Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus or Trojan problems


  • This topic is locked This topic is locked
15 replies to this topic

#1 mysterious516

mysterious516

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 27 May 2013 - 01:04 PM

I would like to Thank you again for the help you are giving me.


Problems my computer has: When logging on to administrator account my screen will turn a bright pink I then have to shut down cp and use my side. It runs slow, doesn't respond, freezes,credentail errors, windows won't update. When I ran a hijack this log a few weeks ago it had a lot of missing files.corrupt files, I also ran across cws Trojan not sure where I seen it at. When looking at my internet conection it would show my laptop ? then router then internet.Also in log I seen some german name I googled it didn't know what it was thought that was strange.

Here are the logs you requested

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by chris at 9:48:29 on 2013-05-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.384 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k wcssvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\igfxext.exe
C:\Users\christi\Desktop\mbar-1.06.0.1003\mbar\mbar.exe
C:\windows\System32\msdtc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SysWow64\perfhost.exe
C:\windows\System32\snmptrap.exe
C:\windows\System32\vds.exe
C:\windows\System32\alg.exe
C:\windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://samsung.msn.com
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
mRunOnce: [aswredemption.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\redemption.dll"
mRunOnce: [aswredemption64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\redemption64.dll"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: NoDriveAutoRun = dword:67043307
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{EAF75BF1-93E7-4F56-A816-6A449039312E} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{EAF75BF1-93E7-4F56-A816-6A449039312E}\86F6D656D233035383 : DHCPNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{EAF75BF1-93E7-4F56-A816-6A449039312E}\97F657E65637D27657563747 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{EAF75BF1-93E7-4F56-A816-6A449039312E}\C496E686162747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EAF75BF1-93E7-4F56-A816-6A449039312E}\C616E646F6E636271677C6569777162746 : DHCPNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
TCP: Interfaces\{EAF75BF1-93E7-4F56-A816-6A449039312E}\E6F602D616E636865637D27657563747 : DHCPNameServer = 192.168.7.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-RunOnce: [*Restore] C:\windows\System32\rstrui.exe /runonce
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\chris.christi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ijlfhs2t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-20 01:28; plugin@selectionlinks.com; C:\Users\chris.christi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ijlfhs2t.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-05-01 01:35; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2013-5-1 19600]
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-5-1 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-5-1 189936]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-5-1 1025808]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-5-1 378432]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-2-27 13824]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-5-1 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-5-1 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-26 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.sys [2011-6-4 11576]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-7 19192]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-4-25 258896]
R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-5-26 36680]
R3 mbamswissarmy;mbamswissarmy;C:\windows\System32\drivers\mbamswissarmy.sys [2013-5-26 162008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-9-27 553576]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-6-4 348712]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-3-18 57856]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-24 169752]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-4-24 342528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-30 19456]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2012-11-14 16152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-30 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-9 31088]
.
=============== Created Last 30 ================
.
2013-05-27 03:58:37 162008 ----a-w- C:\windows\System32\drivers\mbamswissarmy.sys
2013-05-27 03:58:37 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-27 03:55:43 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-05-16 18:30:34 0 ----a-w- C:\windows\SysWow64\sho5A13.tmp
2013-05-16 04:04:10 9195912 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 08:45:54 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-05-14 08:45:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-13 16:00:20 0 ----a-w- C:\windows\SysWow64\shoF70C.tmp
2013-05-04 15:33:25 -------- d-----w- C:\91ee9ed27747077d1462
2013-05-01 08:42:09 19600 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2013-05-01 08:36:10 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-05-01 08:36:06 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-05-01 08:36:06 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-05-01 08:36:05 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-05-01 08:36:01 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-05-01 08:34:58 41664 ----a-w- C:\windows\avastSS.scr
2013-05-01 08:34:44 -------- d-----w- C:\Program Files\AVAST Software
2013-05-01 08:33:13 -------- d-----w- C:\ProgramData\AVAST Software
2013-04-30 22:36:46 256904 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2013-04-30 08:16:32 120840 ----a-w- C:\windows\System32\BgGamingMonitor.dll
2013-04-30 08:16:32 108968 ----a-w- C:\windows\SysWow64\BgGamingMonitor.dll
2013-04-30 08:16:29 64352 ----a-w- C:\windows\System32\BGLsp.dll
2013-04-30 08:16:29 54624 ----a-w- C:\windows\SysWow64\BGLsp.dll
2013-04-28 17:10:45 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-28 16:19:18 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2013-05-16 04:04:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 04:04:19 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-24 08:54:14 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2013-04-24 08:50:01 0 ----a-w- C:\windows\SysWow64\sho57A2.tmp
2013-04-20 21:02:07 0 ----a-w- C:\windows\SysWow64\sho194C.tmp
2013-04-20 09:25:59 0 ----a-w- C:\windows\SysWow64\shoCB94.tmp
2013-04-19 09:45:33 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-19 09:45:27 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-04-02 10:34:28 282744 ------w- C:\windows\System32\MpSigStub.exe
2013-03-29 17:07:03 963488 ----a-w- C:\windows\System32\deployJava1.dll
2013-03-29 17:07:03 1085344 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-03-29 17:07:03 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
2013-03-18 10:05:13 0 ----a-w- C:\windows\SysWow64\sho618E.tmp
2013-03-01 03:36:04 3153408 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 9:49:54.23 ===============

