Can't get rid of malware (pop-ups)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

earguy

Thread Starter
Joined
Aug 16, 2013
Messages
494
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz, x64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 3567 Mb
Graphics Card: Intel(R) Q33 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 950774 MB, Free - 910352 MB;
Motherboard: Hewlett-Packard, 2820h
Antivirus: Microsoft Security Essentials, Updated and Enabled


I installed and ran the following: malwarebytes, Avast, Spybot search and destroy, Combofix, Superantispyware, Adwcleaner and currently running MSE-again.


At first I thought most of the malware (adware) had been removed but they are beginning to pop up all over the screen as before. It's taken me 15 minutes just to navigate around them so I could post this. I've uninstalled any program I thought would be a problem (mainly toolbars). The only browser being used on this computer is IE. One of the "ad providers" is CloudScout. There are others.


Any suggestions would be greatly appreciated.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,159
you know we are going to have to ask, so may as well get it done.

Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
 

earguy

Thread Starter
Joined
Aug 16, 2013
Messages
494
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-H36P3-X3BB7-7GCX3
Windows Product Key Hash: vs3dmhDk5ySMm9r7LaEY892OgyA=
Windows Product ID: 00371-OEM-9083251-06311
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {DEFB88E7-EFF1-434E-B255-F13FDE5E5CDE}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.150113-1808
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DEFB88E7-EFF1-434E-B255-F13FDE5E5CDE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7GCX3</PKey><PID>00371-OEM-9083251-06311</PID><PIDType>3</PIDType><SID>S-1-5-21-1585109459-87956893-3177102483</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq dc5800 Microtower</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786F2 v01.53</Version><SMBIOSVersion major="2" minor="5"/><Date>20080827000000.000000+000</Date></BIOS><HWID>154E3C07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-BPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>54030F525E55F1A</Val><Hash>Zadnc9hO2MjvFJgA02RtNu5eEpg=</Hash><Pid>81602-909-3776417-68982</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00180-832-506311-02-1033-7601.0000-2392014
Installation ID: 004821154286400106252306773693841612152331415442331944
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7GCX3
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 2/19/2015 11:40:40 AM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEA6GHKFKwWdObidYj9qq2Iz3IjYOve4UbK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC COMPAQ BEARLAKE
FACP COMPAQ BEARLAKE
HPET COMPAQ BEARLAKE
MCFG COMPAQ BEARLAKE
ASF! COMPAQ BEARLAKE
TCPA COMPAQ BEARLAKE
SLIC HPQOEM SLIC-BPC
 

earguy

Thread Starter
Joined
Aug 16, 2013
Messages
494
I had to move to another computer as the infected one isn't allowing me to get back to the TSG window. I am currently running Kaspersky Rescue disk on it to see if it will clean the PC enough for me to get back to the TSG window.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,159
You are going to have to wait for a malware expert to swing by. As this is easily our most populous forum, if you don't get assistance in 24 hours or so, just bump it.
 

earguy

Thread Starter
Joined
Aug 16, 2013
Messages
494
I ran Hitman Pro again and did not see Cloud Scout adware though it was still showing ads on the IE browser. I reset Internet Options and it seems that the problem has gone away. I've surfed several sites and no ads are popping up now. I think the problem is solved. Thanks again.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top