Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crazy flash player popup and other popups


  • Please log in to reply
20 replies to this topic

#1 AngelaEliz

AngelaEliz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 January 2015 - 12:05 PM

I have a dell, about 6 years old, Vista operations system.  I keep getting re-directed when i go to any website; causes a download of adobe flashplayer and goes to a flashplayer screen, can't really get back to the site i was at.  I never open that download; my computer says it could harm my computer and I well believe it.  This issue is very problematic as i find I can't scroll down or read in most sites more than a second or two tops.  How can I get rid of it? I have cleaned my computer with spybot search, Ccleaner, and at least one other cleaner. All are free versions.  What steps can I take to get rid of the excessive computer repair popups and this crazy flashplayer problem? I am not that computer savey but I can follow steps provided and maybe get rid of my issues so I can read stuff other then emails: It does not happen in my email accounts or on fb. Other than that; the problems are constant.

Angela



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 26 January 2015 - 12:19 PM

Hello and welcome Angela

I moved this from Vista to the Am I Infected forum so we can scan it.
 
Please run these....

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Allan

Allan

  • BC Advisor
  • 8,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:08:38 PM

Posted 26 January 2015 - 12:20 PM

Your system is infected. I've asked the staff to move this to the appropriate forum.



#4 AngelaEliz

AngelaEliz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 January 2015 - 12:59 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by angela (administrator) on 26-01-2015 at 12:38:43
Running from "C:\Users\angela\Downloads"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
 
There are 15239 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : angela-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
   Physical Address. . . . . . . . . : 00-1A-A0-89-6E-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, January 25, 2015 3:24:29 PM
   Lease Expires . . . . . . . . . . : Thursday, March 04, 2151 7:10:57 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    google.com
Addresses:  2a00:1450:4006:803::2000
 204.186.48.18
 204.186.48.24
 204.186.48.32
 204.186.48.52
 204.186.48.46
 204.186.48.45
 204.186.48.53
 204.186.48.25
 204.186.48.59
 204.186.48.39
 204.186.48.31
 204.186.48.38
 
 
 
Pinging google.com [204.186.48.18] with 32 bytes of data:
 
Reply from 204.186.48.18: bytes=32 time=14ms TTL=61
 
Reply from 204.186.48.18: bytes=32 time=13ms TTL=61
 
 
 
Ping statistics for 204.186.48.18:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 13ms, Maximum = 14ms, Average = 13ms
 
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
Reply from 206.190.36.45: bytes=32 time=88ms TTL=54
 
Reply from 206.190.36.45: bytes=32 time=87ms TTL=54
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 87ms, Maximum = 88ms, Average = 87ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
  8 ...00 1a a0 89 6e 78 ...... Intel® 82562V-2 10/100 Network Connection
  1 ........................... Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    276
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/23/2015 07:35:51 PM) (Source: Application Hang) (User: )
Description: The program s336.exe version 3.1.33.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 734
Start Time: 01d0376d81adac30
Termination Time: 26
 
Error: (01/14/2015 03:18:15 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (01/14/2015 03:18:15 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (01/04/2015 05:18:26 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ANGELA\DOCUMENTS\GLUTEN BLOG\MEYER LEMON SQUARES 1-15.DOC> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/01/2015 05:08:02 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 39.0.2171.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17ac
Start Time: 01d01655d185f5b4
Termination Time: 41058
 
Error: (01/01/2015 05:07:08 PM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 11.0.8411.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1e64
Start Time: 01d024fd5ca943b8
Termination Time: 3970
 
Error: (12/10/2014 03:13:33 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (12/10/2014 03:13:32 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (12/07/2014 09:27:54 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ANGELA\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\2014-12-07 BREAKERS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/07/2014 09:27:54 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\ANGELA\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\2014-12-07 BREAKERS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (01/26/2015 00:32:09 PM) (Source: Print) (User: angela-PC)
Description: The document Microsoft Word - Document2, owned by angela, failed to print on printer Lexmark Pro200 Series (USB). Try to print the document again, or restart the print spooler. 
Data type: LEMF. Size of the spool file in bytes: 149254. Number of bytes printed: 149254. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\ANGELA-PC. Win32 error code returned by the print processor: Microsoft Word - Document20. Microsoft Word - Document21
 
Error: (01/26/2015 11:54:15 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/26/2015 11:54:12 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/26/2015 00:34:05 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/26/2015 00:34:03 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/25/2015 03:24:35 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{679F7B2C-BC91-4867-9D4A-5D866A8BED66} because another computer on the network has the same name.  The server could not start.
 