BC AdBot (Login to Remove)

 


#2 mysterious516

mysterious516
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 27 May 2013 - 01:05 PM


The attach txt would not save to desktop

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 AM

Posted 30 May 2013 - 09:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

  • Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#4 mysterious516

mysterious516
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 01 June 2013 - 05:26 AM

Thank you for responding. Here are the scans you asked for.

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : chris [Admin rights]
Mode : Scan -- Date : 06/01/2013 00:44:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [x] -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [x] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] ddc0d0e32d8e7cef241ba6517c2a4139
[BSP] 1bd342318e2be01ef2a0f86fea75221f : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 277504 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 568535040 | Size: 416010 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1420523520 | Size: 21788 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06012013_02d0044.txt >>
RKreport[1]_S_06012013_02d0044.txt

it took a few tries to get this file to open

 

# AdwCleaner v2.301 - Logfile created 06/01/2013 at 01:00:01
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : chris - CHRISTI-PC
# Boot Mode : Normal
# Running from : C:\Users\christi\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Trymedia

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKU\S-1-5-21-556383499-917232446-3723185786-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-556383499-917232446-3723185786-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKU\S-1-5-21-556383499-917232446-3723185786-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-556383499-917232446-3723185786-1008\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKU\S-1-5-21-556383499-917232446-3723185786-1008\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

*************************

AdwCleaner[R1].txt - [5042 octets] - [01/06/2013 01:00:01]

########## EOF - \AdwCleaner[R1].txt - [5102 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by chris on Sat 06/01/2013 at  1:10:53.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\syswow64\sho19.tmp
Successfully deleted: [File] C:\windows\syswow64\sho194C.tmp
Successfully deleted: [File] C:\windows\syswow64\sho2FAA.tmp
Successfully deleted: [File] C:\windows\syswow64\sho57A2.tmp
Successfully deleted: [File] C:\windows\syswow64\sho5A13.tmp
Successfully deleted: [File] C:\windows\syswow64\sho618E.tmp
Successfully deleted: [File] C:\windows\syswow64\sho87AE.tmp
Successfully deleted: [File] C:\windows\syswow64\sho8C6A.tmp
Successfully deleted: [File] C:\windows\syswow64\shoBB1C.tmp
Successfully deleted: [File] C:\windows\syswow64\shoC733.tmp
Successfully deleted: [File] C:\windows\syswow64\shoCB94.tmp
Successfully deleted: [File] C:\windows\syswow64\shoCBB5.tmp
Successfully deleted: [File] C:\windows\syswow64\shoF70C.tmp
Successfully deleted: [File] C:\windows\syswow64\shoFC41.tmp



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\chris.christi-PC\AppData\Roaming\mozilla\firefox\profiles\ijlfhs2t.default\user.js
Successfully deleted: [Folder] C:\Users\chris.christi-PC\AppData\Roaming\mozilla\firefox\profiles\ijlfhs2t.default\jetpack
Successfully deleted: [Folder] C:\Users\chris.christi-PC\AppData\Roaming\mozilla\firefox\profiles\ijlfhs2t.default\extensions\plugin@selectionlinks.com
Emptied folder: C:\Users\chris.christi-PC\AppData\Roaming\mozilla\firefox\profiles\ijlfhs2t.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/01/2013 at  1:16:38.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 AM

Posted 01 June 2013 - 08:36 AM

Please run the RogueKiller tool and delete these registry keys.

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


Run the ADWCleaner tool and use the Delete function this time.

Post the logs and let me know what problem persists.

#6 mysterious516

mysterious516
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 01 June 2013 - 02:32 PM

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : chris [Admin rights]

: Remove -- Date : 06/01/2013 10:28:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] ddc0d0e32d8e7cef241ba6517c2a4139
[BSP] 1bd342318e2be01ef2a0f86fea75221f : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 277504 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 568535040 | Size: 416010 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1420523520 | Size: 21788 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_06012013_02d1028.txt >>
RKreport[1]_S_06012013_02d0044.txt ; RKreport[2]_D_06012013_02d0047.txt ; RKreport[3]_S_06012013_02d1026.txt ; RKreport[4]_D_06012013_02d1028.txt

# AdwCleaner v2.301 - Logfile created 06/01/2013 at 10:30:19
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : chris - CHRISTI-PC
# Boot Mode : Normal
# Running from : C:\Users\christi\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

*************************

AdwCleaner[R1].txt - [5153 octets] - [01/06/2013 01:00:01]
AdwCleaner[R2].txt - [617 octets] - [01/06/2013 10:30:19]
AdwCleaner[S1].txt - [5013 octets] - [01/06/2013 01:02:39]

########## EOF - \AdwCleaner[R2].txt - [736 octets] ##########

 

After running cleaner it said reboot when screen came back on it went to Www.com:The Best Search Links on the Net
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 AM

Posted 02 June 2013 - 07:28 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.[/list] Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

    Post back with the Malwarebytes Anti-Malware log once it's complete.
    ===


    Which Browser do you use?

    Check the Start page used in that browser and change it to what you want.


#8 mysterious516

mysterious516
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 02 June 2013 - 08:39 PM

Did not find anything.The browser I use when online is firefox I use IE when downloading programs. Here is the log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
chris :: CHRISTI-PC [administrator]

6/2/2013 6:34:22 PM
mbam-log-2013-06-02 (18-34-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 321016
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 mysterious516

mysterious516
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 03 June 2013 - 01:36 AM

Google chrome showed up and i can not uninstall, says to close windows and try again no windows are opened.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 AM

Posted 03 June 2013 - 07:53 AM

Download and run this Revo Uninstaller and delete Chrome

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Re-install it if you want.

#11 mysterious516

mysterious516
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 03 June 2013 - 01:34 PM

When i download to desktop i click on it and selsect run as admin, i get a message Windows cannot accses the specified device, path, or file. You may not have the appropriate premissions to accses

the item.  When i also run a full system sc an it stops at 94% and goes no further.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 AM

Posted 04 June 2013 - 06:56 AM

Could it be that your profile is corrupted?

Create a new profile with Admin rights and run the Revo tool from there.

#13 mysterious516

mysterious516
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 04 June 2013 - 07:10 PM

I was able to uninstall chrome. i went into admin side to see if i could log on and when i do my screen goes pink, When loging on to non admin side i still get www.www.com/?f as home page, i dont know if someone has hacked my computer.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 AM

Posted 05 June 2013 - 08:32 AM

When loging on to non admin side i still get www.www.com/?f as home page


Which browser is used in this non admin profile?

If Chrome or Firefox I would remove the culprit and reinstall the Browser.

How is your Admin side working?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 AM

Posted 11 June 2013 - 08:29 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users