WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hyperlinked words, Pop ups, General Problems

Started by megan.pen , Nov 22 2014 12:36 AM

This topic is locked

27 replies to this topic

#16 megan.pen

Authentic Member

Authentic Member
25 posts

Posted 07 December 2014 - 03:46 AM

Just running that Eset scan again - I bought a hard drive on the weekend so hopefully that will help speed things up.

Advertisements

Register to Remove

#17 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 07 December 2014 - 05:50 PM

post when ready.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#18 megan.pen

Authentic Member

Authentic Member
25 posts

Posted 08 December 2014 - 04:18 AM

Wow, that took forever!!

See below;

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir a variant of MSIL/AdvancedSystemProtector.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\ASPUninstall.exe.vir a variant of Win32/Systweak.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\scandll.dll.vir a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com.vir MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com.vir MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe.vir MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bhelper.dll.vir Win32/AdWare.SmartApps.E application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bservice.exe.vir Win32/AdWare.SmartApps.E application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\NmHost\nmhost.exe.vir Win32/AdWare.SmartApps.E application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Wd\wd.exe.vir Win32/AdWare.SmartApps.E application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser Warden\FrameworkBHO.dll.vir a variant of Win32/AdWare.SmartApps.H application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser Warden\FrameworkBHO64.dll.vir a variant of Win32/AdWare.SmartApps.H application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser Warden\FrameworkEngine.exe.vir Win32/AdWare.SmartApps.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3312248\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupon downloader\Coupon Downloader.dll.vir a variant of Win32/AdWare.Adpeak.I application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir a variant of Win32/Techsnab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\360-58488.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\58488.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\58488.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\cb7f5cd8-7b5e-477e-b472-a69047b1f0b1-5.exe.vir a variant of Win32/Toolbar.CrossRider.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bg.exe.vir a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Media_Play_AIR+_1.1\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir a variant of Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir a variant of Win32/ELEX.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3312248\UninstallerUI.exe.vir Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Browser Warden\gpedit.exe.vir Win32/AdWare.SmartApps.E application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Browser Warden\storageedit.exe.vir Win32/AdWare.SmartApps.E application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Browser Warden\uninstall.exe.vir Win32/Adware.SmartApps.K application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\torch\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Local\torch\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Roaming\GetPrivate\gp_upd.exe.vir a variant of Win32/Techsnab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Megan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir Win64/AdvancedSystemProtector.A potentially unwanted application
C:\Program Files (x86)\BitLord 2\StubInstaller.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll a variant of Win32/Techsnab.C potentially unwanted application
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll a variant of Win32/Techsnab.C potentially unwanted application
C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll a variant of Win32/Techsnab.C potentially unwanted application
C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\temp\InstallFilter64.msi multiple threats
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Megan\AppData\Local\nspC5B4.tmp Win32/AnyProtect.E potentially unwanted application
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js JS/Kryptik.ATB trojan
C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\extensions\{4db0f392-c7b5-4669-8bbc-4ed98606c6b1}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows\apppatch\apppatch64\VCLdr64.dll a variant of Win32/ClientConnect.A potentially unwanted application
Operating memory a variant of Win32/Techsnab.C potentially unwanted application

#19 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 08 December 2014 - 07:44 AM

Quite a bit to do here....
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

YoutubeAdBluockee
Comodo Web Inspector
Look for the above in your add/remove programslist, then uninstall.
If not found continue with the rest of the fix.

Uninstall Software

Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the following programmes, right-click and click Uninstall.
Note: Ensure you decline offers of additional software if applicable.
- Java
Follow the prompts.
Reboot if necessary.

~~~

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

For Firefox, install the NoScript add-on.
For Chrome, install the ScriptNo add-on.
-->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

JavaRa

Please download JavaRa and save the file to your Desktop.
Close any open windows.
Right-Click JavaRa.exe and select Run as administrator to run the programme.
Click Remove JRE.
Skip Step 1 and click the next button.
Click Perform Removal Routine.
Upon completion, click OK.
Click Next and skip the downloading process. Click Next, followed by Close this wizard, followed by Finish.
Return to the main menu and click Additional Tasks.
Place a checkmark next to Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files.
Note: Ensure no browser windows are open.
Click Run.
Upon completion, the following message will be displayed: Selected tasks completed successfully.
Close JavaRa.

I also recommend you download the latest version of the Java Runtime Environment from here

~~~~~~~~~~

Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.

Please click here to go to the FlashPlayer Installation page.
In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
- Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
Close the browser and all open windows.
Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.

~~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
C:\Program Files (x86)\BitLord 2\StubInstaller.exe
C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe
C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll
C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll
C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe
C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe
C:\temp\InstallFilter64.msi
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Megan\AppData\Local\nspC5B4.tmp
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.
C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\extensions\{4db0f392-c7b5-4669-8bbc-4ed98606c6b1}\Plugins\npConduitFirefoxPlugin.dll
C:\Windows\apppatch\apppatch64\VCLdr64.dll
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~

I want you to run another scan with Malwarebytes' Anti-Malware

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Please post:
Fixlog.txt
Malwarebytes log

#20 megan.pen

Authentic Member

Authentic Member
25 posts

Posted 14 December 2014 - 03:33 AM

Hi,

I couldn't find the youtube thing to remove or the comodo one or the java program.

I did the fix scan see below;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014
Ran by Megan at 2014-12-14 19:26:27 Run:4
Running from C:\Users\Megan\Desktop
Loaded Profile: Megan (Available profiles: Megan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files (x86)\BitLord 2\StubInstaller.exe
C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe
C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll
C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll
C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe
C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe
C:\temp\InstallFilter64.msi
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Megan\AppData\Local\nspC5B4.tmp
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.
C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js
C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\extensions\{4db0f392-c7b5-4669-8bbc-4ed98606c6b1}\Plugins\npConduitFirefoxPlugin.dll
C:\Windows\apppatch\apppatch64\VCLdr64.dll
EmptyTemp:
Hosts:
End

*****************

Processes closed successfully.
C:\Program Files (x86)\BitLord 2\StubInstaller.exe => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe => Moved successfully.
C:\temp\InstallFilter64.msi => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
C:\Users\Megan\AppData\Local\nspC5B4.tmp => Moved successfully.
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx.js => Moved successfully.
C:\Users\Megan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
"C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\eFx." => File/Directory not found.
C:\Users\Megan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\afcijaifpjfkaleblcokolmgchbfmpgc\1.0\lsdb.js => Moved successfully.
C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\extensions\{4db0f392-c7b5-4669-8bbc-4ed98606c6b1}\Plugins\npConduitFirefoxPlugin.dll => Moved successfully.
C:\Windows\apppatch\apppatch64\VCLdr64.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 248.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#21 megan.pen

Authentic Member

Authentic Member
25 posts

Posted 14 December 2014 - 04:06 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 14/12/2014 7:35:05 PM, SYSTEM, PENNINGHPC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 14/12/2014 7:35:05 PM, SYSTEM, PENNINGHPC, Manual, Rootkit Database, 2014.11.22.1, 2014.12.8.3,
Update, 14/12/2014 7:35:11 PM, SYSTEM, PENNINGHPC, Manual, Malware Database, 2014.11.28.10, 2014.12.14.3,
Update, 14/12/2014 7:35:20 PM, SYSTEM, PENNINGHPC, Manual, program, 2.0.3.1025, 2.0.4.1028,
Update, 14/12/2014 7:36:16 PM, SYSTEM, PENNINGHPC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.8.3,
Update, 14/12/2014 7:36:16 PM, SYSTEM, PENNINGHPC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 14/12/2014 7:36:20 PM, SYSTEM, PENNINGHPC, Manual, Malware Database, 2014.11.20.6, 2014.12.14.3,

(end)

#22 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 14 December 2014 - 06:06 AM

How's the computer now?

Please run this security check.

Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#23 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 20 December 2014 - 06:17 AM

still with me?

#24 megan.pen

Authentic Member

Authentic Member
25 posts

Posted 29 December 2014 - 06:44 PM

Hi,

Sorry been crazy over xmas and haven't had my computer; just tried it now and its working really good.

****************************

Results of screen317's Security Check version 0.99.93
   x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#25 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 29 December 2014 - 09:36 PM

Sorry been crazy over xmas and haven't had my computer; just tried it now and its working really good.

Good deal

DelFix

Please download DelFix and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
Click the Run button.

~~~~~~~~~~~~~~~~~~~~~

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

The following programmes come highly recommended in the security community.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Advertisements

Register to Remove

#26 megan.pen

Authentic Member

Authentic Member
25 posts

Posted 29 December 2014 - 11:06 PM

# DelFix v10.8 - Logfile created 30/12/2014 at 15:04:45
# Updated 29/07/2014 by Xplode
# Username : Megan - PENNINGHPC
# Operating System : Windows 8 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Megan\Desktop\FRST-OlderVersion
Deleted : C:\logFileUI.txt
Deleted : C:\Users\Megan\Desktop\AdwCleaner.exe
Deleted : C:\Users\Megan\Desktop\Fixlog.txt
Deleted : C:\Users\Megan\Desktop\FRST64.exe
Deleted : C:\Users\Megan\Desktop\RogueKiller.exe
Deleted : C:\Users\Megan\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #66 [Installed Microsoft Visual C++ 2005 Redistributable | 11/29/2014 03:38:58]
Deleted : RP #67 [Windows Update | 12/12/2014 23:59:28]

New restore point created !

########## - EOF - ##########

#27 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 30 December 2014 - 06:58 AM

Your good to go!

Happy New Year!

#28 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 16 January 2015 - 01:48 PM

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Body Background

skin color theme