Audio Ads won't stop!

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680
Hi guys. I have Win 7 Sp1. Generally no issues. All the sudden I started having an issue where audio ads play non stop the second I boot up. Under audio mixer the volume controls for the ad says "name not available." I have comodo installed and it picked nothing up. I ran malware bytes and it found a few ad malware that I removed but the audio ads persist. I checked all my browsers for suspicious ad ons and found nothing. I even uninstalled
Chrome and Firefox. I disabled Microsoft firewall and installed zone alarm free firewall that was rated highest by PC mag. I ran Kapersky's tdss killer and it found nothing. I deleted all temp files, cache files and fixed the registry problems with CCcleaner many times over. Idk what is left to do and don't understand how this Trojan or malware can evade so many systems. I'm a Mac user first so I have never experienced anything like this. Please help before I run away from Windows again! Ha.
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680
Where is the msconfig.exe? Is that via windows? I read in another thread I should run malware bytes in safe mode, should I also do that for comodo? I also ran tdss killer with the driver installed and that time it found medium threats on some .dll files in my system folder that are important to the operating system. How would I fix something like that?
 

Just hit Start and enter msconfig in the search field. Malwarebytes is another chance.
 
if you have the run box enabled type it in there.once into msconfig go to startup and do what the previous poster said.if not just type it in your search bar at the bottom of the start menu.if this doesnt work post back as you may have picked up some malware.there are some good tools to get rid of this and i can give you some links.in meantime i would also run an antivirus scan as well.post logs if you can.
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680
Nothing too suspicious is running under system configuration startup tab. However isn't that the point of malware to remain undetected? I am running malware bytes in safe mode. Comodo. What else could u send me links wise?
 
there is a definite order to do this in. first download and run security check by 317.run a scan and post the log. also download and run a scan with hijack this.do not fix anything just yet,just post the log. next download and run adwcleaner from explode and let it get rid of anything it finds.post the log from this as well and we can take it from there.here are the links.

http://screen317.spywareinfoforum.org/
http://sourceforge.net/projects/hjt/
http://www.bleepingcomputer.com/download/adwcleaner/

 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680
Non of you links are from offical sources. Windows says the publishers could not be verified...whats going on with that???

I did a scan with Stinger and got this...I did a scan with Kapersky TDSS killer and that too showed up zero threats.

McAfee® Labs Stinger™ Version 12.1.0.732 built on Jan 2 2014 at 15:14:35
Copyright© 2014, McAfee, Inc. All Rights Reserved.

AV Engine version v5610.1040 for Windows.
Virus data file v1000.0 created on Jan 2, 2014
Ready to scan for 6332 viruses, trojans and variants.

Scan initiated on Thursday, January 02, 2014 18:50:10


Rootkit scan result : Not Scanned.



Summary Report on Smart Scan
File(s)
TotalFiles:............ 8187
Clean:................. 8187
Not Scanned:........... 0
Possibly Infected:..... 0

Time: 00:05:37

Scan completed on Thursday, January 02, 2014 18:55:47
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


Hey, here is the hijack log...adwcleaner is just sitting there doing nothing...safe mode is slowing everything down..i am going to reboot in regular mode and try it there.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:19:10 PM, on 1/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)


Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\shawnh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S5BJFXS\stinger32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\shawnh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S5BJFXS\HijackThis.exe
C:\Users\shawnh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S5BJFXS\AdwCleaner.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\shawnh\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: PrivDogExtension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PrivDogService] "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [Steam] "G:\Program Files\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify] "C:\Users\shawnh\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Program Files\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: pcregservice Service (pcregservice) - Unknown owner - C:\Program Files\pcreg\pcreg.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos Virus Removal Tool (SophosVirusRemovalTool) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 14628 bytes
 
done looking at your log and couple of questions. what antivirus are you using.i see av tools from sophos,zonealarm,and avg.if you have more than on av installed it will create conflicts.myself,i recommend avast 9 (2014),but you can use what you like as long as its just one.make sure to remove all others. now i need to see those other logs.while this may seem a slow process its thorough.cheers
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


Thanks for your help. I use Comodo mainly. I also have malwarebytes installed. Should I remove that? zonealarm I use solely for my firewall. I think i will try another. I don't love comodo. They are constantly trying to get me to buy things. why is Avast 9 good? To update you after I did the hijack I did Adwcleaner and it found a bunch of other ad malware that malware bytes failed to use. However I accidently closed the log file..In the quarantine is things like tarmainstaller, something posing as the ascpca and a bunch of other stuff. My machine defintiely ran faster after that so thank you! HOWEVER, the audio ad problem still persists. On the plus side the ads seem to be intefered with. Not to mention my firewall zonealarm is picking up all these incoming and outgoing transmissions. Does that mean something is mining data from my machine?... Whenever I run adwcleaner again nothing comes up to clean but this under chrome..C:\Users\shawn*\AppData\Local\Google\Chrome\User Data\Default\preferences
I try to clean it, it says it does, but still comes up when i try to run adwcleaner again. I then went into that folder and found that there is a bunch of stuff left over even though I removed chrome.Inside the extentions folder there is a bunch of folders with random titles liek "dihadhsakdhaskdhasjkdhakjjhd" Isn't that malware? Should I manually delete it?.... On the good side, also I haven't gotten the DCOMM error where it logs you out of windows, so I assume we are making progress! Oh and I also tried Junkware removal tool and it removed this...It seems all the different apps find different things..

~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Users\shawnh\appdata\local\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"



~~~ Event Viewer Logs were cleared

 
kinda figured it would pick up a few things.on we go then.now download and run rogue killer from bleeping computer and let it take out anything it finds.post the log and then run another hijack this scan and post that log.no problem with your av as long as you dont have more than one av realtime scanner running at the same time.
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


I have some new critical info. I uninstalled all my AV programs and installed Avast. It was rated number 1 by cnet and I can see why. It is seeing things no other Av program did. First off with the quick scan it says there is a virus on the cryptbase.dll file location c://windows/system32/sysprep...Also constantly web shield goes off "threat has been detected" for object it has some weird url...infection: URL:Mal Process: C:/windows/system32/svchost.exe...The kind of infection and process are always the same but the object keeps changing. I assume this is the ads and it is blocking it? However, it is not giving me an option to fix anything. All it did was quarantine that cryptbase.dll... This all sounds very serious as isn't if the important system32 files are infected you can't really delete them or anything. What should I do?...I also did a boot scan and another system32 file came up...I tried repairing it, and it said I have no share privilege, and I tried deleting it, same thing.
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


oh yea and I am trying to run rogue killer...when it starts to scan it finds some problems in the registry..Type: PUM Key type: HJ POL Global HKEY_CURRENT_USER...It lists a few of these...HJ DESK as well... HOWEVER, roguekiller.exe then stops working every time. Any ideas why it is crashing? Is the virus blocking it? This is insane...
 
ok,this is a nasty one. download a program called combofix to your desktop.important to download to your desktop. disable any antivirus and run combofix.dont do anything while it is running,not even move the mouse.it can take some time to finish.post the log when it is done. its really important for me to see these logs including the avast one.if i dont see them its kinda like working with a blindfold on.cheers.
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


Well, I am running a full system scan now from Avast! It is taking a long time. I only did a quick scan. should I stop it and run combo fix? Should I also disable my firewall? I read about combofix and it said it automatically fixes problems, so what if it deletes something that is a false positive or a critical file i need?
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


Also what about running rogue killer in safe mode first? Maybe that will help.
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


Should I of been running avast in safe mode? I am reading reports of combofix deleting important registry files which the person could not even boot. Combofix just DELETES everything? it doesn't ask you to delete first?

I shouldn't give rogue killer a shot first in safe mode? I thought if a virus is stopping a program like rogue killer , it can't in safe mode.
 

Vodoochild81

Honorable
Jan 2, 2014
203
0
10,680


hi man, sorry for the delay, the scan took all day as I have 4 3 TB Hds in my computer. So the scan yielded no threats. However, that system 32 file is still in the quarantine. I did run Rogue Killer in safe mode. It woked! I deleted those PUM registry's which I looked it up and thats malware correct? This is the report.

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : shawnh [Admin rights]
Mode : DNSFix -- Date : 01/04/2014 02:11:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_DN_01042014_021149.txt >>
RKreport[0]_D_01042014_021121.txt;RKreport[0]_H_01042014_021144.txt;RKreport[0]_S_01042014_020903.txt
 

Latest posts