thanks again for all your help
hp pavilion pc infected after microsoft essential installation Continu
Started by
chosen072
, Aug 19 2012 01:40 PM
#16
Posted 25 August 2012 - 06:19 AM
chosen072
- Topic Starter
-
- Member
-
- 94 posts
Member
thanks again for all your help
#17
Posted 25 August 2012 - 08:54 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
We can have OTL remove it along with some other junk I should have removed earlier:
Copy the text in the code box by highlighting and Ctrl + c
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Run OTL, Quickscan and post the log.
I recommend the free Avast!
http://www.avast.com...ivirus-download
Download, Save, and right click and Run As Administrator.
Register when they ask you to. They will try and talk you into the paid product but the free version is fine.
Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)
The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho the free version will not be the default. You will need to click on the Basic Protection rather than just hitting Enter.
Once you have installed and updated, some night before you go to bed let it start a boot-time scan:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It will take hours which is why I recommend letting it run while you sleep. (You will want to mute the speaker so the windows startup music won't wake up the house.)
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
A text version of the report should be at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt in case you need to copy and paste it into a reply.
Copy the text in the code box by highlighting and Ctrl + c
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{6035EECC-1D99-4DCB-B39E-89578BA32679}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKLM\..\SearchScopes\{D0B81197-C875-4BF3-B266-F93A46F165A9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes\{16C27B61-302A-41B5-8CE6-1786CFA688F8}: "URL" = http://websearch.ask...91-7EFB1B880F37
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...91-7EFB1B880F37
IE - HKCU\..\SearchScopes\{56AA9076-F01B-E7F5-FDE8-595510203E62}: "URL" = http://www.amazon.co...y={searchTerms}
IE - HKCU\..\SearchScopes\{6035EECC-1D99-4DCB-B39E-89578BA32679}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...l&geo=US&ver=19
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\..\SearchScopes\{D0B81197-C875-4BF3-B266-F93A46F165A9}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{F01EBF6B-25CC-4471-B442-533652A57D4E}: "URL" = http://start.funmood...q={searchTerms}
[2012/01/23 13:37:20 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Chozen\AppData\Roaming\Mozilla\Firefox\Profiles\m3em35ot.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/02/01 13:03:51 | 000,000,000 | ---D | M] ("SUPERAntiSpyware Toolbar Powered by Ask.com") -- C:\Users\Chozen\AppData\Roaming\Mozilla\Firefox\Profiles\m3em35ot.default\extensions\[email protected]
[2012/03/11 18:47:12 | 000,002,573 | ---- | M] () -- C:\Users\Chozen\AppData\Roaming\Mozilla\Firefox\Profiles\m3em35ot.default\searchplugins\askcom.xml
[2012/08/03 10:56:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/22 17:23:57 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
:files
sc config NisSrv start= disabled /c
sc delete NisSrv /c
sc config NisDrv start= disabled /c
sc delete NisDrv /c
C:\Program Files\Microsoft Security Client
C:\Program Files\Microsoft Security Essentials
C:\WINDOWS\System32\drivers\NisDrvWFP.sys
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Run OTL, Quickscan and post the log.
I recommend the free Avast!
http://www.avast.com...ivirus-download
Download, Save, and right click and Run As Administrator.
Register when they ask you to. They will try and talk you into the paid product but the free version is fine.
Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)
The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho the free version will not be the default. You will need to click on the Basic Protection rather than just hitting Enter.
Once you have installed and updated, some night before you go to bed let it start a boot-time scan:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It will take hours which is why I recommend letting it run while you sleep. (You will want to mute the speaker so the windows startup music won't wake up the house.)
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
A text version of the report should be at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt in case you need to copy and paste it into a reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