Error: (01/25/2015 03:24:27 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 001AA0896E78 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
 
Error: (01/25/2015 01:38:37 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/25/2015 01:38:35 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (01/25/2015 01:36:46 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2015 07:35:51 PM) (Source: Application Hang)(User: )
Description: s336.exe3.1.33.073401d0376d81adac3026
 
Error: (01/14/2015 03:18:15 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (01/14/2015 03:18:15 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (01/04/2015 05:18:26 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\ANGELA\DOCUMENTS\GLUTEN BLOG\MEYER LEMON SQUARES 1-15.DOC
 
Error: (01/01/2015 05:08:02 PM) (Source: Application Hang)(User: )
Description: chrome.exe39.0.2171.9517ac01d01655d185f5b441058
 
Error: (01/01/2015 05:07:08 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8411.01e6401d024fd5ca943b83970
 
Error: (12/10/2014 03:13:33 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (12/10/2014 03:13:32 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (12/07/2014 09:27:54 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\ANGELA\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\2014-12-07 BREAKERS.LNK
 
Error: (12/07/2014 09:27:54 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\ANGELA\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\2014-12-07 BREAKERS.LNK
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-18 02:56:47.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-18 02:56:46.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-18 02:56:46.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-18 02:56:45.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-18 02:53:26.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-18 02:53:25.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-18 02:53:25.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-18 02:53:24.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-17 16:33:22.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-17 16:33:21.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.97 - NOS Microsystems Ltd.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Refresh Manager (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)
doPDF 6.2  printer (HKLM\...\doPDF 6  printer_is1) (Version:  - Softland)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Jacquie Lawson Circus (HKLM\...\JLCircus) (Version: 1.0.2 - MicroCourt Limited)
Jacquie Lawson Circus (Version: 1.0.2 - MicroCourt Limited) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Jobulator (HKLM\...\Jobulator) (Version: 4.01 - Frontline Technologies)
Jobulator (Version: 4.01 - Frontline Technologies) Hidden
Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word 2003 (HKLM\...\{901B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Web Components (HKLM\...\{90260409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird (2.0.0.21) (HKLM\...\Mozilla Thunderbird (2.0.0.21)) (Version: 2.0.0.21 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5408 - Realtek Semiconductor Corp.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
ShopAtHome.com Helper (HKLM\...\ShopAtHome.com Helper) (Version: 7.0.0.0 - ShopAtHome.com)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Swiss Converter (HKLM\...\SwissConverter) (Version: 1.0 - GoldBar Ventures LTD)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VideoDownloadConverter Internet Explorer Toolbar (HKLM\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 55%
Total physical RAM: 3060.45 MB
Available physical RAM: 1359.2 MB
Total Pagefile: 6433.14 MB
Available Pagefile: 3863.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.18 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:465.76 GB) (Free:340.7 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ANGELA-PC
 
Administrator            angela                   Guest                    
 
 
**** End of log ****
 


#5 AngelaEliz

AngelaEliz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 January 2015 - 02:18 PM

Stuff from Adwcleaner:

# AdwCleaner v4.109 - Report created 26/01/2015 at 13:56:42
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Local]
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : angela - ANGELA-PC
# Running from : C:\Users\angela\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\internethelper3.1
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\SpeedItup Free
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Program Files\VideoDownloadConverter
Folder Deleted : C:\Program Files\VideoDownloadConverter_4z
Folder Deleted : C:\Program Files\SearchDonkey
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Users\angela\AppData\Local\DownloadTerms
Folder Deleted : C:\Users\angela\AppData\Local\iac
Folder Deleted : C:\Users\angela\AppData\Local\VideoDownloadConverter_4z
Folder Deleted : C:\Users\angela\AppData\Local\CrashRpt
Folder Deleted : C:\Users\angela\AppData\Local\speed browser
Folder Deleted : C:\Users\angela\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\angela\AppData\LocalLow\iac
Folder Deleted : C:\Users\angela\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\angela\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\angela\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\angela\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\angela\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\angela\AppData\Roaming\PC Health Kit
Folder Deleted : C:\Users\angela\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\Extensions\addon@defaulttab.com.xpi
Folder Deleted : C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\Extensions\support@searchdonkeyapp.com
File Deleted : C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\searchplugins\Conduit.xml
File Deleted : C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
FYI: TDSSKiller did not find anything infected or suspicious.
angela


#6 ami94

ami94

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 26 January 2015 - 02:29 PM

Have you tried to run malwarebytes?



#7 AngelaEliz

AngelaEliz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 January 2015 - 02:33 PM

Junkware results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by angela on Mon 01/26/2015 at 14:19:52.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1A943B02-2C44-43b4-8B00-A6A15C81B13C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\angela\Local Settings\Application Data\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/26/2015 at 14:24:06.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
so far so good? 
angela


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 26 January 2015 - 03:38 PM

Ok, good ,,ESET can take a while.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 AngelaEliz

AngelaEliz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 January 2015 - 04:08 PM

Results of ESET SCAN: 

