Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8/8.1 - IE 11 - browser/adware?


  • Please log in to reply
11 replies to this topic

#1 ol2shews

ol2shews

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:31 AM

Posted 11 January 2014 - 04:54 PM

Until I purchased this computer I had not had problems with seeing odd things like us.lrd.yahoo or hsrd.yahoo when I try

to sign into my yahoo account or just use IE 11 to search for something. My sites I usually go to don't even look right.

Any help would be much appreciated.

 

Thanks,

 

Karen



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 11 January 2014 - 08:49 PM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
4. As a final step, download and scan with Malwarebytes Anti-Malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ol2shews

ol2shews
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:31 AM

Posted 11 January 2014 - 10:48 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/11/2014 07:45:11 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/11/2014 07:45:35 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)



#4 ol2shews

ol2shews
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:31 AM

Posted 11 January 2014 - 10:53 PM

# AdwCleaner v3.016 - Report created 11/01/2014 at 19:50:17

# Updated 23/12/2013 by Xplode

# Operating System : Windows 8.1 (64 bits)

# Username : Karen Louise - SAMSUNG

# Running from : C:\Users\Karen Louise\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

 

*************************

AdwCleaner[R1].txt - [486 octets] - [11/01/2014 19:50:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [545 octets] ##########



#5 ol2shews

ol2shews
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:31 AM

Posted 11 January 2014 - 11:57 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8.1 x64
Ran by Karen Louise on Sat 01/11/2014 at 20:07:40.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/11/2014 at 20:12:01.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.12.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Karen Louise :: SAMSUNG [administrator]

Protection: Enabled

1/11/2014 8:19:28 PM
mbam-log-2014-01-11 (20-19-28).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 351958
Time elapsed: 33 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 12 January 2014 - 07:54 AM

I see no evidence of browser adware...try Resetting Internet Explorer 11 settings back to default:
* How to reset Internet Explorer 11 to default settings
* Reset/Restore Internet Explorer 11 Settings
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ol2shews

ol2shews
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:31 AM

Posted 13 January 2014 - 10:24 AM

I did reset IE 11 and did not notice a difference in the odd things that I was seeing. There are several settings that are greyed out in which I

cannot change.I just did a malwarebytes flash scan and noticed where it says scan items disabled. Would that be effecting it's ability to scan

my entire system? I also have seen several notices recently where it will say I am using an old browser etc.  Even though I do not have

firefox or google chrome I have seen things showing that it is still installed on my computer. I am also enclosing a notice from yahoo. It says

I have IE 8 and I am using and have been using IE 11. I saw a posting somewhere that other people have solved the same problem I

( the us.lrd.yahoo and the hsrd.yahoo. I have also seen about.blank.)   have by removing the yahoo toolbar. I also wanted to let you know that

the normal sites I go to never remember my computer. Here is the notice I always receive from my account on Etsy:

 

Hello Karen,

Someone (hopefully you!) signed into your account through a new device or browser. If you chose to remember the device or browser below,

you will not be notified the next time you use it to sign in.

Device Name: Unknown on Unknown OS

 

 

I also requested a windows 8 installation disc from Samsung and I just received it. Would you advise me to just reinstall from scratch? I really don't

have too much on this computer yet. So it would not be a problem, I just wonder if it is advisable, especially with all of the updates. I'm not sure if

I would have to reinstall them or can I save them to my scan disc.

 

Thank you,

 

Karen

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.12.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Karen Louise :: SAMSUNG [administrator]

Protection: Enabled

1/13/2014 7:02:15 AM
mbam-log-2014-01-13 (07-02-15).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 209664
Time elapsed: 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

Yahoo Yahoo - Sign Out - Help

Internet Explorer 8 optimized for Yahoo

Sorry, Internet Explorer 8 optimized for Yahoo is not available for your system.

The Yahoo optimized version of Internet Explorer 8 is only available for the following operating systems:

Windows XP 32-bit Service Pack 2 (SP2) or higher

Windows Vista

Windows Vista 64-bit

Windows Server 2008

Windows Server 2008 64-bit

You can still customize your experience:

Set Yahoo as your homepage. Click here.

Download Yahoo Toolbar to organize your Web experience

Questions about your Operating System? Ask the Yahoo Community on Yahoo Answers

Copyright © 2013 Yahoo Inc. All rights reserved. Copyright/IP Policy | Terms of Service | Help

Windows, Internet Explorer, and the Internet Explorer logo are trademarks or registered trademarks of Microsoft Corporation.

NOTICE: We collect personal information on this site. To learn more about how we use your information, see our Privacy Policy


Edited by ol2shews, 13 January 2014 - 11:36 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 13 January 2014 - 11:54 AM


Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.
  • -- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 ol2shews

ol2shews
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:31 AM

Posted 13 January 2014 - 12:58 PM

Hi,

 

I just came across this message (see below) when I went online and selected Eset run online scanner (blue button). I did not hit the green

button to download the 30 day trial. Hope that was correct. Anyway, the main concern is the message below ( this is what I have been

coming across and meant by something is just not right). I thought it be would be best to ask you first if I should continue with the scanner

or what do you  think I should do next? Thanks for your help.

 

p.s.  Right before that I came across this message:

 

::(26EE0668-A00A-44D7-9371-BEB064C98683)\0

The remote procedure call failed

 

I had originally tried clicking on your link for eset and it was not loading. Down below on the bottom screen it read

"blank something" ( I forget exactly ), so I still had the malwarebytes anti-malware on my computer and I decided

to uninstall it. I normally have Bitdefender total security and have been having problems with it just recently. Samsung

support center  is showing in their message box  "antivirus multiple installation error". I will click resolve and it will show

two installations of Bitdefender total security with a place for me to uninstall. Once I click uninstall nothing happens. I

tried deleting and cannot seem to remove it. Not sure what to do with that issue. When I put my pointer over the

B in the lower R taskbar section it shows continually  "Bitdefender services are loading now, please wait. I do have over

200 days left on my subscription. Basically the only protection I have now is Windows defender. I am not quite sure if this

is enough. I know one thing at a time. I am not trying to have you answer this all at once, but if I don't mention it when it

comes to mind I may not remember.

 

 

 

Karen

 

 

 

 

 

 

Internet browser support

You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components.

To download ESET Smart Installer click the link below.

After successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.


Edited by ol2shews, 13 January 2014 - 01:21 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 13 January 2014 - 01:16 PM

That is a legit message from Eset. It is one you see when attempting to run the online scan with another browser like Firefox.

When IE is detected, there is a different messaage where you read the EULA and check a box accepted the terms of use.

So it appears IE11 is not being detected as IE11.


Please download MiniToolBox by farbar and save it to your desktop.

Close all open browsers, double-click on the file to launch the utility and place a checkmark in the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List Installed Programs
Click Go and a log file named Result.txt will open in Notepad with the results. Copy and paste the contents in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 ol2shews

ol2shews
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:31 AM

Posted 13 January 2014 - 02:22 PM

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Karen Louise (administrator) on 13-01-2014 at 11:19:48
Running from "C:\Users\Karen Louise\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

=========================== Installed Programs ============================

AllSharePlayLink (Version: 1.0.0)
Bitdefender Total Security (Version: 17.23.0.996)
Easy File Share (Version: 1.3.6)
Help Desk (Version: 1.0.96)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216)
Qualcomm Atheros Client Installation Program (Version: 10.0)
Quick Starter (Version: 1.0.2)
Realtek Card Reader (Version: 6.2.9200.39052)
Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (Version: 6.1.8400.39030)
Recovery (Version: 6.0.10.0)
Revo Uninstaller 1.95 (Version: 1.95)
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8)
S Agent (Version: 1.1.45)
Settings (Version: 2.0.1)
Support Center (Version: 2.1.1106)
Support Center FAQ (Version: 1.0.11)
SW Update (Version: 2.1.21)
Synaptics Pointing Device Driver (Version: 16.2.14.2)
User Guide (Version: 1.4.00)

**** End of log ****



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 13 January 2014 - 02:40 PM

No junk programs are showing installed.

From everything I've seen, this does not appear to be a malware issue. However, the tools we use in this forum are not capable of detecting all malware variants. If you want a more comprehensive check to eliminate malware as a possible issue, you can do the following:

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users