infected with adware again and possible trojan?

[ken545]

Good, sometimes a rootkit type of infection is responsible for pop ups and redirects but TDSSKiller found none


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[ken545]

Sorry I missed your questions, as far as your laptop yes go ahead and delete those backups, what we can do is when we are done with this computer than we can work on your laptop.

Sometimes a router can store malicious websites, do this and it will flush it all out, if those files keep returning you may have to reset the router back to when you bought it and set it up again but try this first


1. Turn off your computer
2. Turn off your router by unplugging the power cord on the back of the unit
3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit

Leave everything off for about 5 minutes, this lets it all reset

Then

1. Plug in your Cable / DSL modem and wait until all the lights come back on
2. Now do the same thing with your router
3. Turn your computer back on and lets see if those bad hosts file backups reappear

[NutherStamper]

Ok unplugged everything let it sit and then started everything up. I had difficulty getting Eset to run but finally figured out it had to be run as an admin. It came up with nothing and there was no where to generate a report. So far no pop ups since we got rid of those host files. I'll wait to hear from you on what to do next.

[ken545]

Lets just sit tight for a day or so, keep using your computer to go online and let me know if the pop ups return, when we decide that this computer is fine then I will close this thread and you can start a new topic for your laptop

[NutherStamper]

Lets just sit tight for a day or so, keep using your computer to go online and let me know if the pop ups return, when we decide that this computer is fine then I will close this thread and you can start a new topic for your laptop

Ok, unless something pops up in the meantime I will contact you back on Monday. Thanks for the help.

[NutherStamper]

Well not sure what is going on. Did ok till this morning and wound up with pop ups again when trying to read e-mail. Unplugged everything let it sit and plugged everything back in. Ran Adware again and this toolbar popped up again.
# AdwCleaner v4.001 - Report created 26/10/2014 at 08:51:03
# DB v2014-10-26.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : waldo - WALDO-PC
# Running from : C:\Users\waldo\Desktop\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\waldo\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116


*************************

AdwCleaner[R0].txt - [7109 octets] - [21/10/2014 15:03:04]
AdwCleaner[R1].txt - [7169 octets] - [22/10/2014 10:41:50]
AdwCleaner[R2].txt - [966 octets] - [26/10/2014 08:48:46]
AdwCleaner[S0].txt - [7343 octets] - [22/10/2014 10:45:21]
AdwCleaner[S1].txt - [883 octets] - [26/10/2014 08:51:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [942 octets] ##########



I was sure we had gotten rid of that darned thing.

So things were running along ok after that till just now. Was reading a text file offline when User Account control popped up.

Registry console Tool
Program location: C:\Window\SysWOW64\reg.exe add HKLM\System\ControlSet001\Services\win\vServiceD11 and some more stuff I have written down. I kept trying to say no but it wouldn't let me. So I shut down and started the system back up and the darn thing keeps popping up (is it because of something we changed at the beginning, that should be happening automatically?) so I finally said yes. Now I'm not sure whether I'm infected with something or not. I've never had that pop up before so I'm concerned. Adnxs popups seem to have stopped at the moment.

By the way that Zone alarm toolbar from above? There are two of them in the main folder. the LTD one and one that just says zone alarm toolbar. When I look on my laptop I don't have the LTD one.

I'm not sure what to do now. Awaiting your help.

Thanks!

[ken545]

The Zone Alarm Toolbar is safe but not needed, go ahead and run a scan with FRST , check Additions and post both new logs please

[NutherStamper]

HELLLLLPPPPPP! Desktop is completely locked up with ICE Cyber crime center virus. I cannot boot into safe mode or any other mode for that matter. What can I do? I'm at wits end.

[ken545]

Is this the same computer we have been working on or your laptop ??

Do you have a clean computer that you can access to work up a fix ??

[NutherStamper]

It's the one we've been working on. The desktop. I will need the check the laptop eventually. For now I have taken the desktop back to it's factory settings and I am in the process of installing Kaspersky Pure 3.0 Total Security onto the system. I tried various ways to fix the desktop but it was hopeless. I'm hoping my external drives that were attached to the desktop did not get infected. I have them unplugged for the moment. Can you give me a day or so to see how things go with this desktop. I may need you to take a look at it just to make sure everything is ok with it. Thanks much. I'm not having a good day.