Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Plz Help, getting random pop ups/slowed browser..

This is a discussion on Plz Help, getting random pop ups/slowed browser.. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I was hoping someone would be able to help me out, a few days ago i started noticing these


 
 
Thread Tools Search this Thread
Old 07-20-2015, 11:25 AM   #1
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



Hello, I was hoping someone would be able to help me out, a few days ago i started noticing these security popups and shopping adds/popups whenever i would use google chrome. I dont remember every installing anything or going to a malicious website that could have caused this so im kind of at a loss on what to do. Id really appreciate any help i could get.
trah24 is offline  
Sponsored Links
Advertisement
 
Old 07-21-2015, 12:20 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello trah24,

We need to see some information about what is happening in your machine. Therefore, We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
tekir06 is offline  
Old 07-21-2015, 08:22 PM   #3
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.60.2
Run by Talha at 22:17:13 on 2015-07-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4079.2355 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Tor\tor.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [AnyProtect Scanner] "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
mRun: [AnyProtect Tray] "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
mRun: [fst_us_146] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{968101C3-557B-4F8D-88FC-673D4F2088EC} : DHCPNameServer = 75.75.76.76 75.75.75.75
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 {ba5bdfa6-01ff-443c-b8f1-b66ac8b14b6c}Gw64;{ba5bdfa6-01ff-443c-b8f1-b66ac8b14b6c}Gw64;C:\Windows\System32\drivers\{ba5bdfa6-01ff-443c-b8f1-b66ac8b14b6c}Gw64.sys [2014-7-3 61120]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-3 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-3 21007192]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-3-15 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-4-9 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-3-20 23552]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-23 410952]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-3-29 5436176]
R2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2013-8-27 3233806]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-3 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-3 40392]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 124560]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-8 1255736]
.
=============== Created Last 30 ================
.
2015-07-21 21:34:54 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E158E529-7CC3-4A69-8724-D30AB23448C8}\mpengine.dll
2015-07-20 19:51:39 12221144 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-19 18:29:58 12221144 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CE22EDE-0A74-48D3-9E7D-02AB9AC71215}\mpengine.dll
2015-07-19 18:24:40 -------- d-----w- C:\ProgramData\477ebe2a00005a0c
2015-07-19 18:23:35 -------- d-----w- C:\ProgramData\1e8d480400006f54
2015-07-18 19:04:22 24 ----a-w- C:\Users\Talha\AppData\Roaming\appdataFr25.bin
2015-07-03 22:35:36 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5963E26-91AE-4BD6-BE82-475F531571CD}\gapaengine.dll
.
==================== Find3M ====================
.
2015-07-16 02:47:17 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-16 02:47:17 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 10:08:23 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-05-03 18:37:33 20 ----a-w- C:\Users\Talha\AppData\Roaming\appdataFr3.bin
.
============= FINISH: 22:18:26.94 ===============
Attached Files
File Type: txt Attach2.txt (20.4 KB, 20 views)
trah24 is offline  
Sponsored Links
Advertisement
 
Old 07-21-2015, 08:25 PM   #4
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



Sorry for the delay but here are the two logs.

Basically, I remembering just being on youtube or maybe a gaming site and then all of a sudden i started getting occasional video ads on the bottom right of my screen along, with popups saying that had possibly downloaded a virus and needed to contact this security company to have it removed.....and then i also occasionaly started gettign these random shopping advertisements.....if you would like any more details please feel free to ask me.

Thanks again.
trah24 is offline  
Old 07-22-2015, 12:52 AM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello trah24,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

STEP 1

Please download AdwCleaner on to your desktop.
Close all open programs and internet browsers.
Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
Click on Scan.
After the scan is complete click on "Cleaning"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

====================================================

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 07-22-2015, 11:47 AM   #6
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



# AdwCleaner v4.208 - Logfile created 22/07/2015 at 12:29:51
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Talha - TALHA-PC
# Running from : C:\Users\Talha\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : {ba5bdfa6-01ff-443c-b8f1-b66ac8b14b6c}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\ProgramData\1e8d480400006f54
Folder Deleted : C:\ProgramData\477ebe2a00005a0c
Folder Deleted : C:\ProgramData\68702e5c00005792
Folder Deleted : C:\Program Files (x86)\Super Optimizer
Folder Deleted : C:\Users\Talha\AppData\Roaming\Mozilla\Firefox\Profiles\tzeqhkfn.default-1383672819588\Extensions\[email protected]
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage-journal
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage-journal
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mppnoffgpafgpgbaigljliadgbnhljfl_0.localstorage
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mppnoffgpafgpgbaigljliadgbnhljfl_0.localstorage-journal
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage
File Deleted : C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage-journal
File Deleted : C:\Windows\System32\drivers\{ba5bdfa6-01ff-443c-b8f1-b66ac8b14b6c}Gw64.sys
File Deleted : C:\Windows\System32\drivers\webinstr.sys
File Deleted : C:\Users\Talha\AppData\Roaming\Mozilla\Firefox\Profiles\74u1y20q.default-1352609606916\user.js
File Deleted : C:\Users\Talha\AppData\Roaming\Mozilla\Firefox\Profiles\tzeqhkfn.default-1383672819588\user.js

***** [ Scheduled tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : BackgroundContainer Startup Task
Task Deleted : CPU Grid Computing
Task Deleted : LaunchSignup
Task Deleted : BlockAndSurf Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{39207FA9-632F-58D1-AE46-2F7C370FBF59}]
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Tray]
Key Deleted : HKLM\SOFTWARE\4fb69145-0359-0e0e-8f8e-9693aa84fd7a
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BD634FF7-DAD1-2648-6674-D6F3AEC3FDBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A98F9CF9-B94A-4173-99E5-5D6DFFE5CD0D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\DefaultTab
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\startnow.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] - 0

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

-\\ Mozilla Firefox v

[74u1y20q.default-1352609606916\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_coinis_15_13&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWinYahoo%[...]
[tzeqhkfn.default-1383672819588\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_coinis_15_13&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWinYahoo%[...]
[tzeqhkfn.default-1383672819588\prefs.js] - Line Deleted : user_pref("extensions.ABOKlXIJofKu3u5C.scode", "(function(){try{if(window.location.href.indexOf(\"qHs6rTs4qjsEqHkFrHs7rTn9qa\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"fl[...]

-\\ Google Chrome v43.0.2357.134

[C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Talha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_coinis_15_13&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByBtDyC0AtCyE0CyC0C0FtDtN0D0Tzu0StCtCyBzztN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtBzytDtAtCzz0BtG0D0DyBtDtG0F0B0B0FtG0CyE0BtBtGtByE0CtA0Fzy0EtCtA0FyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzz0C0ByE0D0EyEtGzzyCtCtDtGyE0AtBtBtGzz0EtDyEtGzztB0E0EyC0EyEyCzzyByCtB2QtN0A0LzuyE%26cr%3D1470483943%26a%3Dwny_coinis_15_13%26os%3DWindows 7 Ultimate&p={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [21433 bytes] - [15/07/2014 22:17:18]
AdwCleaner[R1].txt - [10320 bytes] - [22/07/2015 12:28:53]
AdwCleaner[S0].txt - [19449 bytes] - [15/07/2014 22:17:58]
AdwCleaner[S1].txt - [8646 bytes] - [22/07/2015 12:29:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8705 bytes] ##########
trah24 is offline  
Old 07-22-2015, 11:52 AM   #7
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



sorry here are the other two attachments.
Attached Files
File Type: txt FRST.txt (27.6 KB, 28 views)
File Type: txt Addition.txt (48.8 KB, 23 views)
trah24 is offline  
Old 07-23-2015, 12:38 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello trah24,

You're welcome. Thanks for the logs.

Let's move on. Please do the below instructions.

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (9.8 KB, 24 views)
__________________
tekir06 is offline  
Old 07-25-2015, 12:34 AM   #9
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



Hello, sorry about the delay but Ive tried repeatedly to use the program to programs fix function and it keeps getting stuck at "deleting temporary files." Ive tried restarting my computer over and over but it doesnt seem to fix the issue. Im not entirely sure what to do or where to go from here....
trah24 is offline  
Old 07-25-2015, 01:21 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Ok. I have added new fixlist. Please try again using this.
Attached Files
File Type: txt fixlist.txt (9.8 KB, 19 views)
__________________
tekir06 is offline  
Old 07-26-2015, 02:55 PM   #11
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



So i actually had the program run last night with the old fix log and when i got up today, i had seen that it actually completed successfully!
trah24 is offline  
Old 07-26-2015, 02:56 PM   #12
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Talha at 2015-07-24 21:09:44 Run:3
Running from C:\Users\Talha\Desktop
Loaded Profiles: Talha (Available Profiles: Talha)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1969155608-1376281966-1799279739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] <======= ATTENTION (Policy restriction on ProxySettings)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1969155608-1376281966-1799279739-1000 -> No Name - {C2F19DC6-073A-460C-B7DB-4A60A5AFEAD2} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: Tube Dimmer - C:\Users\Talha\AppData\Roaming\Mozilla\Firefox\Profiles\tzeqhkfn.default-1383672819588\Extensions\[email protected] [2013-11-05]
R2 Comfortable Tie; C:\Program Files (x86)\Comfortable Tie\Comfortable Tie.exe [8016301 2015-07-22] () [File not signed] <==== ATTENTION
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-27] () [File not signed] <==== ATTENTION
2015-07-22 12:55 - 2015-07-22 12:55 - 00040349 _____ C:\Windows\SysWOW64\rsslogs.20150722125405
2015-07-22 12:23 - 2015-07-22 12:23 - 00000000 ____D C:\Program Files (x86)\Comfortable Tie
2015-07-21 21:59 - 2015-07-22 12:29 - 00323357 _____ C:\Windows\SysWOW64\rsslogs.20150721215845
2015-07-20 21:09 - 2015-07-21 21:59 - 00600551 _____ C:\Windows\SysWOW64\rsslogs.20150720210809
2015-07-19 20:19 - 2015-07-20 21:09 - 00620801 _____ C:\Windows\SysWOW64\rsslogs.20150719201857
2015-07-19 14:12 - 2015-07-19 20:19 - 00160130 _____ C:\Windows\SysWOW64\rsslogs.20150719141059
2015-07-18 18:53 - 2015-07-18 18:53 - 00129833 _____ C:\Windows\SysWOW64\rsslogs.20150718185240
2015-07-18 14:04 - 2015-07-20 15:02 - 00000024 _____ C:\Users\Talha\AppData\Roaming\appdataFr25.bin
2015-07-18 12:13 - 2015-07-18 18:53 - 00151253 _____ C:\Windows\SysWOW64\rsslogs.20150718121232
2015-07-18 11:03 - 2015-07-18 11:03 - 00061770 _____ C:\Windows\SysWOW64\rsslogs.20150718110222
2015-07-18 03:02 - 2015-07-18 11:03 - 00030249 _____ C:\Windows\SysWOW64\rsslogs.20150718030142
2015-07-17 21:14 - 2015-07-17 21:14 - 00205496 _____ C:\Windows\SysWOW64\rsslogs.20150717211357
2015-07-17 15:12 - 2015-07-17 15:12 - 00143728 _____ C:\Windows\SysWOW64\rsslogs.20150717151111
2015-07-16 11:11 - 2015-07-17 15:12 - 00492838 _____ C:\Windows\SysWOW64\rsslogs.20150716111008
2015-07-15 11:39 - 2015-07-16 11:11 - 00609296 _____ C:\Windows\SysWOW64\rsslogs.20150715113852
2015-07-14 11:44 - 2015-07-15 11:39 - 00587427 _____ C:\Windows\SysWOW64\rsslogs.20150714114323
2015-07-13 12:38 - 2015-07-14 11:44 - 00564631 _____ C:\Windows\SysWOW64\rsslogs.20150713123714
2015-07-13 02:29 - 2015-07-13 12:38 - 00124806 _____ C:\Windows\SysWOW64\rsslogs.20150713022817
2015-07-13 02:23 - 2015-07-13 02:23 - 00001265 _____ C:\Windows\SysWOW64\rsslogs.20150713022237
2015-07-13 01:49 - 2015-07-13 02:13 - 00032048 _____ C:\Windows\SysWOW64\rsslogs.20150713014931
2015-07-11 22:49 - 2015-07-13 01:49 - 00325487 _____ C:\Windows\SysWOW64\rsslogs.20150711224822
2015-07-11 00:40 - 2015-07-11 22:48 - 00256580 _____ C:\Windows\SysWOW64\rsslogs.20150711003942
2015-07-10 01:13 - 2015-07-11 00:39 - 00308897 _____ C:\Windows\SysWOW64\rsslogs.20150710011326
2015-07-08 22:03 - 2015-07-10 01:13 - 00288908 _____ C:\Windows\SysWOW64\rsslogs.20150708220250
2015-07-07 22:53 - 2015-07-08 22:03 - 00546194 _____ C:\Windows\SysWOW64\rsslogs.20150707225209
2015-07-07 10:44 - 2015-07-07 22:53 - 00199372 _____ C:\Windows\SysWOW64\rsslogs.20150707104340
2015-07-05 22:04 - 2015-07-07 10:44 - 00401228 _____ C:\Windows\SysWOW64\rsslogs.20150705220353
2015-07-05 13:24 - 2015-07-05 22:04 - 00206082 _____ C:\Windows\SysWOW64\rsslogs.20150705132337
2015-07-04 14:22 - 2015-07-05 13:23 - 00217441 _____ C:\Windows\SysWOW64\rsslogs.20150704142144
2015-07-02 22:03 - 2015-07-04 14:22 - 00287619 _____ C:\Windows\SysWOW64\rsslogs.20150702220249
2015-07-01 22:03 - 2015-07-02 22:03 - 00290739 _____ C:\Windows\SysWOW64\rsslogs.20150701220250
2015-06-30 22:08 - 2015-07-01 22:03 - 00475331 _____ C:\Windows\SysWOW64\rsslogs.20150630220723
2015-06-30 01:56 - 2015-06-30 22:08 - 00270465 _____ C:\Windows\SysWOW64\rsslogs.20150630015522
2015-06-28 22:49 - 2015-06-30 01:56 - 00161480 _____ C:\Windows\SysWOW64\rsslogs.20150628224847
2015-06-28 04:12 - 2015-06-28 22:49 - 00124866 _____ C:\Windows\SysWOW64\rsslogs.20150628041157
2015-06-26 00:20 - 2015-06-28 04:12 - 00145090 _____ C:\Windows\SysWOW64\rsslogs.20150626001942
2015-06-24 22:03 - 2015-06-26 00:20 - 00161945 _____ C:\Windows\SysWOW64\rsslogs.20150624220255
2015-06-24 00:34 - 2015-06-24 22:03 - 00222079 _____ C:\Windows\SysWOW64\rsslogs.20150624003320
2015-06-22 22:03 - 2015-06-24 00:34 - 00192989 _____ C:\Windows\SysWOW64\rsslogs.20150622220255
2015-06-22 00:27 - 2015-06-22 22:02 - 00296111 _____ C:\Windows\SysWOW64\rsslogs.20150622002741
2015-06-22 00:27 - 2015-06-21 00:33 - 00248352 _____ C:\Windows\SysWOW64\rsslogs.20150621003219
C:\Users\Talha\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Talha\AppData\Local\Temp\7-Zip.exe
C:\Users\Talha\AppData\Local\Temp\air6623.exe
C:\Users\Talha\AppData\Local\Temp\BackupSetup.exe
C:\Users\Talha\AppData\Local\Temp\b_unppxb.dll
C:\Users\Talha\AppData\Local\Temp\CloudBackup2636.exe
C:\Users\Talha\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Talha\AppData\Local\Temp\contentDATs.exe
C:\Users\Talha\AppData\Local\Temp\DCB6.exe
C:\Users\Talha\AppData\Local\Temp\dlLogic.exe
C:\Users\Talha\AppData\Local\Temp\dltr.exe
C:\Users\Talha\AppData\Local\Temp\E52F.exe
C:\Users\Talha\AppData\Local\Temp\FourFinders_di.exe
C:\Users\Talha\AppData\Local\Temp\GCVerifier.dll
C:\Users\Talha\AppData\Local\Temp\installerdll166499.dll
C:\Users\Talha\AppData\Local\Temp\installerdll168137.dll
C:\Users\Talha\AppData\Local\Temp\installerdll178028.dll
C:\Users\Talha\AppData\Local\Temp\installerdll3642514.dll
C:\Users\Talha\AppData\Local\Temp\installerdll3696506.dll
C:\Users\Talha\AppData\Local\Temp\installerdll3824754.dll
C:\Users\Talha\AppData\Local\Temp\installerdll3826735.dll
C:\Users\Talha\AppData\Local\Temp\installerdll3832070.dll
C:\Users\Talha\AppData\Local\Temp\installerdll4683150.dll
C:\Users\Talha\AppData\Local\Temp\installerdll4947244.dll
C:\Users\Talha\AppData\Local\Temp\install_flash_player_13_plugin.exe
C:\Users\Talha\AppData\Local\Temp\jpr.exe
C:\Users\Talha\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Talha\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Talha\AppData\Local\Temp\jzlpqx5i.dll
C:\Users\Talha\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Talha\AppData\Local\Temp\lowproc.exe
C:\Users\Talha\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\Talha\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Talha\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Talha\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Talha\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Talha\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Talha\AppData\Local\Temp\nvStInst.exe
C:\Users\Talha\AppData\Local\Temp\oi_{472D1EB6-5141-4F0F-853A-DD5AB4803AEB}.exe
C:\Users\Talha\AppData\Local\Temp\oi_{87D70E07-2304-4058-BA7F-4817479C3902}.exe
C:\Users\Talha\AppData\Local\Temp\OriginLauncher166499.exe
C:\Users\Talha\AppData\Local\Temp\OriginLauncher3824754.exe
C:\Users\Talha\AppData\Local\Temp\ose00000.exe
C:\Users\Talha\AppData\Local\Temp\PastaLeadsSetup.exe
C:\Users\Talha\AppData\Local\Temp\PCSpeedCleanSetup.exe
C:\Users\Talha\AppData\Local\Temp\Quarantine.exe
C:\Users\Talha\AppData\Local\Temp\rootsupd.exe
C:\Users\Talha\AppData\Local\Temp\safeguard.exe
C:\Users\Talha\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Talha\AppData\Local\Temp\Setup.exe
C:\Users\Talha\AppData\Local\Temp\sonarinst.exe
C:\Users\Talha\AppData\Local\Temp\SpOrder.dll
C:\Users\Talha\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Talha\AppData\Local\Temp\sqlite3.dll
C:\Users\Talha\AppData\Local\Temp\stubhelper.dll
C:\Users\Talha\AppData\Local\Temp\supoptsetup.exe
C:\Users\Talha\AppData\Local\Temp\uninst1.exe
C:\Users\Talha\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Talha\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Talha\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Talha\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
Task: {17A3A0F5-47C3-4705-8509-D79F36A366C3} - \BlockAndSurf_wd No Task File <==== ATTENTION
Task: {61A3C14B-31D1-4E81-8931-E4B1738FA153} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {7C903633-2E3B-4E33-8A85-C5D08CD62064} - \The Bluetooth service discovery No Task File <==== ATTENTION
Task: {85FC3EE8-9B43-48F8-AD80-A469063D3D2E} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {9DF792F9-E022-4C1F-930C-C1A6BABEEB13} - System32\Tasks\PCSpeedClean_Start => C:\Program Files (x86)\PC Speed Clean\PCSpeedClean.exe
Task: {B62A93B8-7A1D-48B2-B148-54B1241DFF6A} - System32\Tasks\PCSpeedClean_Popup => C:\Program Files (x86)\PC Speed Clean\Splash.exe
2015-07-22 12:23 - 2015-07-22 12:22 - 08016301 _____ () C:\Program Files (x86)\Comfortable Tie\Comfortable Tie.exe
2013-08-27 09:22 - 2013-08-27 09:22 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
FirewallRules: [{EA1C220A-01EB-4697-86B1-7836F77ECC7E}] => (Allow) C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe
FirewallRules: [{C6E9C316-A702-4D5E-8DFA-A65822742F32}] => (Allow) C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe
FirewallRules: [{881DEFA1-1AF6-4FA4-9A66-3D7A0EC77990}] => (Allow) C:\Windows\SysWOW64\dfrg\minerd.exe
FirewallRules: [{B558EF90-479C-48E7-8537-41C3B9288B1C}] => (Allow) C:\Windows\SysWOW64\dfrg\minerd.exe
EmptyTemp:
end
*****************

