1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't get rid of malware (pop-ups)

Discussion in 'Virus & Other Malware Removal' started by earguy, Feb 19, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. earguy

    earguy Thread Starter

    Joined:
    Aug 16, 2013
    Messages:
    494
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz, x64 Family 6 Model 23 Stepping 6
    Processor Count: 2
    RAM: 3567 Mb
    Graphics Card: Intel(R) Q33 Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 950774 MB, Free - 910352 MB;
    Motherboard: Hewlett-Packard, 2820h
    Antivirus: Microsoft Security Essentials, Updated and Enabled


    I installed and ran the following: malwarebytes, Avast, Spybot search and destroy, Combofix, Superantispyware, Adwcleaner and currently running MSE-again.


    At first I thought most of the malware (adware) had been removed but they are beginning to pop up all over the screen as before. It's taken me 15 minutes just to navigate around them so I could post this. I've uninstalled any program I thought would be a problem (mainly toolbars). The only browser being used on this computer is IE. One of the "ad providers" is CloudScout. There are others.


    Any suggestions would be greatly appreciated.
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,589
    you know we are going to have to ask, so may as well get it done.

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  3. earguy

    earguy Thread Starter

    Joined:
    Aug 16, 2013
    Messages:
    494
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-H36P3-X3BB7-7GCX3
    Windows Product Key Hash: vs3dmhDk5ySMm9r7LaEY892OgyA=
    Windows Product ID: 00371-OEM-9083251-06311
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {DEFB88E7-EFF1-434E-B255-F13FDE5E5CDE}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.150113-1808
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Allowed
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{DEFB88E7-EFF1-434E-B255-F13FDE5E5CDE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7GCX3</PKey><PID>00371-OEM-9083251-06311</PID><PIDType>3</PIDType><SID>S-1-5-21-1585109459-87956893-3177102483</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq dc5800 Microtower</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786F2 v01.53</Version><SMBIOSVersion major="2" minor="5"/><Date>20080827000000.000000+000</Date></BIOS><HWID>154E3C07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-BPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>54030F525E55F1A</Val><Hash>Zadnc9hO2MjvFJgA02RtNu5eEpg=</Hash><Pid>81602-909-3776417-68982</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00180-832-506311-02-1033-7601.0000-2392014
    Installation ID: 004821154286400106252306773693841612152331415442331944
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 7GCX3
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 2/19/2015 11:40:40 AM
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:

    HWID Data-->
    HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEA6GHKFKwWdObidYj9qq2Iz3IjYOve4UbK
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC COMPAQ BEARLAKE
    FACP COMPAQ BEARLAKE
    HPET COMPAQ BEARLAKE
    MCFG COMPAQ BEARLAKE
    ASF! COMPAQ BEARLAKE
    TCPA COMPAQ BEARLAKE
    SLIC HPQOEM SLIC-BPC
     
  4. earguy

    earguy Thread Starter

    Joined:
    Aug 16, 2013
    Messages:
    494
    I had to move to another computer as the infected one isn't allowing me to get back to the TSG window. I am currently running Kaspersky Rescue disk on it to see if it will clean the PC enough for me to get back to the TSG window.
     
  5. earguy

    earguy Thread Starter

    Joined:
    Aug 16, 2013
    Messages:
    494
    I've rebooted into safe mode.
     
  6. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,589
    You are going to have to wait for a malware expert to swing by. As this is easily our most populous forum, if you don't get assistance in 24 hours or so, just bump it.
     
  7. earguy

    earguy Thread Starter

    Joined:
    Aug 16, 2013
    Messages:
    494
    OK. Thanks
     
  8. earguy

    earguy Thread Starter

    Joined:
    Aug 16, 2013
    Messages:
    494
    I ran Hitman Pro again and did not see Cloud Scout adware though it was still showing ads on the IE browser. I reset Internet Options and it seems that the problem has gone away. I've surfed several sites and no ads are popping up now. I think the problem is solved. Thanks again.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143400

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice