Results 1 to 7 of 7

Thread: Removing chitka ads, tried everything!!

  1. #1
    Junior Member
    Join Date
    Apr 2013
    Posts
    4

    Unhappy

    Someone please help me on how to remove these ads. They keep popping up in both left and right bottom corners. What I tried so far:
    -Windows security essentials
    -cleaning cookies, temporary internet files
    -allbrowser plugins are up to date
    -Malwerbytes
    -spybot S&D
    It is driving me insane! Everytime I think I got rid of it, there it is popping up again!! Please help!
    aswMBR.txt and DDS.txt attached

    Here it is.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 10.17.2
    Run by Petyusha at 21:56:17 on 2013-04-10
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3835.940 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Petyusha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    DPF: {C194379D-6612-4BBF-9D1A-9B8C33F47814} - hxxp://www.aimsperform.co.uk/clem/clemsafe.cab
    DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\244584572633D273634543 : DHCPNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\244584572633D284255393 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\449616E616 : DHCPNameServer = 85.253.0.2 85.253.0.130
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    Hosts: 149.5.18.172 www.google-analytics.com.
    Hosts: 149.5.18.172 ad-emea.doubleclick.net.
    Hosts: 149.5.18.172 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Petyusha\AppData\Roaming\Mozilla\Firefox\Profiles\a5gs0klg.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Petyusha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Petyusha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: -
    FF - user.js: security.enable_tls - false
    FF - user.js: network.http.accept-encoding -
    FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-2-4 328232]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-6 39464]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-25 24176]
    .
    =============== Created Last 30 ================
    .
    2013-04-10 18:41:30 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C1335E4-162F-43D5-BBB6-3379CAEBECAB}\mpengine.dll
    2013-04-09 14:37:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-04-09 14:36:57 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-04-09 14:36:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-04-09 14:08:07 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-09 14:06:10 963488 ----a-w- C:\Windows\System32\deployJava1.dll
    2013-04-09 14:06:10 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2013-04-09 14:05:37 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-04-09 10:16:34 9311288 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-04-04 22:22:27 -------- d-----w- C:\Users\Petyusha\AppData\Roaming\CANON INC
    2013-03-28 12:28:32 -------- d-----w- C:\Users\Petyusha\AppData\Local\{662B1CF6-40AA-4C39-84EE-BBB516E13C5B}
    2013-03-25 23:11:52 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-24 14:37:15 -------- d-----w- C:\Users\Petyusha\AppData\Local\{5297ACDA-6AFB-4041-894C-3743C15F30E2}
    2013-03-23 23:25:02 -------- d-----w- C:\Users\Petyusha\AppData\Local\{33523513-4801-40B2-A6F3-BA0E4F487D6F}
    2013-03-22 23:40:26 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16F1E90E-8574-4606-8E7A-6971D4E89672}\gapaengine.dll
    2013-03-21 00:08:07 -------- d-----w- C:\Users\Petyusha\AppData\Local\{191D804A-1AA7-4D46-A776-C76263D9C48A}
    2013-03-20 20:59:12 -------- d-----w- C:\Windows\System32\SPReview
    2013-03-19 23:12:02 -------- d-----w- C:\Users\Petyusha\AppData\Local\{C1C90009-DCE4-401A-BD40-895AECE00CBA}
    2013-03-18 16:25:26 -------- d-----w- C:\Users\Petyusha\AppData\Local\{2F53761C-F33A-4503-B678-5C3601DE3381}
    2013-03-13 23:39:28 -------- d-----w- C:\Users\Petyusha\AppData\Local\CANON_INC
    2013-03-13 23:25:26 -------- d-----w- C:\Users\Petyusha\AppData\Roaming\Canon_Inc_IC
    2013-03-13 23:22:37 -------- d-----w- C:\Program Files (x86)\Canon
    2013-03-13 23:22:35 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
    2013-03-13 23:21:23 -------- d-----w- C:\ProgramData\Canon_Inc_IC
    2013-03-13 10:25:42 -------- d-----w- C:\Users\Petyusha\AppData\Local\{D2689EEB-5947-47E5-BFDD-21B7CE34C6B8}
    .
    ==================== Find3M ====================
    .
    2013-04-09 14:07:50 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-04-09 14:02:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-09 14:02:47 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-20 15:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-01-20 15:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    .
    ============= FINISH: 21:59:20.99 ===============
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-04-10 22:01:44
    -----------------------------
    22:01:44.848 OS Version: Windows x64 6.1.7600
    22:01:44.848 Number of processors: 2 586 0x603
    22:01:44.849 ComputerName: PETYUSHA-PC UserName: Petyusha
    22:01:52.319 Initialize success
    22:02:04.508 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    22:02:04.511 Disk 0 Vendor: TOSHIBA_MK3256GSY LH013C Size: 305245MB BusType: 11
    22:02:04.555 Disk 0 MBR read successfully
    22:02:04.558 Disk 0 MBR scan
    22:02:04.561 Disk 0 unknown MBR code
    22:02:04.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    22:02:04.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 283593 MB offset 409600
    22:02:04.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21348 MB offset 581208064
    22:02:04.628 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
    22:02:04.666 Disk 0 scanning C:\Windows\system32\drivers
    22:02:11.253 Service scanning
    22:02:33.709 Modules scanning
    22:02:33.721 Disk 0 trace - called modules:
    22:02:33.758 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80036a02c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    22:02:34.102 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046ae790]
    22:02:34.108 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80046ad550]
    22:02:34.115 5 hpdskflt.sys[fffff88001699289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800463d060]
    22:02:34.122 \Driver\atapi[0xfffffa80040a2760] -> IRP_MJ_CREATE -> 0xfffffa80036a02c0
    22:02:34.133 Scan finished successfully
    22:14:20.264 Disk 0 MBR has been saved successfully to "C:\Users\Petyusha\Forum\MBR.dat"
    22:14:20.269 The log file has been saved successfully to "C:\Users\Petyusha\Forum\aswMBR.txt"
    Last edited by tashi; 2013-04-11 at 08:39. Reason: Merged two posts, copy pasted 2 logs into topic as per FAQ ;-)

