Jump to content
Sign in to follow this  
kristina

Think I have a hidden virus

Recommended Posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01

Ran by Kristina (16-06-2017 19:46:31) Run:2

Running from C:\Users\Kristina\Desktop

Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac)

Boot Mode: Normal

==============================================


fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation)

S3 clwvd; system32\DRIVERS\clwvd.sys [X]

2017-05-08 10:43 - 2017-04-20 09:17 - 0050720 _____ (HP Inc.) C:\Users\Kristina\AppData\Local\Temp\ACLMInstaller.exe

2017-05-30 17:07 - 2017-05-30 17:07 - 0739904 _____ (Oracle Corporation) C:\Users\Kristina\AppData\Local\Temp\jre-8u131-windows-au.exe

CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File

Task: {4B4D3367-34BE-469F-B8CD-5BF906E62E02} - System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe

=> C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe

CMD: ipconfig /flushdns

EmptyTemp:

Hosts:

End

*****************


Restore point was successfully created.

Processes closed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully

HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => key removed successfully

C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL => not found.

C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll => moved successfully

HKLM\System\CurrentControlSet\Services\clwvd => key removed successfully

clwvd => service removed successfully

C:\Users\Kristina\AppData\Local\Temp\ACLMInstaller.exe => moved successfully

C:\Users\Kristina\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully

HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B4D3367-34BE-469F-B8CD-5BF906E62E02} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B4D3367-34BE-469F-B8CD-5BF906E62E02} => key removed successfully

C:\Windows\System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => key not found.

=> C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe => Error: No automatic fix found for this entry.


========= ipconfig /flushdns =========



Windows IP Configuration


Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.


=========== EmptyTemp: ==========


BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60608262 B

Java, Flash, Steam htmlcache => 506 B

Windows/system/drivers => 26405634 B

Edge => 0 B

Chrome => 170413909 B

Firefox => 242834300 B

Opera => 0 B


Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 128 B

systemprofile32 => 0 B

LocalService => 0 B

NetworkService => 0 B

Kristina => 49872924 B

New User => 0 B

newac => 0 B


RecycleBin => 103260 B

EmptyTemp: => 532.7 MB temporary data Removed.


================================



The system needed a reboot.


==== End of Fixlog 19:48:58 ====

Share this post


Link to post
Share on other sites

It wouldn't let me attach it but it let me copy and paste then sent me to another page to make sure I'm not a robot.

Share this post


Link to post
Share on other sites

Ugh I went to see if I could play on the site I play on I lasted almost an hour before getting kicked out and it going to another page. This popup is from the other day it's what it usually goes to when it kicks me off the site or the time warner survey.

post-26329-0-60913800-1497839458_thumb.jpg

Share this post


Link to post
Share on other sites

ZEUS VIRUS DETECTED PopUp is a web browser tech support scam.

 

https://www.bleepingcomputer.com/virus-removal/remove-zeus-virus-detected-popups

 

When this happens, open task manager,right click on the bottom toolbar, when it opens click on 'show processes from all users', locate your browser, right click on that and select end task and it will close it out.

https://www.bleepingcomputer.com/tutorials/how-to-use-the-windows-task-manager/

~~~~~~~~~~~~~~~~~~~~~~~~`

 

When you ran Malwarebytes Anti-Malware, you allowed it to quarantine what was found right?

 

Same thing for AdwCleaner, when you used it you allowed it to remove/quarantine what was found?

 

You removed/uninstalled Google Chrome and downloaded and installed a new version right?

Share this post


Link to post
Share on other sites
DgW1XL2.pngSecunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.

Share this post


Link to post
Share on other sites

Yes to it all but I haven't redownloaded chrome yet. So when I'm playing on that site and the page changed to one of those popups or a porn page or a survey page it's not my computer it's the game sites? Trying to get help from them is no use they blame everything on everyone's computer others get booted but not to the sites that I'm getting booted to.

Share this post


Link to post
Share on other sites

Just reinstalled google chrome and everything is still there all my bookmarks my main google page is still the same.

Share this post


Link to post
Share on other sites

Just reinstalled google chrome and everything is still there all my bookmarks my main google page is still the same.

The pop up is still there?

 

browser hijacker is typically a java script or a polluted advertisement that is injected with a group of ads that rotate on sites and when called through redirection in a browser.

 

What is the gaming site that leads to these pop ups?

 

Please run CCleaner at this time and delete out Temp FIles

 

there are a couple of items that can be added to your browser to add protection.

Safe Script for Google Chrome

https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-US

 

NoScript for Firefox.

https://noscript.net/

Share this post


Link to post
Share on other sites

Open MalewareBytes

 

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
Please make sure to allow it to quarantine everything it finds.

Share this post


Link to post
Share on other sites

I was using firefox before got a similar popup like the one I showed you. I reinstalled google chrome but it's exactly how I had it before everything is still on my google chrome as it was before nothing got deleted. I go to www.pogo.com

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware

www.malwarebytes.org


Scan Date: 6/19/2017

Scan Time: 10:30 PM

Logfile:

Administrator: Yes


Version: 2.2.1.1043

Malware Database: v2017.06.19.09

Rootkit Database: v2017.05.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled


OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Kristina


Scan Type: Threat Scan

Result: Completed

Objects Scanned: 438236

Time Elapsed: 30 min, 8 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 1

PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\UCBrowserPID, , [a66ff74aaffa280ed9333fa627da09f7],


Registry Values: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Folders: 0

(No malicious items detected)


Files: 0

(No malicious items detected)


Physical Sectors: 0

(No malicious items detected)



(end)

Share this post


Link to post
Share on other sites

Please run CCleaner at this time and delete out Temp FIles

 

there are a couple of items that can be added to your browser to add protection.

Safe Script for Google Chrome

https://chrome.googl...dbdgdf?hl=en-US

 

NoScript for Firefox.

https://noscript.net/

 

~~~~~

Did you follow any of the above?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click On scan completion
  • Click Quarantine detected objects, then click OK
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Copy and paste the report in your reply

Share this post


Link to post
Share on other sites

Looking over your logs I can see an older version of Malwarebytes Anti-Malware.

 

Let's uninstall that and download the most current version.

 

Through your add/remove programs list in the control panel, locate Malwarebytes Anti-Malware

 

Right click on that and select uninstall.

 

If you should have problems use the uninstall tool.

https://support.malwarebytes.com/customer/portal/articles/1835311-how-do-i-uninstall-malwarebytes-anti-malware-?b_id=6438

 

***

for the most current version

 

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

 

OR from this location Here

  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"

    MBAM3_zpsw0f8rn9n.jpg

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • Upon completion of the scan (or after the reboot), click the Reports tab.

    Double-click the Scan Log.

    At the bottom click Export and choose Text file.

     

    Save the file to your desktop and include its content in your next reply.

Share this post


Link to post
Share on other sites
Malwarebytes

www.malwarebytes.com


-Log Details-

Scan Date: 6/20/17

Scan Time: 10:49 AM

Log File:

Administrator: Yes


-Software Information-

Version: 3.1.2.1733

Components Version: 1.0.141

Update Package Version: 1.0.2192

License: Trial


-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Kristina-HP\Kristina


-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 492848

Threats Detected: 0

(No malicious items detected)

Threats Quarantined: 0

(No malicious items detected)

Time Elapsed: 12 min, 40 sec


-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled


-Scan Details-

Process: 0

(No malicious items detected)


Module: 0

(No malicious items detected)


Registry Key: 0

(No malicious items detected)


Registry Value: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Data Stream: 0

(No malicious items detected)


Folder: 0

(No malicious items detected)


File: 0

(No malicious items detected)


Physical Sector: 0

(No malicious items detected)



(end)

Share this post


Link to post
Share on other sites

Did you follow through with

there are a couple of items that can be added to your browser to add protection.

Safe Script for Google Chrome

https://chrome.googl...dbdgdf?hl=en-US

 

NoScript for Firefox.

https://noscript.net/

 

~~~~~~~~~~~~~~~~~~~~~~

Do you have the results from

Emsisoft Emergency Kit

 

 

Share this post


Link to post
Share on other sites
I have not done the browser things yet I will now.


Emsisoft Emergency Kit - Version 2017.4

Last update: 6/20/2017 2:06:15 PM

User account: Kristina-HP\Kristina

Computer name: KRISTINA-HP

OS version: Windows 7x64 Service Pack 1


Scan settings:


Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files


Detect PUPs: On

Scan archives: Off

ADS Scan: On

File extension filter: Off

Direct disk access: Off


Scan start: 6/20/2017 2:08:01 PM

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} detected: Application.AdReg (A) [272128]


Scanned 110081

Found 1


Scan end: 6/20/2017 2:36:35 PM

Scan time: 0:28:34


Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Application.AdReg (A)


Quarantined 1

Share this post


Link to post
Share on other sites

You really need to refresh your browsers.

 

The fraud emanated from the Internet and not your PC.

Share this post


Link to post
Share on other sites

Chrome is new I finally got it to download a fresh new copy so everything is gone that was on there. Firefox too but when I use IE which I don't ever use I tried going to this again https://www.java.com/en/download/installed.jspbut IE keeps giving me a problem with this webpage caused Internet Explorer to close and open a new tab. Java still won't open in control panel.

Share this post


Link to post
Share on other sites

Chrome is new I finally got it to download a fresh new copy so everything is gone that was on there. Firefox too but when I use IE which I don't ever use I tried going to this again https://www.java.com/en/download/installed.jspbut IE keeps giving me a problem with this webpage caused Internet Explorer to close and open a new tab. Java still won't open in control panel.

Sounds like we finally got there.

 

When I used to check on Java, I used Firefox.

Since so many security issues opened up for Java, I uninstalled it.

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

 

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.

In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

 

If you do need to keep Java then download JavaRa

Run the programme and select Remove Java Runtime. Uninstall all versions of Java present

Once done then run it again and select Update Java runtime and Download and install Latest version.

 

But, since your a gaming person you might need it to play the games...I don't know.

 

You could try temporarily disabling your antivirus to see if the control panel would open up or, boot into safe mode to see if your allowed access.

 

~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

I fixed the java on that site some games use java and some use flash. I played last night left my name in a room to see if it booted me to a different page it didn't so hopefully the problem is fixed. Thank you so much for all of your help.

Share this post


Link to post
Share on other sites

I think, if you uninstall the version you have now, then go here and download from this link

https://www.piriform.com/ccleaner/download

 

that should be the newest version.

~~~~~~~~~~~~~~~~~~~~~~~~~~

For Flash, let's make sure yours is up to date

 

Flash test site: https://www.adobe.com/software/flash/about/

 

For I/E - some versions get 'Automatic' updates:

- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe

For Firefox and other Plugin-based browsers:

- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe

For Chrome:

- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

 

 

 

~~~~~~~~~~

We need to uninstall tools and quarantine folders now.

 

DelFix

 

  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.

    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete

    ).
************************************

Share this post


Link to post
Share on other sites

I was on pogo.com just the main page my I was signed in and just left the page up I was using FireFox because chrome seems to be working great I wanted to see if FireFox was good and after about 20 minutes pogos page changed to this. I never save it because I don't know if it's real but I'm pretty sure that site has problems and telling them is like talking to a wall because they will blame my computer has malware or adware or a virus.

 

This is my version of Flash You have version 26,0,0,131 installed

 

post-26329-0-27379200-1498105999_thumb.jpg

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...