Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad Pop Ups


  • This topic is locked This topic is locked
31 replies to this topic

#1 khemsley

khemsley

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 28 August 2013 - 06:40 PM

I have already been instructed to do the following:

adwcleaner
JRT
Malware BYTES
Microsoft SAfety Scanner
ESET
Kapersky
then reran AdwCleaner and JRT
Now I am here. I would post a link to the other forum but I do not know how. MAybe this: http://www.bleepingcomputer.com/forums/t/504492/delta/page-3

I have been instructed to post this here after going through other steps.  Let me know what's next.  Thank you. 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16447
Run by Teacher at 16:28:10 on 2013-08-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3001.1181 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Launch Manager\LManager.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\AOL\1300912955\ee\aolsoftware.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\SR0XRCV.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\explorer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\System32\dinotify.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5635&r=27050810g706l03c3z265i49m5v247
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - 
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HostManager] c:\program files\common files\aol\1300912955\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SR0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SR0XRCV.exe
StartupFolder: c:\users\teache~1.tea\appdata\roaming\micros~1\windows\startm~1\programs\startup\jacqui~1.lnk - c:\program files\jacquie lawson advent calendar\jacquie lawson advent calendar\Jacquie Lawson Advent Calendar.exe
StartupFolder: c:\users\teache~1.tea\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\users\teache~1.tea\appdata\roaming\micros~1\windows\startm~1\programs\startup\severe~2.lnk - c:\users\teacher.teacher-10-pc\appdata\local\severeweatheralerts\SevereWeatherAlertsApp.exe
StartupFolder: c:\users\teache~1.tea\appdata\roaming\micros~1\windows\startm~1\programs\startup\severe~1.lnk - c:\users\teacher.teacher-10-pc\appdata\local\severeweatheralerts\SevereWeatherAlerts.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 163.150.1.1 163.150.38.1
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A} : DHCPNameServer = 163.150.1.1 163.150.38.1
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A}\245502E4564777F627B6 : DHCPNameServer = 216.136.95.2 64.132.94.250
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A}\64F68764961313 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A}\64F68764966393 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A}\8456D637C65697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D285C8D0-7ED8-47BF-B403-9C5DE13E1D11} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E17F98D9-5979-42B7-AFF4-E7114953BA61} : DHCPNameServer = 70.30.0.20
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-10-28 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-15 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-15 701512]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-10-28 253952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-10 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-28 51712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-15 22856]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-10-28 6114816]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-8-24 13312]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-10-28 240160]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-18 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-28 167424]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-30 1343400]
.
=============== Created Last 30 ================
.
2013-08-22 19:26:43 -------- d-----w- C:\AdwCleaner
2013-08-22 15:51:42 -------- d-----w- c:\program files\ESET
2013-08-19 18:32:53 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-19 16:30:16 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\roaming\Free Download Manager
2013-08-19 16:30:13 -------- d-----w- c:\program files\Free Download Manager
2013-08-19 16:28:15 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\local\Weather_Notifications,_LL
2013-08-19 16:28:11 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\local\SevereWeatherAlerts
2013-08-15 18:14:51 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\roaming\Malwarebytes
2013-08-15 18:14:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-15 18:14:39 -------- d-----w- c:\programdata\Malwarebytes
2013-08-15 18:14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-15 18:12:42 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\local\Programs
2013-08-15 17:28:42 -------- d-----w- c:\windows\ERUNT
2013-08-14 22:14:41 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\local\CUSTPDF Writer
2013-08-14 22:12:41 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 22:12:18 -------- d-----w- c:\windows\system32\searchplugins
2013-08-14 22:12:18 -------- d-----w- c:\windows\system32\Extensions
2013-08-14 22:11:52 86016 ----a-w- c:\windows\system32\custmon32i.dll
2013-08-14 22:11:51 -------- d-----w- c:\program files\GPLGS
2013-08-14 22:11:48 -------- d-----w- c:\program files\PDFCreator
.
==================== Find3M  ====================
.
2013-08-21 05:21:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 05:21:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-14 16:00:09 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
============= FINISH: 16:29:15.58 ===============
 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/14/2010 4:42:07 AM
System Uptime: 8/26/2013 1:15:27 PM (51 hours ago)
.
Motherboard: Acer             |  | BA50-MV         
Processor: Intel® Core™2 Duo CPU     T6570  @ 2.10GHz | U2E1 | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 67.192 GiB free.
D: is FIXED (NTFS) - 94 GiB total, 93.734 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service: 
.
Class GUID: 
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: 
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service: 
.
Class GUID: 
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: 
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: 
Description: Photosmart 7510 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: 
Name: Photosmart 7510 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 
.
Class GUID: 
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: 
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service: 
.
Class GUID: 
Description: DesignJet 500+HPGL2 (C7770B)
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: 
Name: DesignJet 500+HPGL2 (C7770B)
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service: 
.
Class GUID: 
Description: HP LaserJet P4515
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: 
Name: HP LaserJet P4515
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service: 
.
Class GUID: 
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: 
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service: 
.
==== System Restore Points ===================
.
RP181: 8/3/2013 10:07:20 PM - Scheduled Checkpoint
RP182: 8/11/2013 7:10:16 PM - Scheduled Checkpoint
RP183: 8/21/2013 1:42:35 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
4660_4680_Help
Acer Assist
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AVG 2011
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Business Contact Manager for Outlook 2007 SP2
Conexant HD Audio
eBay Worldwide
ESET Online Scanner v3
eSobi v2
Free Download Manager 3.8
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
HP OfficeJet J4600 All-In-One Series
Identity Card
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
InterVideo WinDVD 8
iTunes
J4600
Java Auto Updater
Java™ 6 Update 33
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
McDougal Littell Test Generator
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.7.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
PdaNet for Android 3.02
PDF Creator
PDF Writer Packages
ProductContext
QuickTime
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Severe Weather Alerts
SHARP AR,MX-B,M Series PCL/PS Printer Driver
SHARP MX-B,M283/M363/M453/M503 Series PC-Fax Driver
Skype Click to Call
Skype™ 6.1
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Toolbox
TopArcadeHits
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for PDF Writer
VLC media player 2.0.2
WebReg
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/26/2013 12:49:46 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.100.136.133. The computer with the IP address 10.100.136.132 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 02 September 2013 - 06:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505950 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 04 September 2013 - 02:36 PM

I am getting ad pop ups when I try to click on a link or a tab.  One add shows up in the bottom right hand corner and the other might be a whole new tab or window.

 

I do not have WIndows disk

 

I think I already posted the DDS log and I also posted the other things I have done. I haven't updated anything since the post (as instructed)

 

I have only been working with Bleeping Computers before being referred here.  

 

Thank you!



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:03 PM

Posted 04 September 2013 - 03:39 PM

Hello khemsley,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

1.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

2.

Do you have a Usb Flash Drive you can use?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 04 September 2013 - 04:06 PM

Yes, I have a flash drive, but what size is needed?
 
RogueKiller V8.6.9 [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Teacher [Admin rights]
Mode : Scan -- Date : 09/04/2013 14:01:29
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SevereWeatherAlertsApp.exe -- C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe [7] -> KILLED [TermProc]
[SUSP PATH] SevereWeatherAlerts.exe -- C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{9823645A-AB2D-44B1-B594-A2B449051992}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{9823645A-AB2D-44B1-B594-A2B449051992}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] McQcModifier-5c47-a7b0 : C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [-] -> FOUND
 
¤¤¤ Startup Entries : 2 ¤¤¤
[Teacher.teacher-10-PC][SUSP PATH] Severe Weather Alerts App.lnk : C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk @C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe [-][7] -> FOUND
[Teacher.teacher-10-PC][SUSP PATH] Severe Weather Alerts.lnk : C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk @C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe /restart [-][7] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\@ [-] --> FOUND
[ZeroAccess][Folder] U : C:\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\U [-] --> FOUND
[ZeroAccess][Folder] U : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\L [-] --> FOUND
[ZeroAccess][Folder] L : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\L [-] --> FOUND
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] 87bbbb9be27f9f2f9a2d6128aaa33e68
[BSP] 82dc2f1a513b7ac506e666a8429bee5c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 121806 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291608576 | Size: 96087 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09042013_140129.txt >>


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:03 PM

Posted 04 September 2013 - 09:04 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Clean button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
  • How is the machine running now?

