size 92 CRC 146429516</p><p> Backup GPT header CurrentLba = 5860533167 BackupLba 1</p><p> Backup GPT header FirstUsableLba 34 LastUsableLba 5860533134</p><p> Backup GPT header Guid 635a12b0-e35e-4ab8-a636-ff6a9d4b4d9a</p><p> Backup GPT header Contains 128 partition entries starting at LBA 5860533135</p><p> Backup GPT header Partition entry size = 128</p><p></p><p> Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b</p><p> Partition ID eeb6141d-321c-49cb-b52a-bff644275c99</p><p> FirstLBA 2048 Last LBA 1026047</p><p> Attributes 0</p><p> Partition Name EFI </p><p></p><p> GPT Partition 0 is bootable</p><p> Partition 1 Type de94bba4-6d1-4d40-a1a6-bfd5179d6ac</p><p> Partition ID 792802d2-b654-4c16-a89a-982353a6812</p><p> FirstLBA 1026048 Last LBA 1107967</p><p> Attributes 1</p><p> Partition Name Basi</p><p></p><p> Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae</p><p> Partition ID 9f0d6cfa-cbac-4dfc-b8d3-b7b875803376</p><p> FirstLBA 1107968 Last LBA 1370111</p><p> Attributes 0</p><p> Partition Name Micr</p><p></p><p> Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7</p><p> Partition ID dc086fcf-851f-4cd0-853b-a7b04231b372</p><p> FirstLBA 1370112 Last LBA 22755327</p><p> Attributes 0</p><p> Partition Name Basi</p><p></p><p> Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7</p><p> Partition ID 7b654b4c-2b0e-4320-94a4-cb18653ffb2f</p><p> FirstLBA 22755328 Last LBA 5860533133</p><p> Attributes 0</p><p> Partition Name </p><p></p><p>Disk Size: 3000592982016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>File "c:\programdata\avg2015\chjw\8e6c084e6c0740a.dat:5df3d217-5f39-475a-8067-c13ecf8e292b" is sparse (flags = 32768)</p><p>Infected: HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]</p><p>Infected: HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks]</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Could not create restore point...</p><p>Cleaning up...</p><p>Executing an action cmd.exe...</p><p>Success!</p><p>Executing an action cmd.exe...</p><p>Success!</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p></blockquote><p></p>
[QUOTE="LAGP, post: 329579, member: 32909"] Thank you sir for such a quick response! I opene Malwarebyt Anti-Rootkit and it gave me a notification that a dll file, dont remember the specific name sorry, maybe a rootkit if not sure to click no so I did, Afterward the program ran as instructed. The program detected two files and I "cleanup" and rebooted. Malwarebytes Anti-Rootkit BETA 1.08.2.1001 [url="http://www.malwarebytes.org"]www.malwarebytes.org[/url] Database version: v2015.01.07.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17501 Gerardo :: GERARDO-PC [administrator] 1/7/2015 3:42:38 AM mbar-log-2015-01-07 (03-42-38).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 324994 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [9200aa4aafdaca6cf97425ddee12f40c] HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [deb420d4e2a78fa7581841c1b24ec838] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17501 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.600000 GHz Memory total: 17092030464, free: 13329133568 Downloaded database version: v2015.01.07.06 Downloaded database version: v2015.01.06.01 Downloaded database version: v2014.12.06.01 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... ------------ Kernel report ------------ 01/07/2015 03:42:29 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\whnj.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStorA.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iaStorF.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\Windows\system32\drivers\avgtpx64.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\avgfwd6a.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\system32\DRIVERS\avgdiska.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\rusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\LGBusEnum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\rusb3hub.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\ladfGSRamd64.sys \SystemRoot\system32\DRIVERS\ladfGSCamd64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\nvflsh64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\nvoclk64.sys \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys \SystemRoot\system32\drivers\LGVirHid.sys \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800e3e0790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006f\ Lower Device Object: 0xfffffa800e0102b0 Lower Device Driver Name: \Driver\iaStorA\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800e3e0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e3e02c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e3e0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e2f2b00, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa800cdb27a0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800e0102b0, DeviceName: \Device\0000006f\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 21D543A GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 146429516 GPT Header CurrentLba = 1 BackupLba 5860533167 GPT Header FirstUsableLba 34 LastUsableLba 5860533134 GPT Header Guid 635a12b0-e35e-4ab8-a636-ff6a9d4b4d9a GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 146429516 Backup GPT header CurrentLba = 5860533167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 5860533134 Backup GPT header Guid 635a12b0-e35e-4ab8-a636-ff6a9d4b4d9a Backup GPT header Contains 128 partition entries starting at LBA 5860533135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID eeb6141d-321c-49cb-b52a-bff644275c99 FirstLBA 2048 Last LBA 1026047 Attributes 0 Partition Name EFI GPT Partition 0 is bootable Partition 1 Type de94bba4-6d1-4d40-a1a6-bfd5179d6ac Partition ID 792802d2-b654-4c16-a89a-982353a6812 FirstLBA 1026048 Last LBA 1107967 Attributes 1 Partition Name Basi Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 9f0d6cfa-cbac-4dfc-b8d3-b7b875803376 FirstLBA 1107968 Last LBA 1370111 Attributes 0 Partition Name Micr Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID dc086fcf-851f-4cd0-853b-a7b04231b372 FirstLBA 1370112 Last LBA 22755327 Attributes 0 Partition Name Basi Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 7b654b4c-2b0e-4320-94a4-cb18653ffb2f FirstLBA 22755328 Last LBA 5860533133 Attributes 0 Partition Name Disk Size: 3000592982016 bytes Sector size: 512 bytes Done! File "c:\programdata\avg2015\chjw\8e6c084e6c0740a.dat:5df3d217-5f39-475a-8067-c13ecf8e292b" is sparse (flags = 32768) Infected: HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B] Infected: HKU\S-1-5-21-504918127-1645587970-2504616167-1001_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks] Scan finished Creating System Restore point... Could not create restore point... Cleaning up... Executing an action cmd.exe... Success! Executing an action cmd.exe... Success! Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= [/QUOTE]
Insert quotes…
Verification
Post reply
Top