Solved Whole Page Pop Up Voice & All Claims I have been hacked

[cableman]

So sorry. I was sick and it seems that I cannot read what is right in front of me. LOG Results :
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Cableman (2016-11-17 10:18:32) Run:1
Running from C:\Users\Cableman\Desktop
Loaded Profiles: Cableman (Available Profiles: Cableman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-10-03 07:22 - 2016-10-03 07:24 - 0000216 _____ () C:\Users\Cableman\AppData\Roaming\nuvotonISP.lua
2015-07-29 17:39 - 2016-09-29 06:11 - 0001057 _____ () C:\Users\Cableman\AppData\Roaming\vso_ts_preview.xml
2016-08-31 10:43 - 2016-09-22 11:42 - 0000600 _____ () C:\Users\Cableman\AppData\Local\PUTTY.RND
2016-10-29 08:11 - 2016-10-29 08:11 - 0026846 _____ () C:\ProgramData\agent.1477743110.bdinstall.bin
2016-11-03 03:42 - 2016-11-03 03:42 - 0028765 _____ () C:\ProgramData\agent.1478158927.bdinstall.bin
C:\Users\Cableman\multibit-hd-windows-x64-0.3.0.exe
AlternateDataStreams: C:\Users\Cableman\Desktop\ComboFix.exe:BDU


*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
catchme => service removed successfully
C:\Users\Cableman\AppData\Roaming\nuvotonISP.lua => moved successfully
C:\Users\Cableman\AppData\Roaming\vso_ts_preview.xml => moved successfully
C:\Users\Cableman\AppData\Local\PUTTY.RND => moved successfully
C:\ProgramData\agent.1477743110.bdinstall.bin => moved successfully
C:\ProgramData\agent.1478158927.bdinstall.bin => moved successfully
C:\Users\Cableman\multibit-hd-windows-x64-0.3.0.exe => moved successfully
"C:\Users\Cableman\Desktop\ComboFix.exe" => ":BDU" ADS not found.

==== End of Fixlog 10:18:33 ====

 

[cableman]

I am truly sorry. I have really been rattled. Is this it? :
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Cableman (2016-11-17 17:39:05) Run:2
Running from C:\Users\Cableman\Desktop
Loaded Profiles: Cableman (Available Profiles: Cableman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-10-03 07:22 - 2016-10-03 07:24 - 0000216 _____ () C:\Users\Cableman\AppData\Roaming\nuvotonISP.lua
2015-07-29 17:39 - 2016-09-29 06:11 - 0001057 _____ () C:\Users\Cableman\AppData\Roaming\vso_ts_preview.xml
2016-08-31 10:43 - 2016-09-22 11:42 - 0000600 _____ () C:\Users\Cableman\AppData\Local\PUTTY.RND
2016-10-29 08:11 - 2016-10-29 08:11 - 0026846 _____ () C:\ProgramData\agent.1477743110.bdinstall.bin
2016-11-03 03:42 - 2016-11-03 03:42 - 0028765 _____ () C:\ProgramData\agent.1478158927.bdinstall.bin
C:\Users\Cableman\multibit-hd-windows-x64-0.3.0.exe
AlternateDataStreams: C:\Users\Cableman\Desktop\ComboFix.exe:BDU


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
catchme => service not found.
"C:\Users\Cableman\AppData\Roaming\nuvotonISP.lua" => File/Folder not found.
"C:\Users\Cableman\AppData\Roaming\vso_ts_preview.xml" => File/Folder not found.
"C:\Users\Cableman\AppData\Local\PUTTY.RND" => File/Folder not found.
"C:\ProgramData\agent.1477743110.bdinstall.bin" => File/Folder not found.
"C:\ProgramData\agent.1478158927.bdinstall.bin" => File/Folder not found.
"C:\Users\Cableman\multibit-hd-windows-x64-0.3.0.exe" => File/Folder not found.
"C:\Users\Cableman\Desktop\ComboFix.exe" => ":BDU" ADS not found.

==== End of Fixlog 17:39:06 ====

 

[cableman]

My browser has been driving me crazy opening more browsers and the same dang virus scan at extreme loud volumes day and night.

 

[Broni]

Which browser?
Firefox?

 

[cableman]

Yes, I have used Firefox for years and I know some don't like it but it is set up just like I want it. I have had to add the adblock plugin to keep out the ads but it has been worth it and for watching movies I get very little buffering and don't have to use a VPN that screws up my banking info when logging in. I don't know what is going on but if fulll version of BiitDefender willl fix this then I am open to get it on money back guarantee.

 

[cableman]

I want to fix my image first though so I have clean copy to always boot from if we can.

 

[cableman]

What am I doing wrong? I downloaded your fix to the desktop to the other file and the software used it to make fix log like you asked. I saw everything right. I wanted to make bitcoin transfer now I am getting popping sound like someone flipping finger on bottom of paper cup so I did not enter password and the noise won't stop. What the hell is going on?????

