Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware & pop up problems anyone help pls??


  • Please log in to reply
27 replies to this topic

#1 ter67

ter67

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 30 January 2014 - 07:01 PM

Hi folks i`m not to clued up with computers so was wondering if anyone could help me with a problem that ive had now for about a week and just cant get shot of any of it .The problem is `i think its malware but not 100% sure but ive started getting a lot of pop ups and the pc is just jumpimg onto different pop ups when i click to go onto any sites ,theres a blank page that appears and when i click on the X button top right of screen for it to go away ,it goes away and underneath is the original page i clicked on .

The blank page has "about blank" on it at the top left hand side for a cpl of secs and then it changes and says "Akamahd" ,also a pop-up keeps coming up with `Reg cleaner + another for spyhunter4 and every so often my anti virus which is free "avast" a box appears and a voice says ~(oh dear threat detected)

i`m using windows 7 and have used all the cleaners that the chap who usualy looks after my pc `he works offshore and is away for 2 wks, he installed malwarebytes +ccleaner+ive also run the avast scanner and they all say "no threats detected" .

Also i think this started when i had changed to opera browser to check out torrents and when i came back onto my usual firefox "i think" it could have started this of but not sure ,would be most greatful to anyone who can help me try getting this sorted, cheers.

 

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:51 AM

Posted 30 January 2014 - 11:32 PM

Hello -

CCleaner is not a "First line tool" for any infection, and I do not know how you used it.

Please download all listed tools to Desktop in the order listed, unless asked.

XP users should double click on tools to run them.

Vista, Win7/8 users Right click on the exe icon and select Run as administrator.

 

You may wish to print this page, and if you have any questions, please ask them.

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to run it.
Checkmark following boxes:

* List content of Hosts
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Click Go and Copy / Paste the result. (result.txt)

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

At most the tool will run for about 2 minutes

Please post the log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

If you have a copy of this on your desktop, open it and hit the Uninstall button and install a fresh version.

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
However alternate directions are left for thise that will not use Internet Explorer
Please read and follow How To Temporarily Disable Your Anti-virus during the scan.

1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the ESETOnliner Scanner button.

3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.

4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Finish with -

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

No log is opened or expected for this -

 

Thank You -



#3 ter67

ter67
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 01 February 2014 - 08:32 PM

Hi bud as i said i dont know vwery much about computers so please excuse for any mistakes ive done along the way with the s/ware you said to run and save .

I did what you said but when i got to the R/KILL download a voice came on with a popup saying "serious threat" or something like that i tried about 6 tiimes but it still never let me download it . and then when it got to the part (do not reboot your pc till you complete next step) if you have a copy of this on your desktop open it and hit the UNINSTALL button and install a fresh version ,but i didnt know where the UNINSTALL button was and i looked everywhere for this button and still couldnt find it sorry bout this` ive sent the repotrs that where saved to my desktop so if you could explain where the uninstall button is then i could try doing the lot all over again thanks for your help bud sorry i cant be more help to you .

i`m still getting pop-up boxes appearing with nothing in them just empty spaces and this blank page so once again thanks for everything .

 

ps  sorry bud but i cant seem to find the clipboard to send you the files from the downloads i`ll try and sus it out and send them on but need to go just now i`ll get back to you ok thanks bud .....


Edited by ter67, 01 February 2014 - 09:21 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:51 AM

Posted 01 February 2014 - 09:25 PM

Not to worry - This can also be our fault for not fully reading your post.

 

Your main problem is that the infection is playing silly games.

We often forget that many people are not sure what to do, so we jump in with both feet.

 

Now - Start with Item No #1. This is just to check on your security programs, see if they are up to date, and to see if the infection has altered anything.

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Now - Double click on the Blue Security Check link above and it will install a simple program.

When downloaded, it should leave an icon like a Padlock on your screen (99% of times). Now Right click on the icon and (near the top) select Run as administrator. 

A Black Box will open on your screen with very simple directions inside it. Please follow them.

This will take from 3 to 5 minutes (on average) to run and a notepad document called checkup.txt will be on your desktop when it finishes.

