Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help. Phone call from Rogers about botnet drone


  • This topic is locked This topic is locked
11 replies to this topic

#1 dawnmomoffour

dawnmomoffour

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 September 2013 - 08:58 AM

I got a call from rogers stating I had a botnet drone and they were going to cut me off. What do I do? How do I get rid of it?

Thanks

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:01 PM

Posted 04 September 2013 - 10:44 AM

Use the two programs below.

 

RogueKiller Download

Download & SAVE to your Desktop

 

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

 

AdwCleaner Download

 

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 cparky

cparky

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 04 September 2013 - 11:23 AM

Are you sure it was from Rogers and not some one phishing?  Use a malware scanner and make sure you have an up to date Antivirus on your machine.  Don't go on the internet without Antivirus.



#4 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 September 2013 - 11:45 AM

Yes, I am sure it was Rogers. I called to ask them and they had a record of the call. It is my daughters laptop and she brought it to me to fix. I've never heard of the botnet drone. Will it infect my computers through the network if I hook it up here to fix? Rogers says it will through theirs which is why they will cut it off if it is not fixed. So, what would you do?



#5 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:01 PM

Posted 04 September 2013 - 12:11 PM

You can download those programs to a flash drive or cd and then install them on the infected comp.

I would not allow the infected comp on the home network....better safe than sorry.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 September 2013 - 12:52 PM

RogueKiller V8.6.9 [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : AMD [Admin rights]
Mode : Remove -- Date : 09/04/2013 13:32:07
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\GoogleUpdate.exe" < [x] -> STOPPED
 
¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?��\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\GoogleUpdate.exe" >) -> DELETED
[RUN][ZeroAccess] HKUS\S-1-5-21-821352845-1957310613-3624875838-1005\[...]\Run : Google Update ("C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?��\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\GoogleUpdate.exe" < [x]) -> DELETED
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\GoogleUpdate.exe" < [x]) -> [0x57] The parameter is incorrect. 
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\GoogleUpdate.exe" < [x]) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] The system cannot find the path specified. 
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] The system cannot find the path specified. 
[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] The system cannot find the path specified. 
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC\Desktop.ini [-] --> DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Folder] Install : C:\Users\AMD\AppData\Local\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][File] @ : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?��\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\@ [-] --> DELETED
[ZeroAccess][Folder] L : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?��\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\L [-] --> DELETED
[ZeroAccess][Folder] U : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?��\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\U [-] --> DELETED
[ZeroAccess][Folder] {3e0717a7-8897-c07b-23c3-901e0a78c178} : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?��\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?��\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?��\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] {3e0717a7-8897-c07b-23c3-901e0a78c178} : C:\Users\AMD\AppData\Local\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178} [-] --> DELETED
[ZeroAccess][File] @ : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\@ [-] --> DELETED
[ZeroAccess][File] 201d3dde : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\L\201d3dde [-] --> DELETED
[ZeroAccess][File] 6715e287 : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\L\6715e287 [-] --> DELETED
[ZeroAccess][File] 76603ac3 : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\L\76603ac3 [-] --> DELETED
[ZeroAccess][Folder] L : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\L [-] --> DELETED
[ZeroAccess][File] 00000008.@ : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\U\00000008.@ [-] --> DELETED
[ZeroAccess][File] 80000000.@ : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\U\80000000.@ [-] --> DELETED
[ZeroAccess][File] 80000032.@ : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\U\80000032.@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178}\U [-] --> DELETED
[ZeroAccess][Folder] {3e0717a7-8897-c07b-23c3-901e0a78c178} : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛\{3e0717a7-8897-c07b-23c3-901e0a78c178} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \...\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ... : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\   \... [-] --> DELETED
[ZeroAccess][Folder]     : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178}\    [-] --> DELETED
[ZeroAccess][Folder] {3e0717a7-8897-c07b-23c3-901e0a78c178} : C:\Program Files\Google\Desktop\Install\{3e0717a7-8897-c07b-23c3-901e0a78c178} [-] --> DELETED
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x84FBE1F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x84FBE1F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x84FBE1F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x84FBE1F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x84FBE1F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x84FBE1F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x84FBE1F8)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST9160827AS ATA Device +++++
--- User ---
[MBR] 89ce8ebc50cfe89f7c0c6430a0057ec8
[BSP] 3539ea9440b3c846df0697bbbf36bf4b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ST9160827AS ATA Device +++++
--- User ---
[MBR] e165b1e6a5f83367bfc5718f1238653b
[BSP] 4cd2cc03b4ef06f88e0afae1d1eb32dc : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 0 | Size: 1775989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_D_09042013_133207.txt >>
RKreport[0]_S_09042013_133058.txt
 
 
 

-------------------------------------------------------------------------

 

# AdwCleaner v3.002 - Report created 04/09/2013 at 13:44:57
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : AMD - AMD-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\iBryte
Folder Deleted : C:\Program Files\Swag_Bucks
Folder Deleted : C:\Program Files\Zynga
Folder Deleted : C:\Users\AMD\AppData\Local\Conduit
Folder Deleted : C:\Users\AMD\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\AMD\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\AMD\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\AMD\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\AMD\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\AMD\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\1n7v6kl6.default\Extensions\playbryte@playbryte.com
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{636E19A4-E9F1-4F72-8D81-85E5A2D3DB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{636E19A4-E9F1-4F72-8D81-85E5A2D3DB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{825EA4AF-C655-4EF7-AE04-E11B52B68BA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19B440F3-4E8C-42C4-996B-AC5C6CA78255}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93A82E18-440E-4E30-8563-8A588E4D065A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38CDDF2E-0482-4277-B04E-B115B12E34D1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\Software\Zynga
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\Software\Zynga
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\1n7v6kl6.default\prefs.js ]
 
 
[ File : C:\Users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\4c3my7bq.default-1344929626686\prefs.js ]
 
 
[ File : C:\Users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\w2hlq0mg.default-1344929669339\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\AMD\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7790 octets] - [04/09/2013 13:34:42]
AdwCleaner[S0].txt - [6806 octets] - [04/09/2013 13:44:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6866 octets] ##########


#7 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:01 PM

Posted 04 September 2013 - 01:30 PM

You need to open a topic using instructions here: Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com

 

Also include the RogueKiller log in that topic.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 September 2013 - 01:33 PM

Just put roguekiller log? With topic heading of "botnet drone" help please? Or should there be more to the post?

Am I supposed to run malware as well and post that log with roguekiller? Thanks for all the help.


Edited by dawnmomoffour, 04 September 2013 - 01:48 PM.


#9 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 September 2013 - 02:10 PM

ok, I posted roguekiller log and the two logs from dds. Started topic on other board. Can close this one now I guess. Thank you!



#10 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:01 PM

Posted 04 September 2013 - 02:26 PM

Quote:  ok, I posted roguekiller log and the two logs from dds.

 

You did good....don't post again in that topic until there is a response from the malware team.

Not sure how long that will be as they are busy-busy. May be a day or two......


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 September 2013 - 02:35 PM

ok ty :)



#12 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:01 PM

Posted 04 September 2013 - 02:44 PM

Now that you have posted logs here  http://www.bleepingcomputer.com/forums/t/506716/botnet-drone-help-please/   in Malware Removal Logs
 
Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

 The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

 Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

This topic is closed.

Edited by Queen-Evie, 04 September 2013 - 02:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users