Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Techbrowsing adware

26 Jan 2016   #21
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I'm so sorry that I'm late to this topic!!
I didn't get the email that I should have from Barman58

Please Download DDS from one of these links:
DDS.com

DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.


My System SpecsSystem Spec
.
27 Jan 2016   #22
yomama365

Windows 7 pro x64 (or win 10 pro)
 
 

Quote   Quote: Originally Posted by Jacee View Post
I'm so sorry that I'm late to this topic!!
I didn't get the email that I should have from Barman58

Please Download DDS from one of these links:
DDS.com

DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
Will run later or tomorrow, its doing scans and will take the day. Im sorry to keep you waiting but its caught up right now
My System SpecsSystem Spec
27 Jan 2016   #23
yomama365

Windows 7 pro x64 (or win 10 pro)
 
 

I am not running anything for the meantime as i was using youtube on the first pc and i opened and started rougekiller, chrome crashed and things went unresponsive for a few mins. Rougekiller found chrome had hooks but when i looked it up it was legit, i will post that log later, but more worryingly i have a log from a second run of rouge killer and explorer.exe has hooks:
RogueKiller V11.0.9.0 (x64) [Jan 24 2016] (Free) by Adlice Software

mail : Contact - Adlice Software

Feedback : Adlice forum

Website : RogueKiller Anti-Malware free download

Blog : Adlice Software - malware analysis



Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : MY USERNAME [Administrator]

Started from : C:\Program Files\RogueKiller\RogueKiller64.exe

Mode : Scan -- Date : 01/27/2016 21:45:42



Processes : 0



Registry : 0



Tasks : 0



Files : 0



Hosts File : 0 [Too big!]



Antirootkit : 30 (Driver: Not loaded [0x10000])

[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x701e0 (jmp 0xffffffff884d1140|jmp 0xfffffffffffffe19|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x703a0 (jmp 0xffffffff884d2650|jmp 0xfffffffffffffc59|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x70380 (jmp 0xffffffff884d2610|jmp 0xfffffffffffffc79|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x702c0 (jmp 0xffffffff884d2490|jmp 0xfffffffffffffd39|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x70480 (jmp 0xffffffff884d1bf0|jmp 0xfffffffffffffb79|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x703d0 (jmp 0xffffffff884d2760|jmp 0xfffffffffffffc29|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x702d0 (jmp 0xffffffff884d2520|jmp 0xfffffffffffffd29|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x70390 (jmp 0xffffffff884d2160|jmp 0xfffffffffffffc69|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x703f0 (jmp 0xffffffff884d1510|jmp 0xfffffffffffffc09|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x70300 (jmp 0xffffffff884d24b0|jmp 0xfffffffffffffcf9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x70360 (jmp 0xffffffff884d2750|jmp 0xfffffffffffffc99|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x70490 (jmp 0xffffffff884d1bf0|jmp 0xfffffffffffffb69|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x70440 (jmp 0xffffffff884d2990|jmp 0xfffffffffffffbb9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x70340 (jmp 0xffffffff884d2020|jmp 0xfffffffffffffcb9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x70310 (jmp 0xffffffff884d25f0|jmp 0xfffffffffffffce9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x702a0 (jmp 0xffffffff884d1e90|jmp 0xfffffffffffffd59|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff884d1920|jmp 0xfffffffffffffd49|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x70280 (jmp 0xffffffff884d1f00|jmp 0xfffffffffffffd79|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x70290 (jmp 0xffffffff884d1950|jmp 0xfffffffffffffd69|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x70320 (jmp 0xffffffff884d1ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x70330 (jmp 0xffffffff884d1960|jmp 0xfffffffffffffcc9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x703c0 (jmp 0xffffffff884d1f90|jmp 0xfffffffffffffc39|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x703e0 (jmp 0xffffffff884d2500|jmp 0xfffffffffffffc19|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x70370 (jmp 0xffffffff884d19b0|jmp 0xfffffffffffffc89|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x70420 (jmp 0xffffffff884d1290|jmp 0xfffffffffffffbd9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x70470 (jmp 0xffffffff884d2270|jmp 0xfffffffffffffb89|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x70430 (jmp 0xffffffff884d1770|jmp 0xfffffffffffffbc9|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x70270 (jmp 0xffffffff884d0ff0|jmp 0xfffffffffffffd89|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x701d0 (jmp 0xffffffff884d1a30|jmp 0xfffffffffffffe29|jmp 0x19b)

[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x702f0 (jmp 0xffffffff884d1a20|jmp 0xfffffffffffffd09|jmp 0x19b)



Web browsers : 0



MBR Check :

Not needed in post ^
My System SpecsSystem Spec
.

27 Jan 2016   #24
yomama365

Windows 7 pro x64 (or win 10 pro)
 
 

Quote   Quote: Originally Posted by Jacee View Post
I'm so sorry that I'm late to this topic!!
I didn't get the email that I should have from Barman58

Please Download DDS from one of these links:
DDS.com

DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
Before i follow your instructions can you look at the above log
My System SpecsSystem Spec
27 Jan 2016   #25
yomama365

Windows 7 pro x64 (or win 10 pro)
 
 

My solution to this strange infection, since its not in files or programs, is a inplace upgrade repair install tp remove nastys from the registry and windows files.
My System SpecsSystem Spec
27 Jan 2016   #26
z3r010

 

Don't follow the experts advice then, I'm sure you know better
My System SpecsSystem Spec
27 Jan 2016   #27
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Quote   Quote: Originally Posted by yomama365 View Post
a inplace upgrade repair install .
Hi,
Never heard of one of those :/
My System SpecsSystem Spec
27 Jan 2016   #28
yomama365

Windows 7 pro x64 (or win 10 pro)
 
 

I was just posting it out there. It is possible that i have ZeroAccess rootkit hiding this malware but i dont know for sure as i only researched. Tdsskiller comes back with nothing and id run follow the experts advice but its not advisable to boot a system and let a rootkit run round when i have no recent backup. Also tdsskiller driver fails to install or is blocked from doing so, rougekiller driver also failed to install a driver, yet normal drivers install for my mouse and gpu.
My System SpecsSystem Spec
27 Jan 2016   #29
yomama365

Windows 7 pro x64 (or win 10 pro)
 
 

Quote   Quote: Originally Posted by ThrashZone View Post
Quote   Quote: Originally Posted by yomama365 View Post
a inplace upgrade repair install .
Hi,
Never heard of one of those :/
Basiclly like upgrading from 7 to 10 but im "upgrading" from 7 to 7. This replaces windows files and could remove the infection or at least stump it back a bit. Im not ignoring the expert but i do not feel at all safe booting into the os. If i had a backup it just screw it and format on the spot but for me to get my data off without the infection coming with it i need to minimize how much it does, and it already looks like its done more than i was wanting to let it. Running kespersky rescue disk 10
My System SpecsSystem Spec
27 Jan 2016   #30
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

So sorry we can't help you if you insist on running your own scans with no knowledge of the scan results.
My System SpecsSystem Spec
Reply

 Techbrowsing adware




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Unwanted adware and other pop ups.
Hi When i browse net i get annoying adwares and other things that always pop up or the text appears as links like double green line under the text and all sorts if things happening. I remove them from the add on as im using firefox. Don't want to use other browsers. So i remove them from...
Browsers & Mail
adware how to remove
have had browser taken over by QVO6 how do I get rid of it , my avast is not picking it up
System Security
Adware virus?
Hi, i was just playing tf2 and quit and steam said: You won apple iphone 4! And then i steam played sound (it was finland). I killed steam.exe (The real good gaming place) from taskmgr and the sound was gone. I should scan my pc now? :rolleyes:
System Security
GLB953.tmp adware?
i was looking threw my things and i found this and im wondering what it is and how to i get rid of it?
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App