 

Please > Copy and Paste < that document back here.



#5 ter67

ter67
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 02 February 2014 - 02:37 PM

Hi hope this is what you wanted my friend i tried to put it into the clipboard but i couldnt sus out how to

get the clipboard up so i just copied and pasted to send the following file to you and thanks for

understanding i`m a rookie with computers lol thanks again bud some man cheers.....

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7  x86 (UAC is enabled)  
 [/b]
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.43  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled!
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:51 AM

Posted 02 February 2014 - 04:21 PM

No Problems, that was perfect -

At times the Tutorials are a bit over the top, and could be simpler.

Copy / Paste is the only way to reply in this area of the forum,

 

You can now Right click on the Padlock icon and select Delete. The result is now saved here.

Do the same with the output script (text report).

This should send them to Rubbish Bin, and we can remove them from there later.

 

If you can put up with me :) , I hope to find your problem, and teach you some "small computer program" workings.

 

Now we need to repeat that with the next step.

Please read it first, and generally follow the steps I left above.

 

Please download MiniToolBox to your desktop to run it.
Checkmark following boxes:

* List content of Hosts
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Click Go and again, Copy and Paste the result.

It is another notepad document called result.txt and is on your desktop.

 

There is a list of about 10 or 12 items there, but you only need to select (tick the boxes) of the items listed.

This will be much bigger (longer), and the computer will tell us what problems have happened recently, plus it will list your currently installed programs, to see if they cause problems, and a few other minor things,



#7 ter67

ter67
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 02 February 2014 - 10:04 PM

Hi bud heres the reult of the box that opened up after i did what you said to do

and its wether you can put up with me for long lol sorry i cant be of great help to you

thanks again ..

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Ter (administrator) on 03-02-2014 at 02:58:11
Running from "C:\Users\Ter\Desktop"
Microsoft Windows 7 Ultimate   (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2014 09:33:22 PM) (Source: Application Hang) (User: )
Description: The program WORDPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1730

Start Time: 01cf205e4e46acc1

Termination Time: 10

Application Path: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

Report Id: 91f525b0-8c51-11e3-945c-0013eff0d44c

Error: (02/02/2014 02:15:15 AM) (Source: Application Hang) (User: )
Description: The program WORDPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b4

Start Time: 01cf1fbc804c8ba0

Termination Time: 19

Application Path: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

Report Id: d81676d6-8baf-11e3-b255-0013eff0d44c

Error: (02/01/2014 04:12:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 26.0.0.5087, time stamp: 0x52a0d273
Faulting module name: xul.dll, version: 26.0.0.5087, time stamp: 0x52a0d20a
Exception code: 0xc0000005
Fault offset: 0x0014e1a8
Faulting process id: 0xf7c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (02/01/2014 01:45:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: playnowradio.exe, version: 1.1.0.2, time stamp: 0x52d35239
Faulting module name: playnowradio.exe, version: 1.1.0.2, time stamp: 0x52d35239
Exception code: 0xc0000005
Fault offset: 0x00028bee
Faulting process id: 0x1bc
Faulting application start time: 0xplaynowradio.exe0
Faulting application path: playnowradio.exe1
Faulting module path: playnowradio.exe2
Report Id: playnowradio.exe3

Error: (02/01/2014 00:39:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: SDScan.exe, version: 2.2.18.177, time stamp: 0x51949fa2
Faulting module name: peerdist.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdacc
Exception code: 0xc0000005
Fault offset: 0x740049a4
Faulting process id: 0xf68
Faulting application start time: 0xSDScan.exe0
Faulting application path: SDScan.exe1
Faulting module path: SDScan.exe2
Report Id: SDScan.exe3

Error: (01/31/2014 10:51:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDScan.exe, version: 2.2.18.177, time stamp: 0x51949fa2
Faulting module name: peerdist.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdacc
Exception code: 0xc0000005
Fault offset: 0x740049a4
Faulting process id: 0xb3c
Faulting application start time: 0xSDScan.exe0
Faulting application path: SDScan.exe1
Faulting module path: SDScan.exe2
Report Id: SDScan.exe3

Error: (01/31/2014 10:51:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDFiles.exe, version: 2.2.18.135, time stamp: 0x51949f73
Faulting module name: peerdist.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdacc
Exception code: 0xc0000005
Fault offset: 0x740049a4
Faulting process id: 0x49c
Faulting application start time: 0xSDFiles.exe0
Faulting application path: SDFiles.exe1
Faulting module path: SDFiles.exe2
Report Id: SDFiles.exe3

Error: (01/31/2014 10:50:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDFiles.exe, version: 2.2.18.135, time stamp: 0x51949f73
Faulting module name: peerdist.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdacc
Exception code: 0xc0000005
Fault offset: 0x740049a4
Faulting process id: 0x828
Faulting application start time: 0xSDFiles.exe0
Faulting application path: SDFiles.exe1
Faulting module path: SDFiles.exe2
Report Id: SDFiles.exe3

Error: (01/31/2014 02:01:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: SDScan.exe, version: 2.2.18.177, time stamp: 0x51949fa2
Faulting module name: peerdist.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdacc
Exception code: 0xc0000005
Fault offset: 0x740049a4
Faulting process id: 0x11b0
Faulting application start time: 0xSDScan.exe0
Faulting application path: SDScan.exe1
Faulting module path: SDScan.exe2
Report Id: SDScan.exe3

Error: (01/31/2014 01:47:04 AM) (Source: Application Error) (User: )
Description: Faulting application name: SDQuarantine.exe, version: 2.2.18.103, time stamp: 0x51949f92
Faulting module name: peerdist.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdacc
Exception code: 0xc0000005
Fault offset: 0x740049a4
Faulting process id: 0x120c
Faulting application start time: 0xSDQuarantine.exe0
Faulting application path: SDQuarantine.exe1
Faulting module path: SDQuarantine.exe2
Report Id: SDQuarantine.exe3


System errors:
=============
Error: (02/02/2014 03:16:27 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/02/2014 03:13:07 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/02/2014 00:41:47 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/02/2014 00:34:25 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/01/2014 09:10:48 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/31/2014 10:21:02 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/30/2014 09:44:08 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/30/2014 01:13:31 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

Error: (01/30/2014 01:13:31 AM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147943515.

Error: (01/30/2014 01:13:31 AM) (Source: Service Control Manager) (User: )
Description: The SSDP Discovery service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (02/02/2014 09:33:22 PM) (Source: Application Hang)(User: )
Description: WORDPAD.EXE6.1.7600.16385173001cf205e4e46acc110C:\Program Files\Windows NT\Accessories\WORDPAD.EXE91f525b0-8c51-11e3-945c-0013eff0d44c

Error: (02/02/2014 02:15:15 AM) (Source: Application Hang)(User: )
Description: WORDPAD.EXE6.1.7600.1638513b401cf1fbc804c8ba019C:\Program Files\Windows NT\Accessories\WORDPAD.EXEd81676d6-8baf-11e3-b255-0013eff0d44c

Error: (02/01/2014 04:12:38 AM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8f7c01cf1ed8f72e9f73C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll158848a5-8af7-11e3-a140-0013eff0d44c

Error: (02/01/2014 01:45:02 AM) (Source: Application Error)(User: )
Description: playnowradio.exe1.1.0.252d35239playnowradio.exe1.1.0.252d35239c000000500028bee1bc01cf1ed3b310dcabC:\Users\Ter\AppData\Local\playnowradio\playnowradio\1.3.3.12\playnowradio.exeC:\Users\Ter\AppData\Local\playnowradio\playnowradio\1.3.3.12\playnowradio.exe76c48bde-8ae2-11e3-a140-0013eff0d44c

Error: (02/01/2014 00:39:23 AM) (Source: Application Error)(User: )
Description: SDScan.exe2.2.18.17751949fa2peerdist.dll_unloaded0.0.0.04a5bdaccc0000005740049a4f6801cf1ee4bdf8f253C:\Program Files\Spybot - Search & Destroy 2\SDScan.exepeerdist.dll4b634a5e-8ad9-11e3-a140-0013eff0d44c

Error: (01/31/2014 10:51:15 PM) (Source: Application Error)(User: )
Description: SDScan.exe2.2.18.17751949fa2peerdist.dll_unloaded0.0.0.04a5bdaccc0000005740049a4b3c01cf1ed6504c4167C:\Program Files\Spybot - Search & Destroy 2\SDScan.exepeerdist.dll2ff14995-8aca-11e3-a140-0013eff0d44c

Error: (01/31/2014 10:51:03 PM) (Source: Application Error)(User: )
Description: SDFiles.exe2.2.18.13551949f73peerdist.dll_unloaded0.0.0.04a5bdaccc0000005740049a449c01cf1ed6e8bc7e77C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exepeerdist.dll291b5867-8aca-11e3-a140-0013eff0d44c

Error: (01/31/2014 10:50:19 PM) (Source: Application Error)(User: )
Description: SDFiles.exe2.2.18.13551949f73peerdist.dll_unloaded0.0.0.04a5bdaccc0000005740049a482801cf1ed69df9e918C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exepeerdist.dll0eae901a-8aca-11e3-a140-0013eff0d44c

Error: (01/31/2014 02:01:42 AM) (Source: Application Error)(User: )
Description: SDScan.exe2.2.18.17751949fa2peerdist.dll_unloaded0.0.0.04a5bdaccc0000005740049a411b001cf1e28025db6e9C:\Program Files\Spybot - Search & Destroy 2\SDScan.exepeerdist.dlla0ab1de9-8a1b-11e3-9acc-0013eff0d44c

Error: (01/31/2014 01:47:04 AM) (Source: Application Error)(User: )
Description: SDQuarantine.exe2.2.18.10351949f92peerdist.dll_unloaded0.0.0.04a5bdaccc0000005740049a4120c01cf1e25dbcbe8bbC:\Program Files\Spybot - Search & Destroy 2\SDQuarantine.exepeerdist.dll95514fab-8a19-11e3-9acc-0013eff0d44c


=========================== Installed Programs ============================

µTorrent (Version: 3.3.2.30446)
7-Zip 9.20
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43)
Ashampoo Burning Studio FREE v.1.12.0 (Version: 1.12.0)
avast! Free Antivirus (Version: 9.0.2013)
CCleaner (Version: 4.09)
Epson Easy Photo Print 2 (Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0009)
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
Extended Update
Foxit Reader (Version: 6.1.2.1224)
HP Product Detection (Version: 11.15.0009)
IrfanView (remove only) (Version: 4.37)
iSnooker version 2.2.43 R3 (Version: 2.2.43 R3)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
K-Lite Codec Pack 10.2.0 Full (Version: 10.2.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
MPC-HC 1.7.0 (Version: 1.7.0.7858)
Opera Stable 16.0.1196.80 (Version: 16.0.1196.80)
Picasa 3 (Version: 3.9)
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Spybot - Search & Destroy (Version: 2.2.25)
VLC media player 2.0.5 (Version: 2.0.5)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 2549.18 MB
Available physical RAM: 821.91 MB
Total Pagefile: 5096.64 MB
Available Pagefile: 2894.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.02 MB

========================= Partitions: =====================================

1 Drive c: (Windows 7) (Fixed) (Total:128.91 GB) (Free:95.77 GB) NTFS
2 Drive d: (BACKUP) (Fixed) (Total:20.04 GB) (Free:11.12 GB) NTFS
4 Drive f: (PKBACK# 001) (Removable) (Total:0.97 GB) (Free:0.8 GB) FAT32

========================= Users: ========================================

User accounts for \\TER-PC

Administrator            Guest                    Ter                      


**** End of log ****
 



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:51 AM

Posted 03 February 2014 - 05:09 AM

Again, the result is exactly what we need.
Always post back if I get too far ahead, and only do this one step at a time. (I will repeat this several times.)

ter67, on 03 Feb 2014 - 2:04 PM, said:
Hi bud heres the reult of the box that opened up after i did what you said to do
and its wether you can put up with me for long lol sorry i cant be of great help to you
thanks again ..

Hi -
I am not the fastest teacher, but if you wish to learn, we can complete all of these programs without any problems, and prep you for future help (if required).

I will think that you mostly use Internet Explorer, if I am wrong please tell me.

 

I will try to review your Errors, and get back later.



#9 ter67

ter67
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 03 February 2014 - 09:18 AM

Hi bud` thanks for everything thats good i`m sending you the correct info` and as you say it learns me how to deal with these 

type of things in future myself and imo your an excellent teacher ;-) fast enough for me .

And you where asking do i mostly use internet explorer,well no i never use IE its always firefox and now and again i`ll go into `opera to look for torrent sites although thats only once in a while i mostly use firefox for browsing and going into sites like FB+gmail+Ebay+YTube and places like these , thanks again for your help mate .i meant to add that the Ccleaner is in my pc because the guy that usually looks after it put it in  when i got the pc and he was fixing prog`s into it and this was one of them .

Hope i`m not getting to far ahead here but ive sent the RKill box thats came up on my desktop for you to look at ,here it is                                                

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)

http://splashurl.com/pzrew4k
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://splashurl.com/pzrew4kforums/topic308364.html

Program started at: 02/03/2014 02:10:17 PM in x86 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Ter\AppData\Local\playnowradio\playnowradio\1.3.3.12\playnowradio.exe (PID: 384) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/03/2014 02:10:56 PM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)
 



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:51 AM

Posted 03 February 2014 - 04:13 PM

Thanks for the info,

Now I can give you details on how to remove extensions and plugins from Firefox -

 

Further to rvzr-aakamaihdnet problem, please read This topic. Pay attention to this line

How to Disable Extensions and Plugins in Firefox - How to Remove Extensions/Uninstall Plugins in Firefox It solved the basic problem last time.

 

 

The detection of playnowradio.exe is one reason why you are hearing those "odd voices".

Use this program (as described) to finish removal of it.

 

Dr.Web CureIt! is a program like Kaspersky Antivirus (Russian), and should detect and remove infections, after you remove any of the Extensions / Plugins from your Firefox.

 

This requires Safe Mode, and the tutorial is at the top of the Windows 7 forum area.

 

Download Dr.Web CureIt! and save it in desktop.

  • Download Security Space Pro 7.0 (32/64-bit), save it in desktop.
  • Reboot computer to Safe Mode (press F8 before any Microsoft logo appears).
  • Double click "cureit.exe" on desktop, follow on screen instructions to scan hard disk.
    (Wait patiently, it may take 20-60 minutes to perform an express scan.)
  • After scanning is done, select all viruses found and choose "Cure".
    (If some files are not suitable to be cured, choose "Quarantine" or "Delete".)
  • When all viruses found are cured, quarantined, or deleted, reboot to Normal Mode.
  • Uninstall existing anti-virus software which cannot kill the viruses, and then reboot again.
  • Locate the setup file of Security Space Pro on desktop, double click to run it.
    =>>(For step-by-step procedures, please refer to installation video guide.)
  • During setup, choose to "obtain a demo key."
  • After first time update, the scanner will be launched again, quit the scanner at this point.
  • Complete the setup by rebooting computer.
  • When time is allowed (may need several hours), perform a full scan in Dr.Web Scanner.
  • NOTE :
  • When doing a full scan by another Antivirus please read How To Temporarily Disable Your Anti-virus


#11 ter67

ter67
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 05 February 2014 - 06:57 PM

Hi bud back again and i dont know whats going on here but this last part just isnt playing the game with me here.

>>>> after the part uninstall existing anti virus software i then set it to safe mode again and attemted to do what is said in the tuitorial but i never got any further than the 1st step` a box opened up which was about the languages and it was already set at "(english united states) then a box came up with a RED X i take it it`s a warning thing?  and said something like "cant install in safe mode" i`m sorry so stupid i never wrote it down                                                                                                                                                                                                                                                 

So i just rebooted out of safe mode and sent this to you straight away as i havent got an anti virus in my pc so will have to put avast back in temporarily till its sorted i take it???  i dont know much about computers but i think they need an anti virus.   i thought i wouldv had probs with this part somehow cheers and thanks for everything bud as i said i wish i could be of more help to you .

