Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with Malaware problems please.


  • Please log in to reply
4 replies to this topic

#1 Alpha47

Alpha47

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manchester
  • Local time:01:48 PM

Posted 09 September 2015 - 06:03 PM

Hello

 

I think I need somebody to help me.I am fairly sure I have been hijacked, I am new to posting, I do not have full control of the computer. I have hardly any permission to run programmes, I am not sure how to fix this.  Windows Update is not working stating that  it is "Disabled by the System Administrator"   I am pretty rubbish at this computer stuff and apologise in advance.

 

I have been having problems with my security programmes for a few months. Windows firewall disabled. Cannot switch on windows security centre. I had been running AVG and Emsisoft anti malaware. I started to have trouble after I installed AVG tune up.

 

My laptop is a  Dell, processor is AMD Turion™ 64 x2  mobile technology 60 2 GHz. Memory 4 GB.

Running windows 7 home premium service pack 1. 32 bit which is suddenly on WORKGROUP. No plans to upgrade yet

 

I had started running various programmes , but I have not been very successful.  Having some download problems too.

I did run FRST and show hidden shortcuts today.   

 Attached File  FRST sept 2.txt   19.15KB   6 downloads Attached File  Show sept for Bleep.txt   102.31KB   4 downloads

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 AM

Posted 10 September 2015 - 01:10 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please remove this program in bold using the Add/Remove Programs Applet (Windows 7 and above Control Panel > Programs and Features)
SparkTrust PC Cleaner Plus (HKLM\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.15.0 - SparkTrust) <==== ATTENTION
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3966654420-3525228146-3217198060-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3966654420-3525228146-3217198060-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 Avgmfx86; system32\DRIVERS\avgmfx86.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exeSC:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2F554580-5717-11E5-9E65-001C23B49A50.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
cmd: netsh winsock reset

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running now?

#3 Alpha47

Alpha47
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manchester
  • Local time:01:48 PM

Posted 11 September 2015 - 03:13 PM


Hello nasdaq

Thank you for your reply. I cannot run the programme till tomorrow. I left my laptop at my sons house. He is disabled and I spend time looking after him. I have been ill this week so I could not get back there till tomorrow. Keep the laptop there for the supermarket shopping.

Very grateful for you taking the time to help.

Alpha

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 AM

Posted 17 September 2015 - 09:45 AM

Are you still with me?

#5 Alpha47

Alpha47
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:manchester
  • Local time:01:48 PM

Posted 17 September 2015 - 03:33 PM

Hi Nasdaq

I am, but I cannot get much access to the laptop. So have not been able to run the fix. At the moment I am using little adroid tablet to send this.

Do appreciate you asked though.

Alpha47




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users