Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hp pavilion pc infected after microsoft essential installation Continu


  • Please log in to reply

#16
chosen072

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
Thanks do much Ron I really appreciate your help. I would say the last issue would be I still can't remove mse how can i remove it and is there an antivirus program you would reccomend?
thanks again for all your help
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
We can have OTL remove it along with some other junk I should have removed earlier:


Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{6035EECC-1D99-4DCB-B39E-89578BA32679}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKLM\..\SearchScopes\{D0B81197-C875-4BF3-B266-F93A46F165A9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes\{16C27B61-302A-41B5-8CE6-1786CFA688F8}: "URL" = http://websearch.ask...91-7EFB1B880F37
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...91-7EFB1B880F37
IE - HKCU\..\SearchScopes\{56AA9076-F01B-E7F5-FDE8-595510203E62}: "URL" = http://www.amazon.co...y={searchTerms}
IE - HKCU\..\SearchScopes\{6035EECC-1D99-4DCB-B39E-89578BA32679}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...l&geo=US&ver=19
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\..\SearchScopes\{D0B81197-C875-4BF3-B266-F93A46F165A9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{F01EBF6B-25CC-4471-B442-533652A57D4E}: "URL" = http://start.funmood...q={searchTerms}
[2012/01/23 13:37:20 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Chozen\AppData\Roaming\Mozilla\Firefox\Profiles\m3em35ot.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/02/01 13:03:51 | 000,000,000 | ---D | M] ("SUPERAntiSpyware Toolbar Powered by Ask.com") -- C:\Users\Chozen\AppData\Roaming\Mozilla\Firefox\Profiles\m3em35ot.default\extensions\[email protected]
[2012/03/11 18:47:12 | 000,002,573 | ---- | M] () -- C:\Users\Chozen\AppData\Roaming\Mozilla\Firefox\Profiles\m3em35ot.default\searchplugins\askcom.xml
[2012/08/03 10:56:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/22 17:23:57 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

:files
sc config NisSrv start= disabled /c
sc delete NisSrv /c
sc config NisDrv start= disabled /c
sc delete NisDrv /c
C:\Program Files\Microsoft Security Client
C:\Program Files\Microsoft Security Essentials
C:\WINDOWS\System32\drivers\NisDrvWFP.sys
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Run OTL, Quickscan and post the log.

I recommend the free Avast!
http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.
Register when they ask you to. They will try and talk you into the paid product but the free version is fine.

Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho the free version will not be the default. You will need to click on the Basic Protection rather than just hitting Enter.

Once you have installed and updated, some night before you go to bed let it start a boot-time scan:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It will take hours which is why I recommend letting it run while you sleep. (You will want to mute the speaker so the windows startup music won't wake up the house.)
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
A text version of the report should be at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt in case you need to copy and paste it into a reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP