Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With BAIDU


  • Please log in to reply
22 replies to this topic

#1 Johnny 5 Alive

Johnny 5 Alive

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 06 November 2014 - 08:22 AM

Anyone know what this is and how to get rid of it permanently?

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 AM

Posted 06 November 2014 - 10:33 AM

Baidu is a Chinese search engine. First, look in browsers and disable it if it is listed in search engines. If you need help with

finding the lists of engines then give what browsers you have installed and which is the default browser.

 

Use the programs below to find and remove adware/ malware that may be responsible for Baidu appearing on your computer.

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars...especially Yahoo.

CCleaner - PC Optimization and Cleaning - Free Download

 

 

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

ESET SCAN

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 06 November 2014 - 03:26 PM

This is strange. I downloaded JRT.exe and when I executed it, almost immediately, it popped up a notepad window with a file name of get.bat. Then it just sat there. I saved it to my desktop and when I try to execute it, all it does is reopen the notepad. I tried to disassociate .BAT with note pad and the system will not let me. says I must select another program to open the file.



#4 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 AM

Posted 06 November 2014 - 03:33 PM

For now, run the Eset scan. Not sure what is going on with JRT.

 

Run a scan using MBAM. Allow it to remove whatever it finds.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 06 November 2014 - 04:39 PM

Not only did jrt.exe not work when I used the ctrl key and pressed east button I was taken to a page that immediately threw up pop ups and opened new windows. All of which were or looked very suspicious. I only tried to get out of there, which took a couple of minutes. Too many too fast.

I am running ma'am now, which I normally do once every week or two.

Edited by Johnny 5 Alive, 06 November 2014 - 04:39 PM.


#6 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 AM

Posted 06 November 2014 - 04:51 PM

Try this link for JRT. Be sure that you have shut down all active antivirus programs. If you have Spybot S&D shut it down or better...uninstall it.

Uninstall the JRT you have now.

Junkware Removal Tool Download Link  

 

Were you able to update MBAM before scanning with it?


Edited by buddy215, 06 November 2014 - 04:52 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 06 November 2014 - 04:51 PM

Now while in Firefox browser, I keep getting ads by finance alert.



#8 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 06 November 2014 - 04:53 PM

Yes, I was able to update MBAM.



#9 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 06 November 2014 - 05:19 PM

Jrt still doesn't do anything. I believe this is what is happening, when I start jrt it creates a bat file from where it should start it's processes, since my system is considering it to be opened as a file with notepad, it doesn't start it just opens the file. Need to do away with that file type association.

#10 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 AM

Posted 06 November 2014 - 05:31 PM

Post the logs of  AdwCleaner, MBAM and Eset when the Eset scan is finished.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 06 November 2014 - 10:29 PM

MBAM Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2014
Scan Time: 5:09:44 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025

++++++++++++++++++++++++++

ADW Log (RO)

# AdwCleaner v3.214 - Report created 06/07/2014 at 13:35:50
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : John - JOHN-DT-WIN7
# Running from : H:\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : J:\Program Files\Optimizer Pro
Folder Found : J:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y7m18lth.default\Extensions\firefoxdav@icloud.com

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : J:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y7m18lth.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : J:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1478 octets] - [06/07/2014 13:35:50]

########## EOF - J:\AdwCleaner\AdwCleaner[R0].txt - [1538 octets] ##########

++++++++++++++++

ADW Log (R1)

# AdwCleaner v3.311 - Report created 06/11/2014 at 11:30:52
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : John - JOHN-DT-WIN7
# Running from : D:\Program Files\Utils\System\ADWCleaner\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : J:\ProgramData\Browser
Folder Found : J:\Users\John\AppData\Roaming\Browser Extensions

***** [ Scheduled Tasks ] *****

Task Found : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : J:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y7m18lth.default\prefs.js ]

Line Found : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=800236&p={searchTerms}");

-\\ Google Chrome v38.0.2125.111

[ File : J:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1618 octets] - [06/07/2014 12:35:50]
AdwCleaner[R1].txt - [1510 octets] - [06/11/2014 11:30:52]
AdwCleaner[S0].txt - [1703 octets] - [06/07/2014 12:39:50]

########## EOF - J:\AdwCleaner\AdwCleaner[R1].txt - [1630 octets] ##########
 

Malware Database: v2014.11.06.09
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: John

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1057186
Time Elapsed: 4 hr, 28 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.FinanceAlert.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FinanceAlert, Quarantined, [f3a83105403c90a6069ff8e4926fc838],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.FinanceAlert.A, J:\Users\John\AppData\Local\FinanceAlert, Quarantined, [0d8e8aacf28ae1558e6e73b8aa597e82],

Files: 4
PUP.Optional.SafeInstall.A, H:\Downloads\adobeflashplayer.exe, Quarantined, [3d5eb4823844ab8bf1a8b8ac33cee51b],
PUP.Optional.FinanceAlert.A, J:\ProgramData\WcbEXW\dat\WkGhDsEyzA.dll, Quarantined, [fba00c2aa7d561d5e963dd54e223758b],
PUP.Optional.FinanceAlert.A, J:\ProgramData\FinanceAlert\uninstall.exe, Quarantined, [f3a83105403c90a6069ff8e4926fc838],
PUP.Optional.FinanceAlert.A, J:\Users\John\AppData\Local\FinanceAlert\data2.dat, Quarantined, [0d8e8aacf28ae1558e6e73b8aa597e82],

Physical Sectors: 0
(No malicious items detected)


(end)

++++++++++++++++++++++

ADW (S1)

# AdwCleaner v3.311 - Report created 06/11/2014 at 11:35:24
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : John - JOHN-DT-WIN7
# Running from : D:\Program Files\Utils\System\ADWCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : J:\ProgramData\Browser
Folder Deleted : J:\Users\John\AppData\Roaming\Browser Extensions

***** [ Scheduled Tasks ] *****

Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKLM\SOFTWARE\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : J:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y7m18lth.default\prefs.js ]

Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=800236&p={searchTerms}");

-\\ Google Chrome v38.0.2125.111

[ File : J:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1618 octets] - [06/07/2014 12:35:50]
AdwCleaner[R1].txt - [1710 octets] - [06/11/2014 11:30:52]
AdwCleaner[S0].txt - [1703 octets] - [06/07/2014 12:39:50]
AdwCleaner[S1].txt - [1651 octets] - [06/11/2014 11:35:24]

########## EOF - J:\AdwCleaner\AdwCleaner[S1].txt - [1711 octets] ##########
 



#12 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 AM

Posted 07 November 2014 - 04:17 AM

Open CCleaner and click on Tools. Click on Uninstall. At the bottom of that page is a button when clicked on will allow

you to copy and paste the list of programs installed on your computer back here. Please post the list.

 

I saw no mention of Baidu in any scans. But I don't see the results of the Eset scan. Did you review the add-ons in each browser.....especially the Search Engine lists?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 07 November 2014 - 07:39 AM

CCleaner Uninstall List

 

