Csrss.exe virus
Closed
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
-
Dec 28, 2016 at 08:52 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 6, 2017 at 06:05 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 6, 2017 at 06:05 PM
Related:
- Csrss.exe trojan
- Trojan remover - Download - Antivirus
- Trojan brisv - Viruses & Security Forum
- What is a trojan virus - Guide
- Files hidden by trojan - Viruses & Security Forum
- Help! Attacked by Trojan Horse ✓ - Viruses & Security Forum
9 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Dec 29, 2016 at 05:07 AM
Dec 29, 2016 at 05:07 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Dec 30, 2016 at 05:04 AM
Dec 30, 2016 at 05:04 AM
Hi
Download Free Malwarebyte here:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Find installer
Look for the mb3-setup.exe file in your Downloads folder (or where you saved it).
Open installer
Double click the file and run the program.
Follow installer instructions
Read the instructions to complete installation.
Use Malwarebyte to scan and delete the virus.
Good luck
Download Free Malwarebyte here:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Find installer
Look for the mb3-setup.exe file in your Downloads folder (or where you saved it).
Open installer
Double click the file and run the program.
Follow installer instructions
Read the instructions to complete installation.
Use Malwarebyte to scan and delete the virus.
Good luck
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Updated by Queen1628 on 30/12/16 at 01:59 PM
Updated by Queen1628 on 30/12/16 at 01:59 PM
Hi Ambucias, I was finally able to complete the diagnosis, and upload to to the link above:
http://s000.tinyupload.com/?del_id=75674696328680947905
Pls let me know if you received it. Thanks
http://s000.tinyupload.com/?del_id=75674696328680947905
Pls let me know if you received it. Thanks
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
>
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Dec 30, 2016 at 04:25 PM
Dec 30, 2016 at 04:25 PM
Thanks hold on.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Dec 30, 2016 at 04:59 PM
Dec 30, 2016 at 04:59 PM
Hello Deb,
You live dangerously with your downloads while looking for bargains. Your machine is badly infected with hijackers, adware, spyware and Trojans, altogether there 97 of them.
You are also seriously compromising your machine as you do not have any antivirus software. An antivirus software is an absolute must if you wish to use internet.
Without an antivirus, you will be here again next week asking for help. If you can't purchase one, I can get you one for free.
There are also there are 439 superfluous files.
csrss.exe was not your virus.
Here is how we will disinfect your machine.
1. Download ZHPFix here
https://nicolascoolman.eu
2. Select and copy all of the following bold lines.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (.not file.)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] __MSG_1847180208764925264__
C2 - CDE: Preference [User Data\Default] [cmaiofennmphjldldcpphcechfnnohja] http://privdog.com/updates/865/dragon/update.xml PrivDog
P2 - EXT: (...) -- C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Firefox\Profiles\x80rf77a.default\smartbar
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp.myway.com/
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;*.local
O2 - BHO: Search App by Ask BHO [64Bits] - {5245414C-392D-4700-76A7-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\REAL9-G\Passport.dll" (.not file.)
O3 - Toolbar: 0x4C4145522D39004776A77A786E7484D7 - [HKCU]{5245414C-392D-4700-76A7-7A786E7484D7} . (...) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\REAL9-G\Passport.dll (.not file.)
O3 - Toolbar: (no name) - [HKLM]{5245414C-392D-4700-76A7-7A786E7484D7} (.Orphan.) (.not file.)
