Jump to content

kristina

Advanced Member
  • Content Count

    370
  • Joined

  • Last visited

Everything posted by kristina

  1. Ok thank you I'll add those too. Thank you for all of your help I appreciate it.
  2. I was on pogo.com just the main page my I was signed in and just left the page up I was using FireFox because chrome seems to be working great I wanted to see if FireFox was good and after about 20 minutes pogos page changed to this. I never save it because I don't know if it's real but I'm pretty sure that site has problems and telling them is like talking to a wall because they will blame my computer has malware or adware or a virus. This is my version of Flash You have version 26,0,0,131 installed
  3. Just wondering is do you have a newer version of CCleaner link? My version is v5.16.5551.
  4. I fixed the java on that site some games use java and some use flash. I played last night left my name in a room to see if it booted me to a different page it didn't so hopefully the problem is fixed. Thank you so much for all of your help.
  5. Chrome is new I finally got it to download a fresh new copy so everything is gone that was on there. Firefox too but when I use IE which I don't ever use I tried going to this again https://www.java.com/en/download/installed.jspbut IE keeps giving me a problem with this webpage caused Internet Explorer to close and open a new tab. Java still won't open in control panel.
  6. I have not done the browser things yet I will now. Emsisoft Emergency Kit - Version 2017.4 Last update: 6/20/2017 2:06:15 PM User account: Kristina-HP\Kristina Computer name: KRISTINA-HP OS version: Windows 7x64 Service Pack 1 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Direct disk access: Off Scan start: 6/20/2017 2:08:01 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} detected: Application.AdReg (A) [272128] Scanned 110081 Found 1 Scan end: 6/20/2017 2:36:35 PM Scan time: 0:28:34 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Application.AdReg (A) Quarantined 1
  7. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/20/17 Scan Time: 10:49 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2192 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kristina-HP\Kristina -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 492848 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 12 min, 40 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  8. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/19/2017 Scan Time: 10:30 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.06.19.09 Rootkit Database: v2017.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kristina Scan Type: Threat Scan Result: Completed Objects Scanned: 438236 Time Elapsed: 30 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\UCBrowserPID, , [a66ff74aaffa280ed9333fa627da09f7], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  9. I was using firefox before got a similar popup like the one I showed you. I reinstalled google chrome but it's exactly how I had it before everything is still on my google chrome as it was before nothing got deleted. I go to www.pogo.com
  10. Just reinstalled google chrome and everything is still there all my bookmarks my main google page is still the same.
  11. Yes to it all but I haven't redownloaded chrome yet. So when I'm playing on that site and the page changed to one of those popups or a porn page or a survey page it's not my computer it's the game sites? Trying to get help from them is no use they blame everything on everyone's computer others get booted but not to the sites that I'm getting booted to.
  12. Ugh I went to see if I could play on the site I play on I lasted almost an hour before getting kicked out and it going to another page. This popup is from the other day it's what it usually goes to when it kicks me off the site or the time warner survey.
  13. It removed it but let it pinned to my taskbar and in start but it's deleted.
  14. It wouldn't let me attach it but it let me copy and paste then sent me to another page to make sure I'm not a robot.
  15. Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01 Ran by Kristina (16-06-2017 19:46:31) Run:2 Running from C:\Users\Kristina\Desktop Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation) S3 clwvd; system32\DRIVERS\clwvd.sys [X] 2017-05-08 10:43 - 2017-04-20 09:17 - 0050720 _____ (HP Inc.) C:\Users\Kristina\AppData\Local\Temp\ACLMInstaller.exe 2017-05-30 17:07 - 2017-05-30 17:07 - 0739904 _____ (Oracle Corporation) C:\Users\Kristina\AppData\Local\Temp\jre-8u131-windows-au.exe CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File Task: {4B4D3367-34BE-469F-B8CD-5BF906E62E02} - System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe CMD: ipconfig /flushdns EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => key removed successfully C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL => not found. C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll => moved successfully HKLM\System\CurrentControlSet\Services\clwvd => key removed successfully clwvd => service removed successfully C:\Users\Kristina\AppData\Local\Temp\ACLMInstaller.exe => moved successfully C:\Users\Kristina\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B4D3367-34BE-469F-B8CD-5BF906E62E02} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B4D3367-34BE-469F-B8CD-5BF906E62E02} => key removed successfully C:\Windows\System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => key not found. => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe => Error: No automatic fix found for this entry. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60608262 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 26405634 B Edge => 0 B Chrome => 170413909 B Firefox => 242834300 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B Kristina => 49872924 B New User => 0 B newac => 0 B RecycleBin => 103260 B EmptyTemp: => 532.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:48:58 ====
