Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntMapViewofSection hook -> hexidecimal


  • This topic is locked This topic is locked
2 replies to this topic

#1 melecity

melecity

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:02:50 AM

Posted 04 April 2014 - 01:20 PM

I work in an office and AVG Anti-rootkit has found the ntMapViewofSection hook -> variable hexidecimal is infected on every computer. We are unsure if this is a real threat of false positive. There is a sensitive and private information on the computers, so even if they computers are not blanantly malfunctioning, security breaches are very important to be identified. I have run the following programs on two computers now. The first computer was a test run because it was rarely used, but still had that AVG hit. 

 

http://malwaretips.com/blogs/malware-removal-guide-for-windows/

 

i have contacted RogueKiller and they are looking over Shawn's computer right now. I have also sent them Peggy's logs. However AdwClean found potential issue with registry key, but I don't want to simply press "Clean" on those because I know the registry is a sensitive/critical area of the computer. I found your posting guide and here it the DDS for Peggy's computer. 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by Admin at 13:57:09 on 2014-04-04
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.2009.1251 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\msconfig.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
.
============== Pseudo HJT Report ===============
.
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [BoxSync] "c:\program files\box\box sync\BoxSync.exe" -m
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\uvaitc~1.lnk - c:\windows\installer\{e0274560-0fb3-4928-9800-6b45aaefb506}\_39B470E5817D54F276433B.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://joint-vpn-1.itc.virginia.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
TCP: NameServer = 128.143.2.7 128.143.3.7 128.143.22.119
TCP: Interfaces\{BFEF3285-C8DB-43FE-BA34-699C58C37172} : DHCPNameServer = 128.143.2.7 128.143.3.7 128.143.22.119
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\cmlq5j37.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-6-19 224424]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-11-1 176952]
S1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20140319.011\BHDrvx86.sys [2014-3-18 1098968]
S1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20140402.001\IDSvix86.sys [2014-3-24 395992]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\symnets.sys [2011-9-8 299640]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-2-23 3782672]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-12-13 544840]
S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2012-12-13 92112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2014-2-23 22016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-5 108120]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-11 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-6-19 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-30 23984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-19 1343400]
.
=============== Created Last 30 ================
.
2014-04-04 17:15:00 -------- d-----w- C:\AdwCleaner
2014-04-04 17:12:07 -------- d-----w- c:\windows\ERUNT
2014-04-04 17:02:53 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-04-04 16:22:27 -------- d-----w- c:\users\admin\appdata\local\ElevatedDiagnostics
2014-04-04 16:17:56 -------- d-----w- c:\programdata\HitmanPro
2014-04-04 16:07:17 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-04 16:07:02 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-04 16:07:02 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-04 16:07:02 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-04 16:07:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-04 15:48:35 -------- d-----w- c:\users\admin\appdata\local\Programs
2014-04-04 15:37:04 -------- d-----w- c:\windows\pss
2014-03-28 16:51:41 -------- d--h--w- c:\users\admin\.Box Sync
2014-03-10 17:48:36 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-07 19:04:21 -------- d-----w- c:\users\admin\appdata\roaming\AVG2014
2014-03-07 19:02:16 -------- d-----w- c:\users\admin\appdata\roaming\TuneUp Software
2014-03-07 18:59:46 -------- d--h--w- C:\$AVG
2014-03-07 18:59:45 -------- d-----w- c:\programdata\AVG2014
2014-03-07 18:58:42 -------- d-----w- c:\program files\AVG
2014-03-07 18:56:14 -------- d--h--w- c:\programdata\Common Files
2014-03-07 18:56:14 -------- d-----w- c:\users\admin\appdata\local\MFAData
2014-03-07 18:56:14 -------- d-----w- c:\users\admin\appdata\local\Avg2014
2014-03-07 18:56:14 -------- d-----w- c:\programdata\MFAData
2014-03-07 18:44:57 -------- d-----w- c:\program files\VS Revo Group
2014-03-07 18:34:50 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{62468767-31be-4007-af44-c50884a962a8}\offreg.dll
2014-03-07 18:34:01 -------- d-----w- c:\users\admin\Box Sync
2014-03-07 18:30:04 -------- d-----w- c:\users\admin\appdata\local\Box Sync
2014-03-07 18:29:09 -------- d-----w- c:\program files\Box
2014-03-07 18:28:23 -------- d-----w- c:\programdata\Package Cache
2014-03-07 12:51:23 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{62468767-31be-4007-af44-c50884a962a8}\mpengine.dll
.
==================== Find3M  ====================
.
2014-03-11 20:20:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 20:20:31 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-20 02:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
============= FINISH: 13:57:40.35 ===============
 
 
 
Here is the AdwClean log as well. The Attach.txt file is attached as requested, as well.
 
# AdwCleaner v3.023 - Report created 04/04/2014 at 13:15:07
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Admin - PEGGY-PC
# Running from : C:\Users\Admin\Desktop\7_adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Found : C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\g23zzdgs.default\searchplugins\Askcom.xml
File Found : C:\Windows\System32\Tasks\Advanced System Protector
File Found : C:\Windows\System32\Tasks\Advanced System Protector_startup
Folder Found : C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\g23zzdgs.default\Extensions\ScorpionSaver@jetpack
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\Users\Peggy\AppData\Roaming\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Advanced System Protector
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Advanced System Protector_startup
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54ABAD67-A9DE-47D5-8A74-4B2B76802DE2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54ABAD67-A9DE-47D5-8A74-4B2B76802DE2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97D3213-A6E4-41C0-9EF7-014603AA566F}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\g23zzdgs.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
 
[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cmlq5j37.default\prefs.js ]
 
 
[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\rbzu3nt8.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5134 octets] - [04/04/2014 13:15:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5194 octets] ##########

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 09 April 2014 - 01:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/529949 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 14 April 2014 - 01:30 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users