O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
O42 - Logiciel: Search App by Ask - (.APN, LLC.) [HKLM][64Bits] -- {5245414C-392D-4700-76A7-A758B70C2500}
HKLM\SOFTWARE\Wow6432Node\Solid Savings
HKCU\SOFTWARE\AppDataLow\Software\SmartBar
3 - CFD: 10/12/2015 - [] D -- C:\Program Files (x86)\AskPartnerNetwork
3 - CFD: 02/05/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
3 - CFD: 27/12/2016 - [] D -- C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows
O61 - LFC: 2016/12/26 18:57:52 A . (.Copyright © 2015.) -- C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows\wfo.exe [72400] {009CE8C65D74ED2966895A28DB6BF87BF3}
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=compound%20subject%20verb%20agreement&[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.mam_gk_appState_PriceGong.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.mam_gk_appState_WindowShopper.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.originalSearchEngine", "Vgrabber v1.9 Customized Web Search");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.originalSearchEngineName", "Vgrabber v1.9 Customized Web Search");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.CTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.Uninstall", "0");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.homepage", "true");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.toolbarName", "InternetHelper3.2 ");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=1%2B800%2Bmattress&l=www.1800mattress.[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.mam_gk_appState_PriceGong.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.mam_gk_appState_WindowShopper.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Vgrabber[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vgrabber v1.9 \[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.CTID", "CT3303797");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.Uninstall", "0");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.homepage", "true");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.isHidden", false);
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.toolbarName", "Vgrabber v1.9 ");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.TBHomepagesList", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.TBSearchEngineList", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.TBSearchUrlList", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.keywordURLSelectedCTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("iminent.version", "7.33.3.1");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.33.3.1\",\"InstallEventCTime\":1377619097602,\"InstallEvent\":\"True\"}")[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("keyword.URL", "http://trovi.com/ResultsExt.aspx?ctid=CT3289664&SearchSource=2&CUI=UN28677475992940717&UM=2&q=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("plugin.blocklisted.npviewpoint", true);
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.addressBarOwnerCTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.defaultSearchOwnerCTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.homePageOwnerCTID", "CT3303797");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.machineId", "74E2M6FB6I3FDGKIVM+7OVSAD2JV+C7GLUAW+ATO3EUYIHNBEM/JU4OPU9VWOKKBDWZ74HPXHG7EBU+B398ACW");
O90 - PUC: "C4145425D2930074677A7A857BC05200" . (.Search App by Ask.) -- C:\Windows\Installer\{5245414C-392D-4700-76A7-A758B70C2500}\ToolbarIcon.exe
[MD5.] [WIS][2015/11/30 03:06:45] (.APN, LLC - Ask.com ® - Install Builder.) -- C:\Windows\Installer\185276ea.msi [34080]
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SevereWeatherAlertsApp_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SevereWeatherAlertsApp_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
C:\Users\Queen Thorpe\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5245414C-392D-4700-76A7-7A786E7484D7}
HKLM\Software\Classes\CLSID\{5245414C-392D-4700-76A7-7A786E7484D7}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5245414C-392D-4700-76A7-7A786E7484D7}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5245414C-392D-4700-76A7-7A786E7484D7}
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{5245414C-392D-4700-76A7-7A786E7484D7}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{5245414C-392D-4700-76A7-7A786E7484D7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5245414C-392D-4700-76A7-A758B70C2500}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5245414C-392D-4700-76A7-A758B70C2500}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
C:\Program Files (x86)\AskPartnerNetwork
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows
C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows\wfo.exe
C:\Windows\Installer\{5245414C-392D-4700-76A7-A758B70C2500}\ToolbarIcon.exe
HKLM\Software\Classes\Installer\Products\C4145425D2930074677A7A857BC05200
HKLM\Software\Classes\Installer\Features\C4145425D2930074677A7A857BC05200
C:\Windows\Installer\185276ea.msi
HKLM64\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
HKLM64\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
HKLM64\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASAPI32
HKLM64\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASMANCS
HKLM64\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
HKLM64\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
3 Close all applications and open ZHP Fix
4. Click on the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
Good luck and let me know
Best regards
You live dangerously with your downloads while looking for bargains. Your machine is badly infected with hijackers, adware, spyware and Trojans, altogether there 97 of them.
You are also seriously compromising your machine as you do not have any antivirus software. An antivirus software is an absolute must if you wish to use internet.
