Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

adware.gen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

adware.gen

Unread postby godo » May 11th, 2013, 9:13 am

Hello!
I was trying to install some softwares to unbrick my phone and I didn't pay attention properly to one of the links, which was quite suspicious. After installation, I got infected with adware.gen and now I'm keeping received alerts from AVIRA with the threat "ADWARE/Adware.gen".

Some lines of the log contains messages in Portuguese. The most important ones are in English thought.

DDS.txt
Code: Select all
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by godo at 14:48:48 on 2013-05-11
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.3955.1118 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
c:\Windows\system32\vcsFPService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\Program Files (x86)\Microsoft SQL Server\SQLBounce\MSSQL10_50.SQLBOUNCE\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Microsoft SQL Server\ZBDProcessor\MSSQL10_50.ZBDPROCESSOR\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\PremierOpinion\pmservice.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\godo\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Vidyo\Vidyo Desktop\VidyoDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\prevhost.exe
C:\Windows\notepad.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\godo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files (x86)\premieropinion\pmropn.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=NL&userid=04d7552f-d57b-4a47-82f7-cb6883809425&searchtype=hp&installDate={installDate}
uSearch Bar = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=NL&userid=04d7552f-d57b-4a47-82f7-cb6883809425&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearch Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=NL&userid=04d7552f-d57b-4a47-82f7-cb6883809425&searchtype=ds&q={searchTerms}&installDate={installDate}
uProxyOverride = local;192.168.*.*
uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=NL&userid=04d7552f-d57b-4a47-82f7-cb6883809425&searchtype=ds&q={searchTerms}&installDate={installDate}
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
uRun: [googletalk] C:\Users\godo\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\godo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Vidyo Desktop] C:\Program Files (x86)\Vidyo\Vidyo Desktop\VidyoDesktop.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 213.160.212.3 213.160.223.35
TCP: Interfaces\{06B09711-1BAF-45BB-94EF-2338127CE5D9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{06B09711-1BAF-45BB-94EF-2338127CE5D9}\35E454C61626 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FFA6CA42-D7C4-4CFF-844A-5F48DEEC170E} : DHCPNameServer = 213.160.212.3 213.160.223.35
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
LSA: Notification Packages =  DPPassFilter scecli
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Driver de comutação do controlador host Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-29 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-7-29 28992]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-7-28 22128]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-1-10 70296]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-11-6 27760]
R2 AntiVirSchedulerService;Avira Programador;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-6 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-6 110032]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-9 107648]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-11-6 98848]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-7-28 109184]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-9 30848]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-7-28 176000]
R3 IntcDAud;Áudio do vídeo Intel(R);C:\Windows\System32\drivers\IntcDAud.sys [2012-7-29 331264]
R3 iusb3hub;Driver para hub Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-29 356120]
R3 iusb3xhc;Driver de controlador host eXtensível Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-29 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-7-29 104048]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-7-29 67184]
S2 BounceCommV3;BounceCommV3;"C:\Program Files (x86)\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe" --> C:\Program Files (x86)\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-9 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-9 551552]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-7-29 300864]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-7-29 313448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-05-11 12:02:28	--------	d-----w-	C:\Program Files (x86)\ESET
2013-05-11 09:55:58	--------	d-----w-	C:\Users\godo\AppData\Local\Motosftemp
2013-05-11 09:50:25	--------	d-----w-	C:\Program Files (x86)\PremierOpinion
2013-05-11 09:47:18	--------	d-----w-	C:\Users\godo\AppData\Roaming\Motorola Mobility
2013-05-11 09:47:02	--------	d-----w-	C:\Program Files (x86)\Motorola Mobility
2013-05-11 09:47:02	--------	d-----w-	C:\Program Files (x86)\Motorola
2013-05-11 09:47:02	--------	d-----w-	C:\Program Files (x86)\Common Files\MSSoap
2013-05-11 09:46:51	--------	d-----w-	C:\Program Files (x86)\MSXML 4.0
2013-05-11 09:46:04	--------	d-----w-	C:\Program Files\Motorola Inc
2013-05-11 09:46:03	--------	d-----w-	C:\Program Files\Common Files\Motorola Shared
2013-05-11 09:45:10	--------	d-----w-	C:\Users\godo\AppData\Roaming\Motorola
2013-05-10 18:33:31	--------	d-----w-	C:\Users\godo\AppData\Local\{13EE6E4F-5FB0-4578-A373-810CFC841FF1}
2013-05-06 14:58:14	--------	d-----w-	C:\Program Files (x86)\Ambarella
2013-05-06 13:23:49	--------	d-----w-	C:\Users\godo\.zenmap
2013-05-06 13:21:10	--------	d-----w-	C:\Program Files (x86)\Nmap
2013-05-06 11:57:02	--------	d-----w-	C:\Python27
2013-04-28 21:23:31	--------	d-----w-	C:\Program Files (x86)\Vidyo
2013-04-28 21:23:27	--------	d-----w-	C:\Users\godo\AppData\Local\Vidyo
2013-04-25 08:30:32	--------	d-----w-	C:\ProgramData\GbPlugin
2013-04-25 08:30:32	--------	d-----w-	C:\Program Files (x86)\GbPlugin
2013-04-25 08:30:22	824	----a-w-	C:\Windows\System32\drivers\etc\hosts.tmp
2013-04-24 09:35:29	1656680	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-04-22 12:01:05	--------	d-----w-	C:\ProgramData\boost_interprocess
2013-04-22 11:54:13	--------	d-----w-	C:\Users\godo\AppData\Roaming\Wireshark
2013-04-21 07:40:39	706250	----a-w-	C:\Users\godo\AppData\Roaming\unins000.exe
2013-04-21 07:40:39	--------	d-----w-	C:\Users\godo\AppData\Local\GAS Tecnologia
2013-04-21 07:40:39	--------	d-----w-	C:\ProgramData\GAS Tecnologia
2013-04-18 19:00:48	1002728	----a-w-	C:\Windows\System32\WinUSBCoInstaller2.dll
2013-04-18 19:00:48	--------	d-----w-	C:\usb_driver
2013-04-18 10:05:03	--------	d-----w-	C:\Users\godo\irssi
2013-04-16 13:24:45	--------	d-----w-	C:\Program Files (x86)\WinPcap
2013-04-16 13:24:05	--------	d-----w-	C:\Program Files\Wireshark
2013-04-16 13:23:38	--------	d-----w-	C:\Program Files\OpenVPN
2013-04-16 13:22:42	--------	d-----w-	C:\Program Files\TAP-Windows
2013-04-16 00:14:51	--------	d-----w-	C:\Users\godo\.ssh
2013-04-16 00:13:42	--------	d-----w-	C:\Users\godo\AppData\Roaming\GitHub
2013-04-16 00:13:38	--------	d-----w-	C:\Users\godo\AppData\Local\GitHub
2013-04-15 10:05:21	--------	d-----w-	C:\Users\godo\AppData\Roaming\Hex-Rays
2013-04-12 09:03:14	--------	d-----w-	C:\Program Files (x86)\Tableau
.
==================== Find3M  ====================
.
2013-04-24 07:31:52	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-24 07:31:52	691592	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-06 17:55:00	2448384	----a-w-	C:\Windows\SysWow64\python27.dll
2013-04-04 07:11:59	861088	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-04-04 07:11:59	782240	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-03-23 02:04:04	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 06:04:06	5550424	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56	43520	----a-w-	C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13	3968856	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10	3913560	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50	6656	----a-w-	C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33	112640	----a-w-	C:\Windows\System32\smss.exe
2013-03-01 03:36:04	3153408	----a-w-	C:\Windows\System32\win32k.sys
2013-02-21 10:30:16	1766912	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39	2877440	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07	2240512	----a-w-	C:\Windows\System32\wininet.dll
2013-02-21 10:14:09	3958784	----a-w-	C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05	67072	----a-w-	C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 06:08:40	44032	----a-w-	C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11	3717632	----a-w-	C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26	158720	----a-w-	C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10	3217408	----a-w-	C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10	131584	----a-w-	C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51	36864	----a-w-	C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31	474112	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05	19968	----a-w-	C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 14:50:54,72 ===============


