Author Topic: Hello and HELP!  (Read 12737 times)

0 Members and 1 Guest are viewing this topic.

Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Hello and HELP!
« on: September 23, 2012, 03:38:40 AM »
Hi! I'm very, very new here and new to posting to forums like this. But I'm a bit at a loss on what I should do about my current problem. For the last couple of weeks my browser has had pop-ups in the right and left corner of the page, on sites that have never and would never have such pop-up's.

I used malware bytes and super anti-spyware to remove it all and thought it was over. But they keep coming back and now things are WAY worse. Not only to they keep coming back, I keep getting redirected to other, completely unrelated websites. Everything is running slow and some times I just can't get it to work at all.

I ran Microsoft security essentials recently and found out that I had two Trojans, it removed them but I'm still having issues. I tried running avast, but to no avail. I'm not even sure what the problem is, if all of these things (ran separately over the course of a couple of weeks. ) can not find what the problem is and even safe mode is experiencing similar issue's, then it's all just way over my head.

Any and all help would be greatly appreciated! I can provide answers to anything anyone would need to know, in order to help me.

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5167
  • When you think you know, Think Again
Re: Hello and HELP!
« Reply #1 on: September 23, 2012, 04:09:43 AM »
Hi and welcome to the Forum

Let’s ask Essexboy, our Malware Expert to have a look inside. 
Please follow this guide and attach (not copy and paste ) the requested logs.   http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR


Please be patient as the time zone difference. Response will come tomorrow ;) :)
***HP ENVY 15K LT W10 Pro 64Bit/750GB HD/16GB Ram/AIS beta/WFC/ASB default/HotSpot Shield VPN/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 64Bit/1TB HD/8GB Ram/AIS beta/ASB/Avast SecureLine VPN/SANDBOXIE/Prey Project      
*Dell Inspiron  XPSP4 PRO 32 Bit  /Avast Free 18.6.2349/Comodo FW 3.14
<LAYERED SECURITY SOFTWARE PROTECTION on all OS's>
Do not confuse Kindness for Weakness

Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #2 on: September 24, 2012, 12:17:23 AM »
Thank you so very much for the fast reply! I've tried to do as you have suggested, but it won't let me run aswMBR or even open up some websites. I'll post the logs I have so far, but i might have to do it one at a time. so, here we go.

Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #3 on: September 24, 2012, 12:18:02 AM »
here's the next one.

Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #4 on: September 24, 2012, 12:21:07 AM »
The next one is the extra file for the otl. But, the forum won't let me post the main log. It say's it's too big for the attachment size. The attachment limit is 200 KB, and it's a 240 kb file.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34840
Re: Hello and HELP!
« Reply #5 on: September 24, 2012, 12:36:12 AM »
The next one is the extra file for the otl. But, the forum won't let me post the main log. It say's it's too big for the attachment size. The attachment limit is 200 KB, and it's a 240 kb file.
did you save it as ANSI .... if still to big use some file share site like http://www.mediafire.com/  and post the download link here

you may try to run aswMBR in safe mode
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #6 on: September 24, 2012, 12:40:47 AM »
I tried running the aswMBR in safe mode but it still wouldn't run. I'm going to upload the otl log if i can get it saved as a ANSI. Right now it's a text document.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34840
Re: Hello and HELP!
« Reply #7 on: September 24, 2012, 12:43:08 AM »
Quote
I'm going to upload the otl log if i can get it saved as a ANSI. Right now it's a text document.
ANSI is also txt ...see in essexboys guide how to
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #8 on: September 24, 2012, 12:46:24 AM »
I just got it to work and was heading here to post it when I saw your reply back. Thank you for the help.  :)

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34840
Re: Hello and HELP!
« Reply #9 on: September 24, 2012, 01:01:32 AM »
OK, most of the removal experts are on european time....so in bed now, so check back tomorrow   ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #10 on: September 24, 2012, 01:07:04 AM »
Will do! Thanks again!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40636
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #11 on: September 24, 2012, 05:03:26 PM »
Hi are you missing any files/folders/menus ?

  • Download RogueKiller  and save it on your desktop.
     
    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ... 
  •     Click on Scan
   
 
  • Wait for the end of the scan. 
  • The report has been created on the desktop. 
  • Click on the Delete button.
     
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix   

  • The report has been created on the desktop.
Please post:    All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
IE - HKU\S-1-5-21-93264391-2691908379-2114281164-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-93264391-2691908379-2114281164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = %3clocal%3e:80
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-93264391-2691908379-2114281164-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-93264391-2691908379-2114281164-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKU\S-1-5-21-93264391-2691908379-2114281164-1000..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
[2012/09/18 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\The Pharmacist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012/09/18 16:36:09 | 000,000,136 | ---- | C] () -- C:\ProgramData\-ruWXPTPZImp0ILr
[2012/09/18 16:36:08 | 000,000,136 | ---- | C] () -- C:\ProgramData\-ruWXPTPZImp0IL
[2012/09/18 16:36:04 | 000,000,368 | ---- | C] () -- C:\ProgramData\ruWXPTPZImp0IL

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
FINALLY

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #12 on: September 24, 2012, 09:07:25 PM »
I am missing some little short cut's that used to sit on my task bar on the left hand side of my screen right next to my start menu. Things like firefox. Other then that, I seem to be fine. I did have a virus that was hiding some files, but I seemingly got rid of that problem and was just left with what I have now.

After I have done as was suggested in your post, I do seem to be able to visit sites that were difficult to access or just completely unresponsive for me. Right now, it's still running a tad slower then it should, but I can at least make to the site in less then a 2-5 minutes. It still takes about 15-30 seconds though, when it normally loaded in at least 5 seconds. But that's all I've noticed so far. 

Here are the requested file logs. Thank you very much for taking this time to help me. First up is the rouge killer file, then the otl file, and finally the combo fix log.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40636
  • Dragons by Sasha
    • Malware fixes
Re: Hello and HELP!
« Reply #13 on: September 24, 2012, 09:14:11 PM »
OK there will be at least another two runs to kill this as there is an MBR infection as well

To be on the safe side I will run just one at a time

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

Offline Guts717

  • Jr. Member
  • **
  • Posts: 42
Re: Hello and HELP!
« Reply #14 on: September 24, 2012, 10:03:58 PM »
I just downloaded the program and I'm having the same problems as I did with the aswMBR. It act's like I'm opening it up, but then nothing else happens. I tried opening it up in safe mode, but it did absolutely nothing in that as well.

Alos, I'm noticing that my Avast program is blocking a lot of harmful sites. Even when I'm just starting up the pc and haven't got a browser open. Also, I don't know if it helps at all, but when I try to shut down my pc, it Tell's me it's waiting on a program to shut off. But, unlike every other program that it's ever had to wait on, it doesn't tell me what this program is that it's waiting on.

And I hadn't mentioned this before, but I had forgot about it. If I leave my pc idle while it's running something like super anti spyware or malware bytes, My pc might turn it self off completely. It's never done it while I've been sitting at it, and it doesn't always do it when I leave it alone to idle.