Edited by fireman4it, 04 September 2013 - 09:05 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 05 September 2013 - 10:05 AM

I downloaded AdwCleaner.  When it opened "Clean" is grey and unable to be clicked.  Do I click "Scan" first?

 

 
RogueKiller V8.6.9 [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Teacher [Admin rights]
Mode : Remove -- Date : 09/05/2013 08:00:36
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{9823645A-AB2D-44B1-B594-A2B449051992}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{9823645A-AB2D-44B1-B594-A2B449051992}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] McQcModifier-5c47-a7b0 : C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [-] -> DELETED
 
¤¤¤ Startup Entries : 2 ¤¤¤
[Teacher.teacher-10-PC][SUSP PATH] Severe Weather Alerts App.lnk : C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk @C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe [-][7] -> DELETED
[Teacher.teacher-10-PC][SUSP PATH] Severe Weather Alerts.lnk : C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk @C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe /restart [-][7] -> DELETED
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\U [-] --> DELETED
[ZeroAccess][Folder] U : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U [-] --> DELETED
[ZeroAccess][Folder] L : C:\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\L [-] --> DELETED
[ZeroAccess][Folder] L : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\L [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\00000004.@ [-] --> DELETED
[ZeroAccess][File] 00000008.@ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\00000008.@ [-] --> DELETED
[ZeroAccess][File] 000000cb.@ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\000000cb.@ [-] --> DELETED
[ZeroAccess][File] 80000000.@ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\80000000.@ [-] --> DELETED
[ZeroAccess][File] 80000032.@ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\80000032.@ [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\L\00000004.@ [-] --> DELETED
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] 87bbbb9be27f9f2f9a2d6128aaa33e68
[BSP] 82dc2f1a513b7ac506e666a8429bee5c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 121806 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291608576 | Size: 96087 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_09052013_080036.txt >>
RKreport[0]_S_09042013_140129.txt;RKreport[0]_S_09052013_080008.txt
 
 
I downloaded AdwCleaner.  When it opened "Clean" is grey and unable to be clicked.  Do I click "Scan" first?


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:03 PM

Posted 05 September 2013 - 04:57 PM

I downloaded AdwCleaner.  When it opened "Clean" is grey and unable to be clicked.  Do I click "Scan" first?

 

Correct


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 05 September 2013 - 05:10 PM

# AdwCleaner v3.002 - Report created 05/09/2013 at 15:06:30
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Teacher - TEACHER-10-PC
# Running from : C:\Users\Teacher.teacher-10-PC\Downloads\adwcleaner (4).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DE767E3-5BF7-4A0A-8A2C-67161BAB0A13}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DE767E3-5BF7-4A0A-8A2C-67161BAB0A13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Product Deleted : Google Update Helper
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
 
-\\ Google Chrome v29.0.1547.62
 
*************************
 
AdwCleaner[R0].txt - [1588 octets] - [22/08/2013 12:27:21]
AdwCleaner[R1].txt - [1316 octets] - [05/09/2013 15:05:13]
AdwCleaner[S0].txt - [1304 octets] - [22/08/2013 12:29:51]
AdwCleaner[S1].txt - [1319 octets] - [05/09/2013 15:06:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1379 octets] ##########


#10 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 05 September 2013 - 05:12 PM

I will let you know how my machine is running after I use it for a little while.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:03 PM

Posted 05 September 2013 - 05:12 PM

How is the machine running now?

  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Edited by fireman4it, 05 September 2013 - 05:13 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 05 September 2013 - 05:14 PM

Just now got the little pop up ad in the bottom right corner of the screen.



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:03 PM

Posted 05 September 2013 - 06:41 PM

Please see my previous topic about posting a new Rogukiller log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 06 September 2013 - 10:19 AM

RogueKiller V8.6.9 [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Teacher [Admin rights]
Mode : Scan -- Date : 09/06/2013 08:18:26
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:03 PM

Posted 08 September 2013 - 08:32 PM

1.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

2.

Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop

Link 1
Link 2

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 

 

Things to include in your next reply::

TdssKiller log

Combofix.txt

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users