C:\Users\All Users\Setup.exe a variant of MSIL/Adware.PullUpdate.J.gen application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter\VDCScriptHelper.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbprtct.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll.vir a variant of Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\EXEMANAGER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\VERIFY.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\ThirdPartyInstallers\VideoDownloadConverterSetup.exe.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\angela\AppData\Local\DownloadTerms\temp.dat.vir a variant of Win32/AdWare.Toolbar.AmyBar.A application cleaned by deleting - quarantined
C:\dell\drivers\zaSetup_80_298_000_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\ProgramData\Setup.exe a variant of MSIL/Adware.PullUpdate.J.gen application cleaned by deleting - quarantined
C:\Users\angela\AppData\Local\temp\n336\s336.exe a variant of MSIL/Solimba.B potentially unwanted application deleted - quarantined
C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ctypes\FirefoxCtype.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\angela\AppData\Roaming\Mozilla\Firefox\Profiles\1o4x8vq9.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\Plugins\npFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\Adobe Flash Player.exe a variant of MSIL/Solimba.AK.gen potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\ARO2010_tbt.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\ARO2012_tbt.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\cbsidlm-cbsi188-Free_MP4_Player-SEO-75965047.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\ccsetup315.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\angela\Downloads\ccsetup317.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\angela\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\angela\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\angela\Downloads\hotmusicdownloads_1602.exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\setup (1).exe a variant of Win32/OutBrowse.BQ potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\Setup.exe a variant of Win32/SoftPulse.S potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\SoftonicDownloader_for_vlc-media-player.exe a variant of Win32/SoftonicDownloader.G potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\SwissConverter_TSV16T8YO.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\angela\Downloads\update (1).exe a variant of Win32/AdWare.iBryte.AC application cleaned by deleting - quarantined
C:\Users\angela\Downloads\update (2).exe a variant of Win32/AdWare.iBryte.AB application cleaned by deleting - quarantined
C:\Users\angela\Downloads\update.exe a variant of Win32/AdWare.iBryte.V.gen application cleaned by deleting - quarantined
C:\Users\angela\Pictures\zaSetup_92_057_000_en.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application deleted - quarantined
C:\Windows\System32\Websteroids.B324755F3F87.2.6.80.dll a variant of MSIL/Adware.PullUpdate.C application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Websteroids.B324755F3F87.2.6.80.dll a variant of MSIL/Adware.PullUpdate.C application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Websteroids.exe a variant of MSIL/Adware.PullUpdate.D application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\WebsteroidsService.exe a variant of MSIL/Adware.PullUpdate.A application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\WebsteroidsUpdate.exe MSIL/Adware.PullUpdate.I application cleaned by deleting - quarantined
 
what next??
angela


#10 ami94

ami94

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 26 January 2015 - 04:21 PM

quarantine all of them it might ask you to reboot the system in order to complete the removal process. (most of them have already been quarantine by adwcleaner), so they're not a real threat.



#11 ami94

ami94

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 26 January 2015 - 04:23 PM

please check trought the add-on of firefox if there are ay suspicious adds and remove them also check for installed programs in the control panel.



#12 AngelaEliz

AngelaEliz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 January 2015 - 04:26 PM

One of the scans;i think the second last one automatically rebooted the computer,  I just went to amazon.com and had no pop ups and was able to navigate to look at stuff without out all the crap.  I am guessing all is fixed?? I am thrilled and so relieved.  Anything else to do?  What can I do in the future to avoid this horrific problem?

Thank you so much for the great instructions and all of the help!

Angela



#13 AngelaEliz

AngelaEliz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 26 January 2015 - 04:30 PM

please check trought the add-on of firefox if there are ay suspicious adds and remove them also check for installed programs in the control panel.

what is the add-on? i found add-ons on mozilla, never added any before but could they have been added illicitly? how do I check for that?


Edited by AngelaEliz, 26 January 2015 - 04:35 PM.


#14 ami94

ami94

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 26 January 2015 - 04:41 PM

don't worry if it look fine that means that has already been fixed.

 

by the way these are the add-ons:

How do I find and install add-ons?

Here is an overview to get you started:

  1. At the top of the Firefox window, click on the Firefox buttonOn the menu bar, click on the Tools menuAt the top of the Firefox window, click on the Tools menu, and then click Add-ons. The Add-ons Manager tab will open. Click the menu button 2014-01-10-13-08-08-f52b8c.png and choose Add-ons. The Add-ons Manager tab will open.

  2. In the Add-ons Manager tab, select the Get Add-ons panel.
  3. To see more information on a Featured Add-on or Theme, click it. You can then click the green Add to Firefox button to install it.
    • You can also search for specific add-ons by using the search box at the top. You can then install any add-ons you find with the Install button. placeholder.gif placeholder.gif placeholder.gif placeholder.gif placeholder.gif placeholder.gif 2014-03-20-12-26-16-8fd308.png2014-03-20-12-25-57-f5b615.png placeholder.gifplaceholder.gif placeholder.gifplaceholder.gif
  4. Firefox will download the requested add-on and may ask you to confirm that you want to install it.
  5. Click Restart Now if it pops up. Your tabs will be saved and restored after the restart.

Some extensions place an icon in the Add-on Bar after installation. For more information, see The Add-on Bar gives you quick access to add-on features.Some extensions place a button in the toolbar after installation. You can remove those or move them into the menu if you want - see Customize Firefox controls, buttons and toolbars.

If you want to uninstall an add-on, see Disable or remove Add-ons.



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 26 January 2015 - 05:02 PM

This looks good... How is it running after these.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
>>>

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.
    >>>>
    Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
    • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
    • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
    • Click the Scan Now button, a threat scan will start automatically.
    • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
    • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users