  16. Restarted tried again with the link you gave me but it won't verify it and in control panel Java still won't open up for me.
  17. I reset all of them google doesn't seem to delete anything all my bookmarks are still there on firefox it deleted all my bookmarks I don't know what's up with chrome. It won't let me even send you the FRST log through PM. For some reason chrome, firefox and IE won't let me check with the link you gave me. Java won't even open for me in control panel going to restart and see if that makes it work.
  18. Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.06.18.01 rootkit: v2017.05.27.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18697 Kristina :: KRISTINA-HP [administrator] 6/18/2017 1:00:58 AM mbar-log-2017-06-18 (01-00-58).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 482444 Time elapsed: 2 hour(s), 6 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  19. No idea, when I try to post the results to post #10 it's not letting it through. I went to the site I play on last night and it lets me play for a few minutes then it changes my page to saying I have a virus I don't know how to post a picture to show you it. When I edit this post to try and add it on here it won't let it go through either. I tried chrome, firefox going to try IE now. IE won't let me post it either.
  20. I just tried to post again on the HJT post and it's not letting me.
  21. I can't post on the other post should I post it here?
  22. Zemana AntiMalware 2.74.2.4 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2017/6/16 Operating System : Windows 7 64-bit Processor : 2X AMD Phenom II P650 Dual-Core Processor BIOS Mode : Legacy CUID : 12E6866742A6497A2FE847 Scan Type : System Scan Duration : 32m 18s Scanned Objects : 126755 Detected Objects : 9 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- TLRemove Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\hneieddeibpcngeljjkdpcajfcgelalk MD5 : - Publisher : - Size : - Version : - Detection : PUA.ChromeExt!Gr Cleaning Action : Repair Related Objects : Browser Extension - TLRemove Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{413e9514-dd67-4d90-90ef-176243b59408}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{413E9514-DD67-4D90-90EF-176243B59408} Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{760a731f-d146-483e-9066-46b1389c5ab0}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{760A731F-D146-483E-9066-46B1389C5AB0} Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{933370c5-841d-4a70-a83d-495a880e9757}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{933370C5-841D-4A70-A83D-495A880E9757} Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{a8bdae69-37e5-4188-82c1-ce5b154d86ee}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{A8BDAE69-37E5-4188-82C1-CE5B154D86EE} Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{af6c0069-dc37-41cc-84ef-5c44bec96586}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{AF6C0069-DC37-41CC-84EF-5C44BEC96586} Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{dbe7d854-96c9-4f7f-a9b4-21cd998c1c79}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{dc735d85-101c-4d11-9734-4ce9a7706063}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{DC735D85-101C-4D11-9734-4CE9A7706063} Trojan:Win32/Poweliks Status : Scanned Object : %systemroot%\system32\tasks\{eb1e2209-03aa-4611-a735-2e5d7caa1e36}|c:\program files (x86)\internet explorer\iexplore.exe MD5 : - Publisher : - Size : - Version : - Detection : Fileless Malware Cleaning Action : Delete Related Objects : Scheduled Task - C:\Windows\System32\Tasks\{EB1E2209-03AA-4611-A735-2E5D7CAA1E36} Cleaning Result ------------------------------------------------------- Cleaned : 9 Reported as safe : 0 Failed : 0
  23. # AdwCleaner v6.047 - Logfile created 16/06/2017 at 16:21:36 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-16.2 [server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Kristina - KRISTINA-HP # Running from : C:\Users\Kristina\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com [-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [20770 Bytes] - [09/05/2016 01:19:58] C:\AdwCleaner\AdwCleaner[C2].txt - [4150 Bytes] - [09/06/2017 11:45:54] C:\AdwCleaner\AdwCleaner[C3].txt - [4439 Bytes] - [13/06/2017 01:03:08] C:\AdwCleaner\AdwCleaner[C4].txt - [1224 Bytes] - [16/06/2017 16:21:36] C:\AdwCleaner\AdwCleaner[R0].txt - [12767 Bytes] - [19/09/2014 05:14:40] C:\AdwCleaner\AdwCleaner[R1].txt - [4934 Bytes] - [06/05/2016 01:39:36] C:\AdwCleaner\AdwCleaner[s0].txt - [11424 Bytes] - [19/09/2014 05:17:54] C:\AdwCleaner\AdwCleaner[s1].txt - [20848 Bytes] - [09/05/2016 01:17:17] C:\AdwCleaner\AdwCleaner[s2].txt - [3882 Bytes] - [09/06/2017 11:41:35] C:\AdwCleaner\AdwCleaner[s3].txt - [4347 Bytes] - [13/06/2017 01:01:41] C:\AdwCleaner\AdwCleaner[s4].txt - [2218 Bytes] - [16/06/2017 15:49:23] ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1811 Bytes] ##########
  24. I still can't post the rest of the log, I was on that site and used chrome first got booted so I decided to use firefox got booted and sent to a site that said my microsoft was compromised. I don't know if it's my computer or the website others get cripes errors someone don't get booted at all. Also sometimes firefox wants me to download something I never do believe it has something to do with java but my java updates itself.
×
×
  • Create New...