Jump to content

smackjack22

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by smackjack22

  1. Thank you so much Brigester. I did have the mediavideoplayer in my add remove programs but it was installed a weak ago and I only noticed the issue yesterday tricky tricky.... I didn't find any files when searching for mediavideoplayer but hopefully this issue is now solved. Don't know for sure yet as i have just removed it and restarted my computer waiting to see if pop ups are still coming up. I should of figured I didn't install a media player a week ago and that was suspicious but I didn't ahhh. I know in the rules it says you are not suppose to give advice in forums unless you are an expert but I am sure glad you did thanks a lot!
  2. Ok here is my Malwarebytes and Rogue killer results Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.06.21.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16921 Kyle :: KYLE-PC [limited] Protection: Enabled 6/22/2014 12:19:00 PM mbam-log-2014-06-22 (12-19-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 289538 Time elapsed: 9 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) User : Kyle [Admin rights] Mode : Scan -- Date : 06/22/2014 12:55:28 ¤¤¤ Bad processes : 1 ¤¤¤ [suspicious.Path] aim.exe -- C:\Users\Kyle\AppData\Local\AOL\AIM\aim.exe[7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3065669881-1852518512-931670863-1000\Software\Microsoft\Windows\CurrentVersion\Run | AIM for Windows : "C:\Users\Kyle\AppData\Local\AOL\AIM\aim.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3065669881-1852518512-931670863-1000\Software\Microsoft\Windows\CurrentVersion\Run | AIM for Windows : "C:\Users\Kyle\AppData\Local\AOL\AIM\aim.exe" -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \\{CBFBD86B-EDA4-49C2-B8A9-8F3A2D32F1BD} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Kyle\Desktop\frd.exe -d C:\Users\Kyle\Desktop) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 10 ¤¤¤ [EAT:Addr] (iexplore.exe) gdiplus.dll - DirectInput8Create : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717ecc8e [EAT:Addr] (iexplore.exe) gdiplus.dll - DllCanUnloadNow : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717ec945 [EAT:Addr] (iexplore.exe) gdiplus.dll - DllGetClassObject : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717ec8d3 [EAT:Addr] (iexplore.exe) gdiplus.dll - DllRegisterServer : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717f9f76 [EAT:Addr] (iexplore.exe) gdiplus.dll - DllUnregisterServer : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717f9f98 [EAT:Addr] (iexplore.exe) gdiplus.dll - DirectInput8Create : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717ecc8e [EAT:Addr] (iexplore.exe) gdiplus.dll - DllCanUnloadNow : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717ec945 [EAT:Addr] (iexplore.exe) gdiplus.dll - DllGetClassObject : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717ec8d3 [EAT:Addr] (iexplore.exe) gdiplus.dll - DllRegisterServer : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717f9f76 [EAT:Addr] (iexplore.exe) gdiplus.dll - DllUnregisterServer : C:\Windows\SysWOW64\DINPUT8.dll @ 0x717f9f98 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-22A7B0 ATA Device +++++ --- User --- [MBR] bfa0f367947824ac2ff5b63155841be7 [bSP] a4dfaec4a2bc17de1120522682bb739f : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20467712 | Size: 300374 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 635633664 | Size: 300111 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Seagate Expansion Desk USB Device +++++ Error reading User MBR! ([57] The parameter is incorrect. ) Error reading LL1 MBR! ([79] The semaphore timeout period has expired. ) Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Seagate Expansion Desk USB Device +++++ --- User --- [MBR] a96474639bdb6630e2b1a5ae08e6e592 [bSP] 6dfd13ec719f2c19d68dc891f5fecdfb : Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907728 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Seagate Expansion Desk USB Device +++++ Error reading User MBR! ([57] The parameter is incorrect. ) Error reading LL1 MBR! ([79] The semaphore timeout period has expired. ) Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Seagate Expansion Desk USB Device +++++ --- User --- [MBR] 0265147efff2d8c4f2a1e255bdf32e47 [bSP] 3c8253e1791b6246dba66bb232b29820 : Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Seagate Expansion Desk USB Device +++++ --- User --- [MBR] 33702e07880bc349b188e1433ebdb54e [bSP] 555afaf0aee8f9507f1636ff94875143 : Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907728 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  3. Ok sorry I didn't read the sticky before posting this. I am posting the 2 log files which I believe is the only thing I need to provide now. Also want to point out I am not able to use the download feature of firefox since this has happened Addition.txt FRST.txt
  4. http://malwarefixes....s-com-redirect/ http://www.precisese...-com-start-page this is only happening on Firefox and not google chrome which i also am using. I have tried to reinstall firefox after I have completed the scans. I have followed the instructions from those 2 links but the issue hasn't been solved.Malware bytes does not pick up any infected software now when scanning my system. Either does Microsoft security scan. Windows updates are fully up to date. Malware bytes anti rootkit did not find anything either. Nothing named EVP or anything suspicious that was installed lately is in the add/remove programs. This issue just started today. I keep getting directed to this website http://www.big-countries.net/ and http://www.howinternetworks.pl/index.php as well as other very similar basic websites that all have the same 4 tabs at the top and they all say Generated by EVP at the bottom of the page for example... www.big-countries.com - All rights reserved - 2014 Generated by EVP www.howinternetworks.pl - All rights reserved - 2014 Generated by EVPAnybody else have any suggestions please. It's really frustrating when nothing is being picked up by scans and this is still happening.
  5. http://malwarefixes.com/remove-big-countries-com-redirect/ http://www.precisesecurity.com/adware/remove-big-countries-com-start-page I have followed the instructions from those 2 links but the issue hasen't been solved.Malware bytes does not pick up any infected software now when scanning my system. https://forums.malwarebytes.org/index.php?app=forums&module=post&section=post&do=new_post&f=41 I posted as Kyle from this site on what I have tried and what I am stuck on. If anybody can please help I would appreciate it.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.