[Teima]

Hello aliboy66,

Hi Teima my computer seams OK on my settings but yesterday I went on all the others just to see how things are,well they get all the popups all the fake alerts, since I have been corresponding with you the only person using this computer is me just letting you know

Ok mate. You're talking about other machines within the house correct? If so. Would you like me to assist you with them once we are done with this one at the moment? We are almost done here. Just one more scan will need to be completed after these instructions.

Step One

Spybot Search & Destroy TeaTimer

• Launch Spybot Search & Destroy
• In the Menu, Select Mode and choose Advanced Mode
• Click Yes in the confirmation dialogue box
• click on Tools to expand the menu. Make sure that Resident is checked and then click Resident in the left pane.
• In the right pane uncheck Resident "Tea timer" (Protection of over-all system settings) to disable it.
• Uncheck the TeaTimer box and OK any prompts.
• If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
• Exit Spybot S&D when done.
• (Once step three has been followed, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Step Two

Run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.

:Files 
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state on /c

:Commands
[CREATERESTOREPOINT]

• Click run fix.

• OTL may ask to reboot the machine. Please click the OK button if prompted.

• Once done a report will be displayed. Copy and paste the contents of that report within your next response.

Step Three

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Remove found threats is Not checked
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[Advertisements]

Hi Teima before I start the next lot of instruction I use Google chrome will It be OK to do all that stuff and it's this machine I am talking about
When I go. And log into the computer with there pass word they are getting all the pop ups and fake alerts.when I use my own details it's not so bad
but I use a app called Adblock plus? .






Hi Teima sorry to be such a pain a bit confused, I have spy bot and when I go into advance mode and expand the tools menu I cannot find the 'residence' box which I am supposed to tick, the only options I have are settings, report creator, rootkit scan, statup tools, Secure shredder and system repair. Do you have a solution for this and have I missed anything out.

Edited by aliboy66, 18 October 2013 - 11:12 AM.

[aliboy66]

Hi Teima before I start the next lot of instruction I use Google chrome will It be OK to do all that stuff and it's this machine I am talking about
When I go. And log into the computer with there pass word they are getting all the pop ups and fake alerts.when I use my own details it's not so bad
but I use a app called Adblock plus? .






Hi Teima sorry to be such a pain a bit confused, I have spy bot and when I go into advance mode and expand the tools menu I cannot find the 'residence' box which I am supposed to tick, the only options I have are settings, report creator, rootkit scan, statup tools, Secure shredder and system repair. Do you have a solution for this and have I missed anything out.

Edited by aliboy66, 18 October 2013 - 11:12 AM.

[aliboy66]

Hi Teima will this help

Attached Thumbnails

• 

[Teima]

Hello aliboy66,

Hi Teima before I start the next lot of instruction I use Google chrome will It be OK to do all that stuff and it's this machine I am talking about.

With ESET online scanner you will have some issues with compatibility within Google Chrome. It would be more well advised to follow the instructions within Internet Explorer as it would be easier from both sides.

When I go. And log into the computer with there pass word they are getting all the pop ups and fake alerts.when I use my own details it's not so bad but I use a app called Adblock plus?

That's odd. And definitely something we'll look into. Do you recall what the popups and alerts say?

I have spy bot and when I go into advance mode and expand the tools menu I cannot find the 'residence' box which I am supposed to tick, the only options I have are settings, report creator, rootkit scan, statup tools, Secure shredder and system repair. Do you have a solution for this and have I missed anything out.

My apologies. This is a fault on my side. There's been an update since I last used it. Try this. Settings > System Services > Scanner Service - Uncheck this box > Security Centre Service - Uncheck this box and hit Apply and OK.

You can re-apply these settings once the former instructions have been followed.

[aliboy66]

Hi Teima the popups we get are mostly advertising and some saying my disk space is low my computer is at risk and tell me to download stuff.Computers running hot and cold sometimes works fine and sometime really slow?.Anyway did step one and two but 3 IE would not let me download ESET Online Scaner get a message your security wont allow,I turned ofF my firewall and MES still did not let me.I tried it on chrome and it downloaded? did not use it as I was not sure,you say this scan could take long and don't touch the mouse but my screen saver will kick in will that interrupt the scan?


otl fix

========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\Niyazi Mustafa\Desktop\cmd.bat deleted successfully.
C:\Users\Niyazi Mustafa\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Niyazi Mustafa\Desktop\cmd.bat deleted successfully.
C:\Users\Niyazi Mustafa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10192013_191812

Edited by aliboy66, 20 October 2013 - 02:53 PM.

[Teima]

Hello aliboy66,

Hi Teima the popups we get are mostly advertising and some saying my disk space is low my computer is at risk and tell me to download stuff.

Ok. Once we have finished the ESET Online scan I'll present some additional forms of prevention which we can do to prevent these advertisements.

Computers running hot and cold sometimes works fine and sometime really slow?. Anyway did step one and two but 3 IE would not let me download ESET Online Scaner get a message your security wont allow,I turned ofF my firewall and MES still did not let me.I tried it on chrome and it downloaded?

Ok no worries mate. That will something we will address without a doubt. Were you able to disable Spybot without any issues? Because that could be causing the conflicts at the moment. Also. Do you recall what the exact error message for ESET Online scanner were mate?

you say this scan could take long and don't touch the mouse but my screen saver will kick in will that interrupt the scan?

The screen saver won't interrupt the scan. So don't worry.