Without an antivirus, you will be here again next week asking for help. If you can't purchase one, I can get you one for free.
There are also there are 439 superfluous files.
csrss.exe was not your virus.
Here is how we will disinfect your machine.
1. Download ZHPFix here
https://nicolascoolman.eu
2. Select and copy all of the following bold lines.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (.not file.)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] __MSG_1847180208764925264__
C2 - CDE: Preference [User Data\Default] [cmaiofennmphjldldcpphcechfnnohja] http://privdog.com/updates/865/dragon/update.xml PrivDog
P2 - EXT: (...) -- C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Firefox\Profiles\x80rf77a.default\smartbar
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp.myway.com/
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;*.local
O2 - BHO: Search App by Ask BHO [64Bits] - {5245414C-392D-4700-76A7-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\REAL9-G\Passport.dll" (.not file.)
O3 - Toolbar: 0x4C4145522D39004776A77A786E7484D7 - [HKCU]{5245414C-392D-4700-76A7-7A786E7484D7} . (...) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\REAL9-G\Passport.dll (.not file.)
O3 - Toolbar: (no name) - [HKLM]{5245414C-392D-4700-76A7-7A786E7484D7} (.Orphan.) (.not file.)
O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
O42 - Logiciel: Search App by Ask - (.APN, LLC.) [HKLM][64Bits] -- {5245414C-392D-4700-76A7-A758B70C2500}
HKLM\SOFTWARE\Wow6432Node\Solid Savings
HKCU\SOFTWARE\AppDataLow\Software\SmartBar
3 - CFD: 10/12/2015 - [] D -- C:\Program Files (x86)\AskPartnerNetwork
3 - CFD: 02/05/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
3 - CFD: 27/12/2016 - [] D -- C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows
O61 - LFC: 2016/12/26 18:57:52 A . (.Copyright © 2015.) -- C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows\wfo.exe [72400] {009CE8C65D74ED2966895A28DB6BF87BF3}
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=compound%20subject%20verb%20agreement&[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.mam_gk_appState_PriceGong.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.mam_gk_appState_WindowShopper.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.originalSearchEngine", "Vgrabber v1.9 Customized Web Search");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.originalSearchEngineName", "Vgrabber v1.9 Customized Web Search");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.CTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.Uninstall", "0");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.homepage", "true");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.smartbar.toolbarName", "InternetHelper3.2 ");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=1%2B800%2Bmattress&l=www.1800mattress.[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.mam_gk_appState_PriceGong.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.mam_gk_appState_WindowShopper.enc", "b24=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Vgrabber[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vgrabber v1.9 \[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.CTID", "CT3303797");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.Uninstall", "0");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.homepage", "true");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.isHidden", false);
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.smartbar.toolbarName", "Vgrabber v1.9 ");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.TBHomepagesList", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.TBSearchEngineList", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.TBSearchUrlList", "");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("Smartbar.keywordURLSelectedCTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("iminent.version", "7.33.3.1");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.33.3.1\",\"InstallEventCTime\":1377619097602,\"InstallEvent\":\"True\"}")[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("keyword.URL", "http://trovi.com/ResultsExt.aspx?ctid=CT3289664&SearchSource=2&CUI=UN28677475992940717&UM=2&q=");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("plugin.blocklisted.npviewpoint", true);
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.addressBarOwnerCTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.defaultSearchOwnerCTID", "CT3289664");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.homePageOwnerCTID", "CT3303797");
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("smartbar.machineId", "74E2M6FB6I3FDGKIVM+7OVSAD2JV+C7GLUAW+ATO3EUYIHNBEM/JU4OPU9VWOKKBDWZ74HPXHG7EBU+B398ACW");
O90 - PUC: "C4145425D2930074677A7A857BC05200" . (.Search App by Ask.) -- C:\Windows\Installer\{5245414C-392D-4700-76A7-A758B70C2500}\ToolbarIcon.exe
[MD5.] [WIS][2015/11/30 03:06:45] (.APN, LLC - Ask.com ® - Install Builder.) -- C:\Windows\Installer\185276ea.msi [34080]
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SevereWeatherAlertsApp_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SevereWeatherAlertsApp_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
C:\Users\Queen Thorpe\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5245414C-392D-4700-76A7-7A786E7484D7}
HKLM\Software\Classes\CLSID\{5245414C-392D-4700-76A7-7A786E7484D7}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5245414C-392D-4700-76A7-7A786E7484D7}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5245414C-392D-4700-76A7-7A786E7484D7}
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{5245414C-392D-4700-76A7-7A786E7484D7}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{5245414C-392D-4700-76A7-7A786E7484D7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5245414C-392D-4700-76A7-A758B70C2500}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5245414C-392D-4700-76A7-A758B70C2500}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
C:\Program Files (x86)\AskPartnerNetwork
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows
C:\Users\Queen Thorpe\AppData\Roaming\FileOpenerWindows\wfo.exe
C:\Windows\Installer\{5245414C-392D-4700-76A7-A758B70C2500}\ToolbarIcon.exe
HKLM\Software\Classes\Installer\Products\C4145425D2930074677A7A857BC05200
HKLM\Software\Classes\Installer\Features\C4145425D2930074677A7A857BC05200
C:\Windows\Installer\185276ea.msi
HKLM64\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
HKLM64\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
HKLM64\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASAPI32
HKLM64\SOFTWARE\Microsoft\Tracing\SevereWeatherAlerts_RASMANCS
HKLM64\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
HKLM64\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
3 Close all applications and open ZHP Fix
4. Click on the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
Good luck and let me know
Best regards
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Dec 30, 2016 at 06:07 PM
Dec 30, 2016 at 06:07 PM
Hi Ambucias, I have Macafee... I'm confused now... let me run the check that you said
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
>
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Dec 30, 2016 at 06:30 PM
Dec 30, 2016 at 06:30 PM
Deb, sorry, I over looked, you have Mcafee, I have the same. But you also have AVG and Spybot, You should have only one antivirus software otherwise they come in conflict, create false positive or let viruses through. Just stick with McAfee.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
Dec 30, 2016 at 06:33 PM
Dec 30, 2016 at 06:33 PM
None of your antivirus software is active !!!!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
Dec 30, 2016 at 06:43 PM
Dec 30, 2016 at 06:43 PM
I must soon logout and may not be able to continue with you till tomorrow at 5am New Years Eve, eastern standard time.
After ZHP Fix, restart your computer. After you restarted I will require a new ZHP diag report. So please, generate a new report and upload it on tinyupload McAfee has been disabled we must get it going again.
Cheers
After ZHP Fix, restart your computer. After you restarted I will require a new ZHP diag report. So please, generate a new report and upload it on tinyupload McAfee has been disabled we must get it going again.
Cheers
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Dec 30, 2016 at 07:00 PM
Dec 30, 2016 at 07:00 PM
Ok that makes sense. I only downloaded spybot to see if I could clean out the computer. I'll remove once the program is finished running. Should I also remove the malware as well?
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Dec 30, 2016 at 07:16 PM
Dec 30, 2016 at 07:16 PM
Hi Ambucias, here is the path to the report from ZHP Fix: http://s000.tinyupload.com/?del_id=92479594161799083170 ... I'll run the diag and send soon. Thank you so much for your help and wising you a great night.
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Dec 30, 2016 at 07:48 PM
Dec 30, 2016 at 07:48 PM
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Dec 31, 2016 at 06:18 AM
Dec 31, 2016 at 06:18 AM
Hi Deb
There 30 malware that remain.
Your antivirus is still deactivated.
Please download and run ZHP Cleaner
https://nicolascoolman.eu
click on scan, then on clean and produce a report to be pasted here.
Open your McAfee and tell me of any me it says that your computer is secured.
Catch you later
There 30 malware that remain.
Your antivirus is still deactivated.
Please download and run ZHP Cleaner
https://nicolascoolman.eu
click on scan, then on clean and produce a report to be pasted here.
Open your McAfee and tell me of any me it says that your computer is secured.
Catch you later
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Updated by Queen1628 on 2/01/17 at 12:11 PM
Updated by Queen1628 on 2/01/17 at 12:11 PM
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Jan 2, 2017 at 12:16 PM
Jan 2, 2017 at 12:16 PM
Hi Ambucias, Happy New year, I cleaned the computer, but when I tried to respond to you via the computer, I couldn't. There's still something that's controlling the computer. The screen kept going up and down really fast. :-(
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Jan 2, 2017 at 04:59 PM
Jan 2, 2017 at 04:59 PM
Hi Deb
I have a three more things for you to do, but you must not omit anyone.
First
Go to your control panel, add/uninstall programs. Search for QuickTimePlayer and uninstall it.
Second
Copy the following bold lines:
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O4 - GS\CommonDesktop [Public]: QuickTime Player.lnk . (...) C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=compound%20subject%20verb%20agreement&[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=1%2B800%2Bmattress&l=www.1800mattress.[...]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Open ZHP Fix, close all other programs including this one, click on Import and clean as you did the first time.
Third and extremely important
Open your McAfee antivirus programme, tell me if it says that your computer is protected.
Good luck
I have a three more things for you to do, but you must not omit anyone.
First
Go to your control panel, add/uninstall programs. Search for QuickTimePlayer and uninstall it.
Second
Copy the following bold lines:
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O4 - GS\CommonDesktop [Public]: QuickTime Player.lnk . (...) C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=compound%20subject%20verb%20agreement&[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=1%2B800%2Bmattress&l=www.1800mattress.[...]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Open ZHP Fix, close all other programs including this one, click on Import and clean as you did the first time.
Third and extremely important
Open your McAfee antivirus programme, tell me if it says that your computer is protected.
Good luck
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Jan 4, 2017 at 03:15 PM
Jan 4, 2017 at 03:15 PM
Hi Ambucias, when I searched for QuickTimePlayer, it says that it cannot find... I also did a line by line check and cannot locate.. could it be under a different name?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Jan 4, 2017 at 05:13 PM
Jan 4, 2017 at 05:13 PM
Okay, go to the second phase and QuickPlayer.exe should get deleted.
Don't forget step three.
Don't forget step three.
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Jan 5, 2017 at 07:06 PM
Jan 5, 2017 at 07:06 PM
HI Ambucias: path to report: http://s000.tinyupload.com/?file_id=90218358427889129335
McAfee Total Protection: Virus and Spyware Protection: on
Web and Email protect: on
Mcafee Updates: current
subscription: active
McAfee Total Protection: Virus and Spyware Protection: on
Web and Email protect: on
Mcafee Updates: current
subscription: active
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Jan 6, 2017 at 04:57 AM
Jan 6, 2017 at 04:57 AM
Hi Deb
Using Explorer (not internet explorer but Windows file explorer) please find this file:
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
Once you have found it, please delete it.
Does your McAfee icon appear in your task bar, right bottom corner of your screen?
How is your machine performing ?
Using Explorer (not internet explorer but Windows file explorer) please find this file:
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
Once you have found it, please delete it.
Does your McAfee icon appear in your task bar, right bottom corner of your screen?
How is your machine performing ?
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Jan 6, 2017 at 03:50 PM
Jan 6, 2017 at 03:50 PM
path to new diag: http://s000.tinyupload.com/?file_id=03957778325916113326
mcAfee: is appearing on task bar. is active and on, and so far, appears to be good!
mcAfee: is appearing on task bar. is active and on, and so far, appears to be good!
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Updated by Queen1628 on 6/01/17 at 04:06 PM
Updated by Queen1628 on 6/01/17 at 04:06 PM
yikes, looks like I prematurely assessed! Screen still moving on it's own!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
>
Queen1628
Posts
13
Registration date
Wednesday December 28, 2016
Status
Member
Last seen
January 6, 2017
Jan 6, 2017 at 05:01 PM
Jan 6, 2017 at 05:01 PM
Hold on Deb I am working on it.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Jan 6, 2017 at 06:05 PM
Jan 6, 2017 at 06:05 PM
Deb,
The log you recently sent indicates that you do not have any antivirus nor a firewall.
In your system, not your own but your computer's there are remnants of AVG, Norton and Spybot. There is Norton Toolbar which may cause the flickering.
One
We will do a ZHP Fix again.
These are the lines:
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=compound%20subject%20verb%20agreement&[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=1%2B800%2Bmattress&l=www.1800mattress.[...]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID<bold>\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
O3 - Toolbar: 0xB1C218236549D4119B18009027A5CD4F - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} . (...) -- (.not file.)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (...) -- (.not file.)
HKCU\SOFTWARE\ASKDefaultSearch
O23 - Service: TightVNC Server (tvnserver) . (...) - C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_0214b_rel] (...) -- C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_0214b_rmv] (...) -- C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [Lenovo\SimpleTap\Start SimpleTap for QueenThorpe.Queen Thorpe] (...) -- C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: AVG-Secure-Search-Update_0214b_rel - (...) -- C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job [372] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: AVG-Secure-Search-Update_0214b_rmv - (...) -- C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job [374] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: AVG-Secure-Search-Update_0214b_rel - (...) -- C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rel [2666] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: AVG-Secure-Search-Update_0214b_rmv - (...) -- C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rmv [2668] (.Orphan.) =>.Superfluous.Orphan
O4 - HKLM\..\Wow6432Node\Run: [CouponXplorer Search Scope Monitor] C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [CouponXplorer_5z Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\5zbrmon.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Price Finder] . (.MindSpark Interactive Network - Price Finder Helper.) -- C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe {35A3F5CD3C5AFA643D822A93B2E89076}
P2 - EXT: (.ClientConnect Ltd. - InternetHelper3.2 .) -- C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Firefox\Profiles\x80rf77a.default\extensions\{4f223aef-c5be-479c-9070-c89015ff8348}
O34 - HKLM BootExecute: (sdnclean64.exe)
O43 - CFD: 03/09/2013 - [0] D -- C:\ProgramData\xfinity
O43 - CFD: 02/01/2017 - [0] D -- C:\Users\Queen Thorpe\AppData\Local\CrashRpt
O68 - StartMenuInternet: <aolfile_HTM> <AOL>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\PROGRA~2\AOLDES~1.7\aol.exe (.not file.)
O68 - StartMenuInternet: <aolfile_HTM> <AOL>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\PROGRA~2\AOLDES~1.7\aol.exe (.not file.)
O68 - StartMenuInternet: <aolfile_HTM> <AOL>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\PROGRA~2\AOLDES~1.7\aol.exe (.not file.)
[MD5.] [WIS][2016/12/30 13:22:39] (.Slimware Utilities Holdings, Inc. - Windows Installer XML Toolset (3.9.1006.0).) -- C:\Windows\Installer\66137.msi [34080]
C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe
C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Firefox\Profiles\x80rf77a.default\extensions\{4f223aef-c5be-479c-9070-c89015ff8348}
C:\Users\Queen Thorpe\AppData\Local\CrashRpt
C:\Windows\Installer\66137.msi
</bold>
Two(VBS script can't be found
This has to do with McAfee, to fix it:
Click on start button, type cmd. In the search result right-click on cmd and selectRun as administrator.
Type cd %windir%\system32 and press enter.
Type regsvr32 vbscript.dll in command prompt and press enter.
Three
Download and run this Malwarebyte cleaning software
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Four
Another ZHP Diag report.
You have your work cut out.
Cheers and have fun
P.S. Bizarre you got a very bad virus file connected from this site:www.1800mattress which is difficult to removed
The log you recently sent indicates that you do not have any antivirus nor a firewall.
In your system, not your own but your computer's there are remnants of AVG, Norton and Spybot. There is Norton Toolbar which may cause the flickering.
One
We will do a ZHP Fix again.
These are the lines:
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3289664.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=compound%20subject%20verb%20agreement&[...]
O69 - SBI: prefs.js [Queen Thorpe - x80rf77a.default] user_pref("CT3303797.LOCAL_COOKIE_THROTTLE_BASEloopbackhttp://up.autocompleteplus.com/up?q=1%2B800%2Bmattress&l=www.1800mattress.[...]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID<bold>\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
O3 - Toolbar: 0xB1C218236549D4119B18009027A5CD4F - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} . (...) -- (.not file.)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (...) -- (.not file.)
HKCU\SOFTWARE\ASKDefaultSearch
O23 - Service: TightVNC Server (tvnserver) . (...) - C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_0214b_rel] (...) -- C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_0214b_rmv] (...) -- C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [Lenovo\SimpleTap\Start SimpleTap for QueenThorpe.Queen Thorpe] (...) -- C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: AVG-Secure-Search-Update_0214b_rel - (...) -- C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job [372] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: AVG-Secure-Search-Update_0214b_rmv - (...) -- C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job [374] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: AVG-Secure-Search-Update_0214b_rel - (...) -- C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rel [2666] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: AVG-Secure-Search-Update_0214b_rmv - (...) -- C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rmv [2668] (.Orphan.) =>.Superfluous.Orphan
O4 - HKLM\..\Wow6432Node\Run: [CouponXplorer Search Scope Monitor] C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [CouponXplorer_5z Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\5zbrmon.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Price Finder] . (.MindSpark Interactive Network - Price Finder Helper.) -- C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe {35A3F5CD3C5AFA643D822A93B2E89076}
P2 - EXT: (.ClientConnect Ltd. - InternetHelper3.2 .) -- C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Firefox\Profiles\x80rf77a.default\extensions\{4f223aef-c5be-479c-9070-c89015ff8348}
O34 - HKLM BootExecute: (sdnclean64.exe)
O43 - CFD: 03/09/2013 - [0] D -- C:\ProgramData\xfinity
O43 - CFD: 02/01/2017 - [0] D -- C:\Users\Queen Thorpe\AppData\Local\CrashRpt
O68 - StartMenuInternet: <aolfile_HTM> <AOL>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\PROGRA~2\AOLDES~1.7\aol.exe (.not file.)
O68 - StartMenuInternet: <aolfile_HTM> <AOL>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\PROGRA~2\AOLDES~1.7\aol.exe (.not file.)
O68 - StartMenuInternet: <aolfile_HTM> <AOL>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\PROGRA~2\AOLDES~1.7\aol.exe (.not file.)
[MD5.] [WIS][2016/12/30 13:22:39] (.Slimware Utilities Holdings, Inc. - Windows Installer XML Toolset (3.9.1006.0).) -- C:\Windows\Installer\66137.msi [34080]
C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe
C:\Users\Queen Thorpe\AppData\Roaming\Mozilla\Firefox\Profiles\x80rf77a.default\extensions\{4f223aef-c5be-479c-9070-c89015ff8348}
C:\Users\Queen Thorpe\AppData\Local\CrashRpt
C:\Windows\Installer\66137.msi
</bold>
Two(VBS script can't be found
This has to do with McAfee, to fix it:
Click on start button, type cmd. In the search result right-click on cmd and selectRun as administrator.
Type cd %windir%\system32 and press enter.
Type regsvr32 vbscript.dll in command prompt and press enter.
Three
Download and run this Malwarebyte cleaning software
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Four
Another ZHP Diag report.
You have your work cut out.
Cheers and have fun
P.S. Bizarre you got a very bad virus file connected from this site:www.1800mattress which is difficult to removed
Dec 29, 2016 at 09:56 PM