Attach.txt
Code: Select all
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic 
Boot Device: \Device\HarddiskVolume2
Install Date: 02/08/2012 21:34:01
System Uptime: 11/05/2013 13:29:22 (1 hours ago)
.
Motherboard: Dell Inc.          |  | 0C0NHY
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 1175/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 307 GiB total, 51,488 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 85 GiB total, 47,672 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 331,181 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP110: 05/05/2013 21:46:28 - Ponto de Verificação Agendado
RP111: 06/05/2013 13:56:15 - Installed Python 2.7.4
RP112: 06/05/2013 16:58:26 - Instalação de Pacote de Driver de Dispositivo: Microsoft Controladores USB (barramento serial universal)
RP113: 11/05/2013 11:45:19 - Instalado Motorola Device Manager
RP114: 11/05/2013 11:53:07 - Installed RSDLite
RP115: 11/05/2013 12:33:13 - Removed RSDLite
RP116: 11/05/2013 12:34:00 - Removed Secure Download Manager
RP117: 11/05/2013 13:23:20 - Operação de restauração
RP118: 11/05/2013 13:37:35 - Removed Java 7 Update 10 (64-bit)
RP119: 11/05/2013 13:39:39 - Removed Java 7 Update 17
RP120: 11/05/2013 13:40:26 - Removido JavaFX 2.1.1
.
==== Installed Programs ======================
.
.
==== End Of File ===========================


Operação de restauração = Restoration point created.

I've followed the instructions to open this post and the necessary information to be provided. Hope it is enough to assist you guys assisting me!

Best,
godo
Active Member
 
Posts: 1
Joined: May 11th, 2013, 8:40 am
Advertisement
Register to Remove

Re: adware.gen

Unread postby deltalima » May 11th, 2013, 4:52 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: adware.gen

Unread postby deltalima » May 11th, 2013, 5:01 pm

Hi godo,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Windows 7 and Vista users
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file (Right click and choose "Run as administrator" in Vista/Win7). If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please note.
There is no need to quote the logs, please just paste them into your reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: adware.gen

Unread postby deltalima » May 14th, 2013, 10:02 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 110 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware