Always getting this error on startup

Page 2 of 2 FirstFirst 12

  1. vgchat
    Posts : 30
    Windows 7 Ultimate x64
    Thread Starter
       New #11

    I installed MB and a few seconds after start up it caught this and it looks like the virus keeps popping back up.

    Code:
    2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Starting protection
2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Protection started successfully
2013/07/24 11:31:54 -0600	AVALANCH-PC	avalanch	MESSAGE	Starting IP protection
2013/07/24 11:31:55 -0600	AVALANCH-PC	avalanch	MESSAGE	IP Protection started successfully
2013/07/24 11:32:02 -0600	AVALANCH-PC	avalanch	DETECTION	G:\Users\avalanch\AppData\Local\Temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:33:24 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:33:24 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:38:19 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:38:19 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:39:10 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:39:10 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
2013/07/24 11:39:14 -0600	AVALANCH-PC	avalanch	DETECTION	g:\users\avalanch\appdata\local\temp\chrome.exe	Trojan.MSIL	QUARANTINE
2013/07/24 11:39:14 -0600	AVALANCH-PC	avalanch	ERROR	Quarantine failed:  SDKQuarantine failed with error code 2
    I have yet to do a full scan or run the roguekiller but the full scan is in progress right now.
      My Computer
    Quote Quote

  3. vgchat
    Posts : 30
    Windows 7 Ultimate x64
    Thread Starter
       New #12

    Here's the mbam results

    Code:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
avalanch :: AVALANCH-PC [administrator]

Protection: Enabled

7/24/2013 12:18:15 PM
mbam-log-2013-07-24 (12-18-15).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 611690
Time elapsed: 1 hour(s), 10 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|chrome (Trojan.Agent) -> Data: "G:\Users\avalanch\AppData\Roaming\chrome\chrome.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
G:\Users\avalanch\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 11
E:\SRS Audio Sandbox 1.10.2.0.rar (Trojan.Dropper.PGen) -> No action taken.
E:\Downloads\chromepass.zip (PUP.ChromePasswordTool) -> No action taken.
E:\Downloads\chromepass\ChromePass.exe (PUP.ChromePasswordTool) -> No action taken.
E:\Downloads\WPE PRO - modified.zip (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.
E:\Downloads\WPE PRO - modified\WpeSpy.dll (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.

G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-20-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-21-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
G:\Users\avalanch\AppData\Roaming\dclogs\2013-07-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully.

(end)
      My Computer
    Quote Quote

  4. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #13

    Restart the PC and run RogueKiller .
      My Computer
    Quote Quote

  6. vgchat
    Posts : 30
    Windows 7 Ultimate x64
    Thread Starter
       New #14

    Alright, I restarted & ran the RK tool and here's it's results.

    Code:
    RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : avalanch [Admin rights]
Mode : Scan -- Date : 07/24/2013 14:33:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 19aac6d6358a31638193da1e58b3a80f
[BSP] 824b93df78cb5d2a69c81aec1266ca81 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 9539fd94bddbffda9395ae3323c8ba30
[BSP] e4c948cba6d734b778c663230ff4e8d3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953716 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 5670f7dab435709844937a658dce92cc
[BSP] c362c2fb01507bdde3712e595625b8c5 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 7a184e6949a725c54af869a717e79537
[BSP] d583239bfca040b83921c79615c2cf29 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07242013_143313.txt >>
    Last edited by vgchat; 28 Feb 2018 at 15:48.
      My Computer
    Quote Quote

  7. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #15

    Change your passwords on a non infected PC . Are you still getting that pop up ?
      My Computer
    Quote Quote

  8. vgchat
    Posts : 30
    Windows 7 Ultimate x64
    Thread Starter
       New #16

    No the popup hasn't been showing after that.
    Last edited by vgchat; 28 Feb 2018 at 15:49.
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
As the title suggests, my Acer Aspire has been running startup repair for over 20 hours following a BSOD yesterday. I'm not sure if it's worth the wait so maybe you all can shed some light. Yesterday I was stressfully trying to search for something (using Chrome) and the website I was on froze;...
Hi guys I was cleaning my laptop turned it on and it just wouldn't work so I turned it off and on again and it was giving me this error code saying my keyboard is not detected in start up. It then says there was a problem and shoots me to startup repair where it's just stuck not doing anything. My...
This is a family member's laptop. It is a Dell Inspirion N4110 running Win 7 Home Premium x64 They gave it to me complaining that the shutdown button restarts the computer and will not actually shut it down. So I checked its preferences, they were fine. I went into the registry and changed the...
Here's my story: My sister's PC had been corrupted in lots of unnecessary programs and apps. I deleted those craps. Windows Action Center then prompts me to update my windows, and I did. PC restarted and POOF!!!, I am seem to be forever stuck in the Startup Repair Loop. So I tried System...
so everything was fine when my laptop started to become very slow and i used to get the BSOD very often so i decided to recover the system to the initial state . i did that and everything was fine , then i updated the windows 7 service pack 1 and finished the installation and rebooted my computer ,...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 13:25.
Find Us