[aliboy66]

Hi Teima did the Eset

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0e6cc29ff6217140a7a867e581f2cda7
# engine=15593
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-22 10:44:51
# local_time=2013-10-22 11:44:51 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 9115378 134946941 0 0
# scanned=48955
# found=2
# cleaned=0
# scan_time=224595504
sh=911411B2A121CAAC6541792D1BB517ECEB4AB78F ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Program Files (x86)\Lyrics-Show\126.xpi"
sh=A9DC6EE05556557382934014B5D9B316BB713D1D ft=1 fh=bf6d3b0cdd6c3bef vn="a variant of Win32/Adware.AddLyrics.J application" ac=I fn="C:\Program Files (x86)\Lyrics-Show\showupdater.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0e6cc29ff6217140a7a867e581f2cda7
# engine=15602
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-22 10:44:04
# local_time=2013-10-22 11:44:04 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 9115331 134946894 0 0
# scanned=293819
# found=4
# cleaned=0
# scan_time=224853744
sh=911411B2A121CAAC6541792D1BB517ECEB4AB78F ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Program Files (x86)\Lyrics-Show\126.xpi"
sh=A9DC6EE05556557382934014B5D9B316BB713D1D ft=1 fh=bf6d3b0cdd6c3bef vn="a variant of Win32/Adware.AddLyrics.J application" ac=I fn="C:\Program Files (x86)\Lyrics-Show\showupdater.exe"
sh=BD436E5140A7153D22BB49B80D36DF0DB71E3C27 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Users\Emine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdcjjiepplekfppfpcmkfgfagpmdmgc\1.126_0\contentscript.js"
sh=3284DB50CA09BB7AD121A8DC6195B5142914D086 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows\Installer\22ca36.msi"



How is my computer looking at your end?

Edited by aliboy66, 23 October 2013 - 03:58 PM.

[Teima]

Hello aliboy66,

How is my computer looking at your end?

It is looking well from our end. This will be the final scan that needs to be completed before we proceed on to addressing the alerts and popups which you have described within the former response. There's also a few redundant things which I would like to address.

Step One

Download aswMBR.exe (4.52MB) to your desktop.

Double click the aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.





On completion of the scan click save log, save it to your desktop and post it in your next reply.

[aliboy66]

Hi Teima did the scan,
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-24 19:26:55
-----------------------------
19:26:55.989 OS Version: Windows x64 6.1.7601 Service Pack 1
19:26:55.990 Number of processors: 2 586 0x170A
19:26:55.991 ComputerName: NIYAZIMUSTAFA UserName:
19:26:56.802 Initialize success
19:27:11.521 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:27:11.524 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
19:27:11.639 Disk 0 MBR read successfully
19:27:11.644 Disk 0 MBR scan
19:27:11.648 Disk 0 Windows 7 default MBR code
19:27:11.661 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
19:27:11.676 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 153000 MB offset 821248
19:27:11.708 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 151843 MB offset 314165248
19:27:11.832 Disk 0 scanning C:\Windows\system32\drivers
19:27:19.969 Service scanning
19:27:46.517 Modules scanning
19:27:46.532 Disk 0 trace - called modules:
19:27:46.562 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:27:46.570 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003de7240]
19:27:46.582 3 CLASSPNP.SYS[fffff88001ab743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002d1b050]
19:27:46.591 Scan finished successfully
19:30:08.798 Disk 0 MBR has been saved successfully to "C:\Users\Niyazi Mustafa\Desktop\MBR.dat"
19:30:08.810 The log file has been saved successfully to "C:\Users\Niyazi Mustafa\Desktop\aswMBR.txt"




my MSE keeps poping up with a message that it has found a threat and that I need to clean my computer not sure what to do? and how comes when I did a ESET scan I did not clean up what it found? thank you in Teima trurst

Edited by aliboy66, 26 October 2013 - 11:26 AM.

[Teima]

Hello aliboy66,

my MSE keeps poping up with a message that it has found a threat and that I need to clean my computer not sure what to do?

Is thing something which occurs quite frequently by any chance? If so. Would you be able to tell me what has been detected should it occur a second time?

and how comes when I did a ESET scan I did not clean up what it found?

Ok. That was due to the settings which were ran along ESET Online Scanner at the time. All of the lines listed would be what we regard as optional where it wouldn't hurt to keep or remove them from the machine. With that in mind. Do you recognize the program installed called LyricsShow?

thank you in Teima trurst

You're most welcome!

[aliboy66]

Hi Teima the message i get from MSE is Addware win32/addlyrics its got it down as medium threat what should I do? it keeps poping up its waiting for me to pick a option?.As for LyricsShow?
don't know what that is I have asked the The Usual Suspects? and they don' know should i get rid of this,I think its got something to do with music? what next

[Teima]

Hello aliboy66,

The message i get from MSE is Addware win32/addlyrics its got it down as medium threat what should I do?

Thanks for the additional information! It's much appreciated. I'll post some instructions below for its removal within this instance.

And they don' know should i get rid of this,I think its got something to do with music?

I think it would be a good cause of action to remove it from the machine as it's not something which would be wise to keep installed. Also. This will stop the alerts from Microsoft Security Essentials and will also address what was found via ESET Online Scanner.

Step One

Uninstall

Please navigate to Control Panel > Add/Remove Programs and uninstall "LyricsShow" as it has been identified as something which requires to be addressed. Once complete. Let me know. And I'll post some final recommendations and instructions.

[aliboy66]

All done Teima,MSE still show bing threat should use MSE to clean it ?

[Teima]

Hello aliboy66,

Yes. I would recommend removing it via Microsoft Security Essentials should the alert occur a second time. How does the machine appear to be running at the moment?

[aliboy66]

Hi Teima the computer seams to be ok it's running faster no pop ups .I have notice that my MSE in the real time protection is ok but virus and spyware definitions will not update I have tired it manually but I get error message 0x80244004 what next


Hi Teima MSE has finally has updated ...

Edited by aliboy66, 02 November 2013 - 12:10 PM.