Hello Team,
I had downloaded UnHackMe from Giveaway of the Day,trial version, as I was not able to download it on the same day. After running a scan, it detected this rootkit. I sent a log to the support team who sent me a RNR file to help in removal of this rootkit. Nothing gets removed but I keep getting a pop up on my laptop of this rootkit instead. When I try to exit, a window pops up with prices for the removal tool. I shut it down but it pops up again within a minute.
# AdwCleaner v4.106 - Report created 05/01/2015 at 07:41:53
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : dell - DELL-PC
# Running from : C:\Users\dell\Downloads\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files\Uniblue
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAVESENSELIVE.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDS.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDSSERVICE.EXE
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v31.0 (x86 en-US)
-\\ Google Chrome v39.0.2171.95
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R1].txt - [6929 octets] - [28/12/2014 06:33:44]
AdwCleaner[R2].txt - [926 octets] - [28/12/2014 06:45:07]
AdwCleaner[R3].txt - [1589 octets] - [30/12/2014 04:53:00]
AdwCleaner[R4].txt - [1997 octets] - [31/12/2014 08:33:15]
AdwCleaner[R5].txt - [2152 octets] - [05/01/2015 07:30:58]
AdwCleaner[R6].txt - [2212 octets] - [05/01/2015 07:35:01]
AdwCleaner[S1].txt - [6599 octets] - [28/12/2014 06:37:59]
AdwCleaner[S2].txt - [986 octets] - [28/12/2014 06:50:22]
AdwCleaner[S3].txt - [1553 octets] - [30/12/2014 04:56:46]
AdwCleaner[S4].txt - [2257 octets] - [31/12/2014 08:53:08]
AdwCleaner[S5].txt - [1891 octets] - [05/01/2015 07:41:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1951 octets] ##########
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 05/01/2015
Scan Time: 7:47:10 AM
Logfile: MB.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.05.01
Rootkit Database: v2014.12.30.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: dell
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305688
Time Elapsed: 11 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 11
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe, , [0bbaac47c1c87db96615854832d16e92],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe, , [1fa6c52e7c0d60d62f02a08525df6b95],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg, , [933211e2c8c170c6f751ff492bd903fd],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE, , [55700be84b3ef64048371116d92b9d63],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE, , [18adaf4436534beb7c11b4745ba9d12f],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE, , [02c3a54e7b0e37ff4f5c3bedbc48a55b],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE, , [7c49ec079eebd462bc49da4f927227d9],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE, , [dee792610188a393a9ffef3b996b30d0],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE, , [c1048e654c3d77bf50906cbedf25eb15],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOSTS.EXE, , [08bd8e658207b68021c04ae061a3d52b],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE, , [f2d3787bbbceb185e79e77b49173f709],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x86
(UAC is disabled!) Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````[/u]
CCleaner
Java 7 Update 51
Java version 32-bit out of Date! Adobe Flash Player 16.0.0.235
Adobe Reader 10.1.13
Adobe Reader out of Date! Mozilla Firefox 31.0
Firefox out of Date! Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]
Thank you for your time