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi Kephas,

    If you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Apr 2013
    Posts
    4

    Default Still need Assistance

    Thanks for your reply.
    Yep still in need of help. Do you have any suggestions?

  4. #4
    Junior Member
    Join Date
    Apr 2013
    Posts
    4

    Default :confused:

    Hosts: 149.5.18.172 www.google-analytics.com.
    Hosts: 149.5.18.172 ad-emea.doubleclick.net.
    Hosts: 149.5.18.172 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.

    I'm pretty sure these are a major part of my problem, but don't know how to approach them...

  5. #5
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    ok. We will get a download to use;

    Download the 64bit version of RougeKiller to your desktop.

    Double click to start
    For Vista or Windows 7, right-click and select run as Admin.
    Once the Prescan has finished running, click the scan button
    Once the scan is done a report.txt file will be on your desktop.
    Exit Rougekiller by going to File>Quit.
    Copy/paste the RKreport saved to your DeskTop

    That should be a good start to the solution. I probably wont be back on for 16-18 or so hours
    Last edited by shelf life; 2013-04-15 at 05:09.
    How Can I Reduce My Risk?

  6. #6
    Junior Member
    Join Date
    Apr 2013
    Posts
    4

    Default Here it is,

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Petyusha [Admin rights]
    Mode : Scan -- Date : 04/15/2013 10:09:16
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 5
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver : [NOT LOADED]

    Infection : Mal.Hosts

    HOSTS File:
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost
    149.5.18.172 www.google-analytics.com.
    149.5.18.172 ad-emea.doubleclick.net.
    149.5.18.172 www.statcounter.com.
    108.163.215.51 www.google-analytics.com.
    108.163.215.51 ad-emea.doubleclick.net.
    108.163.215.51 www.statcounter.com.


    MBR Check:

    +++++ PhysicalDrive0: TOSHIBA MK3256GSY ATA Device +++++
    --- User ---
    [MBR] cf66e462464c79831aa457c96898f43c
    [BSP] 4d2d6f129ff86bb67fd7e2e031993708 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 283593 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581208064 | Size: 21348 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04152013_02d1009.txt >>
    RKreport[1]_S_04152013_02d1009.txt

  7. #7
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Rerun roguekiller again like before and this time when its done click on the Fix Hosts button under options. It will produce another Tkreport[] on your desktop.
    Reboot your machine and post the new log in your reply. May be more to due.
    How Can I Reduce My Risk?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •