Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crackle.com popup - help getting rid of it!


  • This topic is locked This topic is locked
63 replies to this topic

#1 spgreenfield

spgreenfield

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 19 September 2014 - 10:02 AM

I have searched the forums and general internet - tried a couple manual examples but nothing is complete.  Help?

 

Pam



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 19 September 2014 - 10:07 AM

Hello spgreenfield and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 21 September 2014 - 10:55 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 21 September 2014 - 02:35 PM

I am SO sorry - the computer is my husband's and he literally sits at it constantly!  I will try to complete my assignment this evening!

 

Pam



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 21 September 2014 - 03:49 PM

OK. Welcome Back!

 

Sincerely.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 22 September 2014 - 07:55 AM

Here you are - and thanks for your patience...had to get up earlier than he did to access the computer!!!

 

Pam

 

 

PS - not sure if I was "administrator" on the computer.  We do not have an administrator on this machine as it is a home machine. Had some issues with porting the data back into new OS (went from XP to Win 7) and had some odd file structures so tech talked me through dividing them.  Now on occasion I get denied access to folders in this ID, yet my settings in security are to have all access.  The security users listed in control panel don't even match what is listed on the login screen for the initial boot.  I hope the scan is complete enough.

Attached Files



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 22 September 2014 - 10:38 AM

Hi spgreenfield,
 
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)

 
 
Suggestions:
Please uninstall Kaspersky PURE 2.0, you have Microsoft Security Essentials running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.
 

Removal tool to uninstall Kaspersky Lab products

 

http://support.kaspersky.com/common/service.aspx?el=1464#block1

 

-----------------------------

 

Please run;

 

AVG Remover(64bit) 2014
(avg_remover_stf_x64_2014_4116.exe)

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Please uninstall the following applications:

 

Google Update Helper
Coupon Printer for Windows
AVG SafeGuard toolbar
AVG Secure Search or vToolbarUpdater
C:\Program Files (x86)\Perk Prize Panel
C:\Program Files\Enigma Software Group ---> SpyHunter

 

And please PC restart

 

------------------------------------------------------------------------------------------------------------

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\windows\system32\Drivers\lvuvc.hs
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

-------------------------------------------------------------------------------------------------------------------------------------------------------

 

Please let me know when you have completed this.

 

Sincerely.


Edited by olgun52, 22 September 2014 - 10:43 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 23 September 2014 - 08:32 AM

I've done everything but my computer says that the driver file is not found (see attached image)

 

Pam

 

 

Attached Files


Edited by spgreenfield, 23 September 2014 - 08:33 AM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 23 September 2014 - 01:25 PM

Hi spgreenfield,

 

Thank you. Did you make other operations ?.If you do, please proceed as follows.
 
-------------------
 
Step 1:

 

Run FRST fixlist

 

Please download the attached fixlist.txt  and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

Note: If not deleted , please try again in safe mode.

 

Step 2:
 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

Attached Files


Edited by olgun52, 24 September 2014 - 07:05 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 23 September 2014 - 10:18 PM

There is no combofix.txt logfile anywhere in my computer other than an old one from 2012 (that was imported into new computer apparently)  When the results came up I closed it assuming that it was already saved in the correct location.  I searched under the start/run bar for the specific combofix.txt file and all I found was the one from 2012.  I will re-run the combofix if you want me to.  So far my internet is acting completely weird - home page keeps changing - wouldn't go to new pages (like this one) without using open in a new tab command. 

 

And the only way I could get the FRST fixlist to run was in safe mode with networking.  So that is how I ran it.  (and I have not done any other "operations" other than attempt to follow your instructions - have not run any other programs at all)

 

Pam

Attached Files


Edited by spgreenfield, 24 September 2014 - 06:51 AM.


#11 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 23 September 2014 - 10:25 PM

PLEASE!  Now I cannot click normally on links in IE!  My husband is going to have fits over this!  I know you're busy but what can I do to change this?  It seems only to work (clicking on favorites only - links won't work) if I right click and hit open in a new window.  Please help..............so sorry....

 

Just in case it's relevant:

Links within Yahoo do NOT at all no matter what BUT msn links work fine

Facebook links work normally

favorites do not open on left click - must right click and open in new tab or new window

links in an email work fine

 

 

 

Pam


Edited by spgreenfield, 23 September 2014 - 10:54 PM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 24 September 2014 - 07:47 AM

Hi,
 
I don't see a very important issue. Please be patient with me during this time.

 --------------------------

Reset Internet Explorer:
 
first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

--------------
 
Step1:


Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 25 September 2014 - 08:44 AM

I am sorry if I was too frantic - I will be patient.  I wasn't able to complete the steps this morning but will attempt to get access to the computer tonight.  Thank you for your patience with me!

 

And when we get this all cleaned up is there ANYTHING I can install on my husband's machine that will PREVENT this from happening again?  We each have our own computer and use them most of the day....funny how MINE has never had such a problem??!!!!


Edited by spgreenfield, 25 September 2014 - 08:44 AM.


#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 25 September 2014 - 01:18 PM

OK.

You should not be installed 3rd party software to the computer.  Regular system maintenance should be made.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:09:13 PM

Posted 27 September 2014 - 08:31 AM

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/27/2014
Scan Time: 8:06:48 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.27.04
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 481339
Time Elapsed: 16 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

As for regular system maintenance goes, we have a virus program that scans daily, and I perform a MBAM scan every few weeks - usually in safe mode to detect as many items as possible.  Other than buying a big fancy pants program is there anything I can do that's reasonably priced?  I know that MBAM premium is a fee-based program - is it worth the fee for me with a husband who allows too much into his computer?

 

Pam

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users