Jump to content

Ads started running in the background


Recommended Posts

Hello Frustrated2015 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Here is my log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by JDGentry at 2015-07-09 09:02:14 Run:1
Running from C:\Users\JDGentry\Desktop\Computer Fix
Loaded Profiles: JDGentry (Available Profiles: JDGentry)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKU\S-1-5-21-148646859-1324797727-3533830681-1001\...\MountPoints2: {af4cf444-ba9b-11e3-a229-c8f733c4b296} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\start.exe
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Danny\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\Danny\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Danny\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Danny\AppData\Local\Temp\Quarantine.exe
C:\Users\Danny\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Danny\AppData\Local\Temp\sqlite3.dll
C:\Users\Danny\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Danny\AppData\Local\Temp\xmlUpdater.exe
CustomCLSID: HKU\S-1-5-21-148646859-1324797727-3533830681-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Danny\AppData\Roaming\awsictok\tivesen.dll () <==== ATTENTION
C:\Users\Danny\AppData\Roaming\awsictok\tivesen.dll
C:\Users\Danny\AppData\Roaming\awsictok
C:\Users\Danny\AppData\Roaming\awsictok\colers.dll
Hosts:
EmptyTemp:
end

 

*****************

HKU\S-1-5-21-148646859-1324797727-3533830681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4cf444-ba9b-11e3-a229-c8f733c4b296} => key not found.
HKCR\CLSID\{af4cf444-ba9b-11e3-a229-c8f733c4b296} => key not found.
VBoxNetFlt => Service not found.
"C:\Users\Danny\AppData\Local\Temp\BlackBerryDeviceManager.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\BlackBerryLauncher.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\jre-8u40-windows-au.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\npp.6.6.9.Installer.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\Quarantine.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\SkypeSetup.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\sqlite3.dll" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\vlc-2.1.5-win32.exe" => File/Folder not found.
"C:\Users\Danny\AppData\Local\Temp\xmlUpdater.exe" => File/Folder not found.
HKU\S-1-5-21-148646859-1324797727-3533830681-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => key not found.
"C:\Users\Danny\AppData\Roaming\awsictok\tivesen.dll" => File/Folder not found.
"C:\Users\Danny\AppData\Roaming\awsictok" => File/Folder not found.
"C:\Users\Danny\AppData\Roaming\awsictok\colers.dll" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 4.1 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 01:47:24 ====

Link to post
Share on other sites

Why did you run this script? Have you see my post? Did you see my post?

Hello Frustrated2015 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Your instructions were to follow the instructions here and ten post a reply to this thread followed by the link. The links instructions were as follows.

"Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well or if needed you can attach the logs."

So I downloaded the program and posted the log as per the instructions.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.