 

[cableman]

God bless America. This popping noise is DRIVING MR CRAZY. I HAVE READ EVERYTHING MANY TIMES AND I AM EDUCATED MAN BUT I CANT SPELL I AM SO FRUSTRATED WHAT THE HECK IS HAPPENING TO ME? IT ISMADNESS I DONT KNOW IF I CAN BEAR TO LOOK IT OVER AGAIN

 

[cableman]

I WANT TO BEAT MYSELF INTO INCONSCIIOUSNESSS

 

[cableman]

THIS POPPINS SOUND IS TOO MUCH TO BEAR

 

[cableman]

HAVE TO SHUT DOWN

 

[Broni]

Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

If the above didn't help...

Uninstall Firefox completely using this manual: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer
NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy.

 

[cableman]

I have done this properly twice. I don't know why it is not posting. Doing again

 

[cableman]

Here is the fix log for the 3rd time. . I make mistakes, first one was mine but this computer is giving me hell.

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Cableman (2016-11-20 08:06:31) Run:3
Running from C:\Users\Cableman\Desktop
Loaded Profiles: Cableman (Available Profiles: Cableman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-10-03 07:22 - 2016-10-03 07:24 - 0000216 _____ () C:\Users\Cableman\AppData\Roaming\nuvotonISP.lua
2015-07-29 17:39 - 2016-09-29 06:11 - 0001057 _____ () C:\Users\Cableman\AppData\Roaming\vso_ts_preview.xml
2016-08-31 10:43 - 2016-09-22 11:42 - 0000600 _____ () C:\Users\Cableman\AppData\Local\PUTTY.RND
2016-10-29 08:11 - 2016-10-29 08:11 - 0026846 _____ () C:\ProgramData\agent.1477743110.bdinstall.bin
2016-11-03 03:42 - 2016-11-03 03:42 - 0028765 _____ () C:\ProgramData\agent.1478158927.bdinstall.bin
C:\Users\Cableman\multibit-hd-windows-x64-0.3.0.exe
AlternateDataStreams: C:\Users\Cableman\Desktop\ComboFix.exe:BDU


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
catchme => service not found.
"C:\Users\Cableman\AppData\Roaming\nuvotonISP.lua" => File/Folder not found.
"C:\Users\Cableman\AppData\Roaming\vso_ts_preview.xml" => File/Folder not found.
"C:\Users\Cableman\AppData\Local\PUTTY.RND" => File/Folder not found.
"C:\ProgramData\agent.1477743110.bdinstall.bin" => File/Folder not found.
"C:\ProgramData\agent.1478158927.bdinstall.bin" => File/Folder not found.
"C:\Users\Cableman\multibit-hd-windows-x64-0.3.0.exe" => File/Folder not found.
"C:\Users\Cableman\Desktop\ComboFix.exe" => ":BDU" ADS not found.

==== End of Fixlog 08:06:31 ====

 

[cableman]

By the way, reset browser, updated adblockers. there were some new good ones out there and I am doing better on the firefox. Thanks

 

[Broni]

Good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Broni]

Still with me?

 

[cableman]

I'm here, sorry, everything I have touched this last week has broken and I have been working around the clock trying to keep up with repairs around the house. I am finishing the scans now. Thank you for your patience, I really do appreciate your help and I don't take you for granted even though it may seem so. My luck has been awful this past couple of weeks. Running scans, next post will have the logs. Doing it now.

 

[cableman]

Security Check Log :
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus Free Antimalware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java 8 Update 111
Java version 32-bit out of Date!
Adobe Flash Player 23.0.0.207
Mozilla Firefox (50.0)
Mozilla Thunderbird (45.5.0)
````````Process Check: objlist.exe by Laurent````````
Bitdefender Antivirus Free vsserv.exe
Bitdefender Antivirus Free vsservppl.exe
Bitdefender Antivirus Free updatesrv.exe
Bitdefender Antivirus Free bdagent.exe
Bitdefender Agent ProductAgentService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[cableman]

Farbar Security Scanner Log :
Farbar Service Scanner Version: 27-01-2016
Ran by Cableman (administrator) on 26-11-2016 at 08:12:05
Running from "C:\Users\Cableman\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[cableman]

Sophos Virus Removal Tool : No threats found, no log, see attachment.

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[cableman]

OK. everything seems to be working properly again thanks to your help. I think I will take this time to make a recovery DVD and I have a 500GB external hard drive that I have not been using so I think I will make an image of my system while it is clean so in the future I can just use the recovery DVD and re-install my windows 7 system complete with programs, files, bookmarks,etc. What are your thoughts on this?

 

[Broni]

Very good idea.
Good luck and stay safe