 

This requires Safe Mode, and the tutorial is at the top of the Windows 7 forum area.

 

Download Dr.Web CureIt! and save it in desktop.

  • Download Security Space Pro 7.0 (32/64-bit), save it in desktop.
  • Reboot computer to Safe Mode (press F8 before any Microsoft logo appears).
  • Double click "cureit.exe" on desktop, follow on screen instructions to scan hard disk.
    (Wait patiently, it may take 20-60 minutes to perform an express scan.)
  • After scanning is done, select all viruses found and choose "Cure".
    (If some files are not suitable to be cured, choose "Quarantine" or "Delete".)
  • When all viruses found are cured, quarantined, or deleted, reboot to Normal Mode.
  • Uninstall existing anti-virus software which cannot kill the viruses, and then reboot again.
  • Locate the setup file of Security Space Pro on desktop, double click to run it.
     
  • THIS is where i got to before it said "cant install in safe mode"


#12 ter67

ter67
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 06 February 2014 - 01:11 PM

Hi when i downloaded Dr web curit! and saved to desktop ,then i done the same with Security space pro 7.0(32/64-bit) and saved that to desktop .

Then i went into "safe mode" and run the dr web curit and it done it fine, but when i clicked on the Security space pro 7" part and tried to do what was asked it just run for a cpl of sec`s as i said till the language box opened up saying (english  united states) then a box appeared saying "you cannot install in safe mode" so thats when i stopped and rebooted to normal mode.



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:51 AM

Posted 06 February 2014 - 05:26 PM

>>>> after the part uninstall existing anti virus software i then set it to safe mode again

"you cannot install in safe mode" so thats when i stopped and rebooted to normal mode.

Hi -

You almost did exactly what was required, but please re-read the directions.

 

You must learn to Read the directions Fully, or Ask first (as you have done now).

 

First the line in brackets reads =>

(If some files are not suitable to be cured, choose "Quarantine" or "Delete".)

 

Then the next 2 lines read =>

When all viruses found are cured, quarantined, or deleted, reboot to Normal Mode.

Uninstall existing anti-virus software which cannot kill the viruses, and then reboot again.

 

NOTE - You are now in Normal Mode and Safe Mode is not required any more -

You are meant to run the second part in Normal Mode -

 

So Uninstall MSE from Programs and Features, in Control panel First.

Now run part 2 of the program, and run it in Normal Mode

 

Then Re - Install M.S.E. from the direct link below.
http://windows.microsoft.com/en-US/windows/products/security-essentials

 

 

 

I have just highlighted the parts you did not read or understand in Green



#14 ter67

ter67
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:scotland
  • Local time:02:51 AM

Posted 06 February 2014 - 07:48 PM

Hi Thanks for getting back to me bud so sorry about all this but i know i`m a bit slow at catching up lol .

I actualy sussed that part out that i didnt need to be in safe mode when downloading the av  .but when i let it run and install and thought that everything would be finished up came more pop-up boxes about the FIREWALL saying >>>(Dr web web firewall notifications) sytem process

dr web firewall has has detected network activity.

APPLICATION NAME - system process

APP/C                         -

DIGITAL SIG/TURE.    - N/A

LOCAL ADDRESS     -

 and so on also this box kept opening up and just wouldn`t go away even when i tried to delete it and it was as if the internet was off`but it said "internet connection" down on my taskbar at the little tv symbol i got on it at the clock. when i tried to click into anything it wouldnt open up ,like google or anything just wouldnt open any sites i even clicked to open taskbar and tried to shut it down .another box  right hand side" saying (DR WEB ANTI VIRUS) some connections were blocked by dr web firewall while there was no user logged on .then it asked (do you want to review them). but it seems to be about the firewall now which i havent a clue about so i left it and deleted the anti virus after i rebooted .So now i`ll do as you`v said although have i got problems with my firewall do you think ?? thanks a lot for your help my friend and very greatfull to you .



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:51 AM

Posted 06 February 2014 - 07:59 PM

No Problems -

 

Just run as above, and we will look at other options after this -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users