Adobe Acrobat 6.0 Professional    Adobe Systems    6/6/2014    296 MB    006.000.000
Adobe Flash Player 15 Plugin    Adobe Systems Incorporated    10/18/2014    6.00 MB    15.0.0.189
Adobe Photoshop 7.0    Adobe Systems, Inc.    6/10/2014        7.0
Adobe Reader XI (11.0.09)    Adobe Systems Incorporated    9/16/2014    183 MB    11.0.09
Agent Ransack    Mythicsoft Ltd    8/3/2014    30.4 MB    7.0.822.1
Apple Application Support    Apple Inc.    10/22/2014    96.3 MB    3.1
Apple Mobile Device Support    Apple Inc.    10/22/2014    18.8 MB    8.0.5.6
Apple Software Update    Apple Inc.    6/10/2014    2.38 MB    2.1.3.127
Atomic Clock Sync        4/25/2014        
Avast Free Antivirus    AVAST Software    10/31/2014        10.0.2206
Bonjour    Apple Inc.    6/10/2014    1.02 MB    3.0.0.10
Brother MFL-Pro Suite MFC-9560CDW    Brother Industries, Ltd.    10/29/2014        1.1.5.0
Brother Product Research and Support Program    Brother Industries, Ltd.    6/2/2014    1.61 MB    2.1.0.0000
CCleaner    Piriform    9/26/2014        4.18
Citrix Online Launcher    Citrix    9/16/2014    290 KB    1.0.220
Compatibility Pack for the 2007 Office system    Microsoft Corporation    10/18/2014    227 MB    12.0.6612.1000
CutePDF Writer 3.0    Acro Software Inc.    6/17/2014         3.0
Dropbox    Dropbox, Inc.    9/19/2014        2.10.30
EasyBCD 2.2    NeoSmart Technologies    5/7/2014        2.2
Everything 1.3.4.686 (x86)        11/1/2014        
ExamDiff 1.9 (Build 1.9.0.0)    PrestoSoft LLC    8/3/2014    1.23 MB    1.9.0.0
FileZilla Client 3.8.1    Tim Kosse    7/11/2014    18.1 MB    3.8.1
Free PDF to Word Converter 5.1.0.383    Smart Soft    6/25/2014        5.1.0.383
Free PDF to Word Doc Converter v1.1    www.hellopdf.com    6/25/2014        1.1
Google Chrome    Google Inc.    6/14/2014        38.0.2125.111
GoToMeeting 6.4.5.1865    CitrixOnline    11/1/2014        6.4.5.1865
HijackThis 2.0.2    TrendMicro    8/6/2014        2.0.2
iCloud    Apple Inc.    11/5/2014    60.1 MB    4.0.5.20
Image Resizer for Windows    Brice Lambson    6/10/2014    2.30 MB    3.0.4802.35565
iTunes    Apple Inc.    10/22/2014    224 MB    12.0.1.26
Java 7 Update 71    Oracle    10/29/2014    119 MB    7.0.710
Malwarebytes Anti-Malware version 2.0.2.1012    Malwarebytes Corporation    6/11/2014    53.1 MB    2.0.2.1012
Microsoft .NET Framework 4.5.1    Microsoft Corporation    2/12/2014    38.8 MB    4.5.50938
Microsoft Office File Validation Add-In    Microsoft Corporation    6/1/2014    10.9 MB    14.0.5130.5003
Microsoft Office Home and Business 2013 - en-us    Microsoft Corporation    4/6/2014        15.0.4569.1508
Microsoft Office Standard Edition 2003    Microsoft Corporation    4/9/2014    1.03 GB    11.0.8173.0
Microsoft Office XP Resource Kit Tools    Microsoft Corporation    5/13/2014    14.4 MB    10.0.6403.0
Microsoft OneDrive    Microsoft Corporation    4/25/2014    26.7 MB    17.0.4035.0328
Microsoft Silverlight    Microsoft Corporation    7/25/2014    67.0 MB    5.1.30514.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    6/2/2014    300 KB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    8/30/2014    600 KB    9.0.30729.6161
Mozilla Firefox 32.0.3 (x86 en-US)    Mozilla    9/24/2014    75.6 MB    32.0.3
Mozilla Maintenance Service    Mozilla    5/12/2014    341 KB    29.0.1
MSXML 4.0 SP3 Parser    Microsoft Corporation    6/2/2014    1.47 MB    4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694)    Microsoft Corporation    6/5/2014    1.54 MB    4.30.2117.0
Nuance PaperPort 12    Nuance Communications, Inc.    6/2/2014    201 MB    12.1.0000
Nuance PDF Viewer Plus    Nuance Communications, Inc    6/2/2014    38.2 MB    5.30.3290
NVIDIA 3D Vision Driver 335.23    NVIDIA Corporation    4/23/2014        335.23
NVIDIA Graphics Driver 335.23    NVIDIA Corporation    4/23/2014        335.23
NVIDIA Update 10.4.0    NVIDIA Corporation    4/23/2014        10.4.0
PaperPort Image Printer    Nuance Communications, Inc.    6/2/2014    521 KB    1.00.0001
PDFill FREE PDF Writer    PlotSoft LLC    6/17/2014    17.8 MB    11.0
QuickTime 7    Apple Inc.    10/29/2014    70.2 MB    7.76.80.95
Recuva    Piriform    11/1/2014        1.51
Skype™ 6.20    Skype Technologies S.A.    10/4/2014    27.0 MB    6.20.104
SUPERAntiSpyware    SUPERAntiSpyware.com    10/6/2014    44.4 MB    6.0.1158
TeamViewer 9    TeamViewer    9/16/2014        9.0.32494
Tweaking.com - Windows Repair (All in One)    Tweaking.com    11/1/2014        2.10.0
WinMerge 2.12.4    Thingamahoochie Software    11/1/2014        2.12.4
YPOPs! 0.9.7.3        8/2/2014        
 

I edited the Registry and deleted entries for BAIDU except for 4 or 6, and those would not allow me to delete them.

 

I only looked at Firefox, my default browser. I will check them now.

 

Search Engines Installed:

 

Bing

Wikipedia (en)

Yahoo! (Avast)

Google

Amazon.com

eBay

Twitter

 

I can not get eset to run. BAT files are not executed!



#14 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:02:56 AM

Posted 07 November 2014 - 09:08 AM

Success, Bat file now run and JRT says it completed and this is the report.

++++++++++++++++++++

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Professional x86
Ran by John on Fri 11/07/2014 at  9:00:24.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\tasks_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "J:\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/07/2014 at  9:04:19.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#15 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 AM

Posted 07 November 2014 - 09:34 AM

Have you used this....Tweaking.com - Windows Repair (All in One) to repair the file associations, etc?

 

You have several PDF readers....not a problem...just curious as to why.

Do you actually use the old Adobe Acrobat 6? If not, I suggest you uninstall as all non-updated or not updateable Adobe products are malware magnets.

At the least if you use it, I would suggest disabling its browser plugins until needed.

 

Have you scanned recently using Avast?......using Super Antispyware? If not, I suggest you do.

 

EDIT: I just now saw you posted the JRT log...good.

Attempt the Eset scan again. It is really good at finding adware and malware.


Edited by buddy215, 07 November 2014 - 09:37 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users