Restore point was successfully created.
"C:\Windows\system32\GroupPolicy\Machine" => File/Folder not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1969155608-1376281966-1799279739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1969155608-1376281966-1799279739-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C2F19DC6-073A-460C-B7DB-4A60A5AFEAD2} => value not found.
HKCR\CLSID\{C2F19DC6-073A-460C-B7DB-4A60A5AFEAD2} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
C:\Users\Talha\AppData\Roaming\Mozilla\Firefox\Profiles\tzeqhkfn.default-1383672819588\Extensions\[email protected] not found.
Comfortable Tie => Service not found.
tor => Service not found.
"C:\Windows\SysWOW64\rsslogs.20150722125405" => File/Folder not found.
"C:\Program Files (x86)\Comfortable Tie" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150721215845" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150720210809" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150719201857" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150719141059" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150718185240" => File/Folder not found.
C:\Users\Talha\AppData\Roaming\appdataFr25.bin => moved successfully.
"C:\Windows\SysWOW64\rsslogs.20150718121232" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150718110222" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150718030142" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150717211357" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150717151111" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150716111008" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150715113852" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150714114323" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150713123714" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150713022817" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150713022237" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150713014931" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150711224822" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150711003942" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150710011326" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150708220250" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150707225209" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150707104340" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150705220353" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150705132337" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150704142144" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150702220249" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150701220250" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150630220723" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150630015522" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150628224847" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150628041157" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150626001942" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150624220255" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150624003320" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150622220255" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150622002741" => File/Folder not found.
"C:\Windows\SysWOW64\rsslogs.20150621003219" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\6_Offer_17.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\7-Zip.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\air6623.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\BackupSetup.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\b_unppxb.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\CloudBackup2636.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\ConsumerInputSetup.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\contentDATs.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\DCB6.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\dlLogic.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\dltr.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\E52F.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\FourFinders_di.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\GCVerifier.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll166499.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll168137.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll178028.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll3642514.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll3696506.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll3824754.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll3826735.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll3832070.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll4683150.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\installerdll4947244.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\install_flash_player_13_plugin.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\jpr.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\jzlpqx5i.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\LMkRstPt.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\lowproc.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\Nv3DVStreaming.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\nvSCPAPI.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\nvSCPAPI64.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\nvSCPAPISvr.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\nvStereoApiI.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\nvStereoApiI64.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\nvStInst.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\oi_{472D1EB6-5141-4F0F-853A-DD5AB4803AEB}.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\oi_{87D70E07-2304-4058-BA7F-4817479C3902}.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\OriginLauncher166499.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\OriginLauncher3824754.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\ose00000.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\PastaLeadsSetup.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\PCSpeedCleanSetup.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\Quarantine.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\rootsupd.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\safeguard.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\SecurityScan_Release.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\Setup.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\sonarinst.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\SpOrder.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\SpotifyUninstall.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\sqlite3.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\stubhelper.dll" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\supoptsetup.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\uninst1.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\vcredist_x64.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\vcredist_x86.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\vlc-2.1.2-win32.exe" => File/Folder not found.
"C:\Users\Talha\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17A3A0F5-47C3-4705-8509-D79F36A366C3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf_wd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61A3C14B-31D1-4E81-8931-E4B1738FA153} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C903633-2E3B-4E33-8A85-C5D08CD62064} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The Bluetooth service discovery => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FC3EE8-9B43-48F8-AD80-A469063D3D2E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF792F9-E022-4C1F-930C-C1A6BABEEB13} => key not found.
C:\Windows\System32\Tasks\PCSpeedClean_Start not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedClean_Start => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B62A93B8-7A1D-48B2-B148-54B1241DFF6A} => key not found.
C:\Windows\System32\Tasks\PCSpeedClean_Popup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedClean_Popup => key not found.
"C:\Program Files (x86)\Comfortable Tie\Comfortable Tie.exe" => File/Folder not found.
"C:\Program Files (x86)\Tor\tor.exe" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA1C220A-01EB-4697-86B1-7836F77ECC7E} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6E9C316-A702-4D5E-8DFA-A65822742F32} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{881DEFA1-1AF6-4FA4-9A66-3D7A0EC77990} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B558EF90-479C-48E7-8537-41C3B9288B1C} => value not found.
EmptyTemp: => 9.1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 12:18:41 ====
trah24 is offline  
Old 07-26-2015, 11:32 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello trah24,

Thanks for the log. Let's move on. Please do the below steps. Then please tell me, How is the machine behaving now? What problems do you still have?

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

=====================================================

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

========================================================

STEP 2

Your java is out of date.

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 51 from the following link
Download Free Java Software

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.

=======================================================

Things I need to see in your next post:
  • Malwarebytes Log
  • ESET log
  • What problems do you still have?
__________________
tekir06 is offline  
Old 07-28-2015, 11:15 PM   #14
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



Hello im almost done with everything youve requested. Im not entirely sure why but my computer was crashing really hard after the malware bytes scan and restart. But i finally have it running again. Anyhow im currently doing step 2 and then will post both logs and post what problems that are still present.
trah24 is offline  
Old 07-29-2015, 11:40 AM   #15
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3289663\UninstallerUI.exe.vir Win32/Toolbar.Conduit.AJ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Public\util\DTChk.exe.vir Win32/Toolbar.DefaultTab.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstr.sys.vir Win64/Adware.AddLyrics.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{ba5bdfa6-01ff-443c-b8f1-b66ac8b14b6c}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\BackupSetup.exe.xBAD MSIL/MyPCBackup.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\CloudBackup2636.exe.xBAD MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\ConsumerInputSetup.exe.xBAD Win32/Compete.B potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\dlLogic.exe.xBAD Win32/Toolbar.Conduit.AM potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\dltr.exe.xBAD Win32/Conduit.SearchProtect.AA potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\FourFinders_di.exe.xBAD Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\GCVerifier.dll.xBAD Win32/Toolbar.Conduit.AM potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\PCSpeedCleanSetup.exe.xBAD a variant of MSIL/Rebrand.LittleRegClean.E potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Talha\AppData\Local\Temp\supoptsetup.exe.xBAD multiple threats cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Chrome\Application\chrome.dll a variant of Win32/ExtenBro.BK trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdateHelper.dll a variant of Win32/ExtenBro.BK trojan cleaned by deleting - quarantined
C:\Users\Talha\AppData\Local\nsv68F3.tmp Win32/AnyProtect.E potentially unwanted application deleted - quarantined
C:\Users\Talha\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Talha\Downloads\Player_Setup.jse JS/TrojanDropper.Agent.NAJ trojan cleaned by deleting - quarantined
C:\Windows\Installer\37ca3a.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
Attached Files
File Type: txt Malwarebytes log.txt (122.1 KB, 17 views)
trah24 is offline  
Old 07-29-2015, 11:42 AM   #16
Registered Member
 
Join Date: Nov 2011
Posts: 33
OS: xp



Well I just finished everything and as of right now, it seems as if all the popups and slow down has finally ended! Im hoping it will stay like this but as for right now all the steps you told me to do seem to have worked! Thank you for the patience and help!
trah24 is offline  
Old 07-29-2015, 11:17 PM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

I'm glad to hear that.

Let's remove all tools and logs that we use.

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 08-01-2015, 11:02 PM   #18
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Surf Safely and Think Prevention!
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need assistance removing the Windows Recovery Virus
I am helping my brother's friend who's PC has been infected with the Windows Recovery Virus. I ran Malwarebytes numerous times. Each time it finds the virus and "removes" it but yet after every restart the virus is still there. I would have tried Combofix, but apparently it doesn't like the version...
tigerfansince84 Resolved HJT Threads 8 06-23-2011 06:23 AM
Infected! Not sure with what. Random audio ads with browser not open
Hello there. Thanks again for the help. I have picked up an infection, and can't seem to rid myself of it. I was going to format and reinstall, but I thought I'd try this first. Problems: I get script errors periodically even when browser is closed; I am being redirected from Google to sites...
squishyj Resolved HJT Threads 32 05-21-2011 08:52 AM
Random sounds and search browser doesn't work correctly
I had the fake antivirus show up on my computer which I thought I removed but in just the past 4 days I have been having random commercials and radio stations it sounds like on my computer when I'm not even doing anything. There are scripts that come up on my computer and my browser doesn't work...
abigail148 Windows XP Support 1 04-10-2011 07:12 PM
msvcr90.dll is not a valid
The application or dll. C:\programme files \ Norton 360\engine \4.3.0.5\ Microsoft.vc90.crt\msvcr90.dll is not valid windows image. Please check this against your installation diskette. Any help on this issue would be great. I have no access to the internet except through smart phone. ...
Andybriggz Virus/Trojan/Spyware Help 18 02-05-2011 12:06 PM
Virus opening internet browser tabs and searching random criteria
Hi, i know this is a common problem, but my internet browser, firefox, keeps opening random tabs and searching items, then pulling up dangerous pages. I know this must be a virus which is a pain the ***. Help please?
Liam9588 Resolved HJT Threads 1 01-03-2011 09:01 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:09 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts