Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sale Charger infection


  • Please log in to reply
11 replies to this topic

#1 mtnjim

mtnjim

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 16 May 2015 - 12:28 PM

recently infected with Sale Charger...very annoying.  suggestions?  I've already tried Malwarebytes Anti-Malware

and adwcleaner, also a full scan with my Norton software.
 
grrrr...lol
 
Jim


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 PM

Posted 16 May 2015 - 01:13 PM

Welcome to BC !

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

Scan your computer with these:

 

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  •  
  •  
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 mtnjim

mtnjim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 17 May 2015 - 08:16 AM

No HKCU:Run Amazon Cloud Player "C:\Users\James\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
No HKCU:Run ApplePhotoStreams C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run ConferenceRS C:\Program Files (x86)\Conference Recording Service\ConferenceRS.exe 
No HKCU:Run GarminExpressTrayApp Garmin Ltd or its subsidiaries "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
No HKCU:Run Google Update Google Inc. "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
No HKCU:Run GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
No HKCU:Run HLBackupScheduler Hyperlync Technologies Inc. "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
No HKCU:Run HPADVISOR Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
No HKCU:Run iCloudServices C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
No HKCU:Run ISUSPM "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
No HKCU:Run LightScribe Control Panel C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
No HKCU:Run msnmsgr "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
No HKCU:Run PhotoshopElements8SyncAgent Adobe Systems Incorporated C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
No HKCU:Run Speed Typing Invention Pilot, Inc "C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe"
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
No HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
No HKLM:Run APSDaemon "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No HKLM:Run CenturyLinkTouchPointAgent CenturyLink Inc "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
No HKLM:Run DivXMediaServer C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
No HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
No HKLM:Run HPCam_Menu CyberLink Corp. "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
No HKLM:Run hpqSRMon Hewlett-Packard C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
No HKLM:Run IAAnotif Intel Corporation C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
No HKLM:Run IntelliPoint Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
No HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
No HKLM:Run LWS Logitech Inc. C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
No HKLM:Run QlbCtrl.exe Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
No HKLM:Run RealDownloader RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
No HKLM:Run SmartMenu Hewlett-Packard Company C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
No HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
No HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
No HKLM:Run TkBellExe RealNetworks, Inc. "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
No HKLM:Run UpdatePRCShortCut CyberLink Corp. "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
No HKLM:Run WinampAgent "C:\Program Files (x86)\Winamp\winampa.exe"
No HKLM:Run WirelessAssistant Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
No Startup Common Bluetooth.lnk Broadcom Corporation. C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe 
No Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe 
No Startup Common Install LastPass FF RunOnce.lnk LastPass (Marvasol Inc) C:\PROGRA~2\COMMON~1\LPUNIN~1.EXE -q -name=LastPass -ffuuid support@lastpass.com
No Startup Common Install LastPass IE RunOnce.lnk LastPass (Marvasol Inc) C:\PROGRA~2\COMMON~1\LPUNIN~1.EXE -p -name=LastPass -ffuuid support@lastpass.com
No Startup Common RealPlayer Cloud Service UI.lnk RealNetworks, Inc. C:\PROGRA~2\Real\REALPL~1\RPDS\Bin64\RPSYST~1.EXE 
No Startup User OpenOffice.org 3.4.1.lnk C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE 
 
Adobe AIR Adobe Systems Incorporated 5/11/2015 17.0.0.144
Adobe Creative Cloud Adobe Systems Incorporated 4/21/2015 282 MB 3.0.0.74
Adobe Flash Player 17 ActiveX Adobe Systems Incorporated 4/14/2015 6.00 MB 17.0.0.169
Adobe Flash Player 17 NPAPI Adobe Systems Incorporated 4/16/2015 6.00 MB 17.0.0.169
Adobe Illustrator CC Adobe Systems Incorporated 2/24/2014 1.91 GB 17.0
Adobe Photoshop CC 2014 Adobe Systems Incorporated 2/2/2015 1.76 GB 15.2.2
Adobe Photoshop Elements 8.0 Adobe Systems Incorporated 11/30/2009 1.54 GB 8.0
Adobe Photoshop.com Inspiration Browser Adobe Systems Incorporated 11/30/2009 3.04
Adobe Premiere Elements 8.0 Adobe Systems Incorporated 11/30/2009 1.23 GB 8.0
Adobe Premiere Elements 8.0 Templates Adobe Systems Incorporated 11/30/2009 4,096 GB 8.0
Adobe Reader XI (11.0.11) Adobe Systems Incorporated 5/15/2015 184 MB 11.0.11
Amazon Cloud Player Amazon Services LLC 2/9/2014 2.3.0.422
Amazon Kindle For PC Amazon 4/20/2011
Audacity 2.0.6 Audacity Team 2/21/2015 47.2 MB 2.0.6
AudibleManager Audible, Inc. 12/14/2014 2007252222.48.56.4001002
BigGame CD 8/5/2012
BleuPage BleuPage Software 12/3/2014 59.9 MB 1.3.322
BookImageSoftware UNKNOWN 2/23/2014 0.0.0
Campaign Manager UNKNOWN 1/22/2014 1.0.0
Camtasia Studio 8 TechSmith Corporation 3/3/2015 398 MB 8.5.0.1954
CCleaner Piriform 5/16/2015 5.05
CenturyLink Installer CenturyLink, Inc. 11/26/2013 1.0
Citrix Online Launcher Citrix 12/30/2013 286 KB 1.0.168
Compatibility Pack for the 2007 Office system Microsoft Corporation 5/15/2015 587 MB 12.0.6612.1000
Corel PDF Fusion Corel Corporation 2/9/2014 180 MB 1.12
Domain Samurai Alliance Software Pty Ltd 12/3/2014 0.03.71
EasySketchPro version 1.1.0 Inner Cirle Riches 2/3/2015 303 MB 1.1.0
Explaindio Video Creator version 1.014 Explaindio LLC 4/25/2015 604 MB 1.014
FB LeadJoiner UNKNOWN 2/15/2014 1.0
Garmin Communicator Plugin Garmin Ltd or its subsidiaries 9/3/2013 14.6 MB 4.0.4
Garmin Communicator Plugin x64 Garmin Ltd or its subsidiaries 9/3/2013 22.7 MB 4.0.4
Garmin Express Garmin Ltd or its subsidiaries 9/3/2013 30.2 MB 2.2.21
Garmin MapSource Garmin Ltd or its subsidiaries 9/3/2013 57.9 MB 6.16.3
Garmin USB Drivers Garmin Ltd or its subsidiaries 9/3/2013 121 KB 2.3.0.0
GIMP 2.8.10 The GIMP Team 1/6/2014 267 MB 2.8.10
Google Chrome Google Inc. 2/21/2013 42.0.2311.152
Google Drive Google, Inc. 5/7/2015 37.3 MB 1.21.9226.6034
Google Earth Plug-in Google 3/10/2014 83.8 MB 7.1.2.2041
Google Earth Pro Google 2/6/2015 104 MB 7.1.2.2041
Google Talk Plugin Google 4/21/2015 15.0 MB 5.41.2.0
GoToMeeting 7.1.8.2553 CitrixOnline 4/13/2015 7.1.8.2553
Gramblr Gramblr 7/2/2014 1.0.0
HandBrake 0.10.0 2/16/2015 0.10.0
HP 3D DriveGuard Hewlett-Packard 8/25/2009 3.27 MB 4.0.3.1
HP Advisor Hewlett-Packard 4/17/2010 51.4 MB 3.2.9652.3188
HP Customer Participation Program 13.0 HP 11/30/2009 13.0
HP Document Manager 2.0 HP 11/30/2009 2.0
HP Imaging Device Functions 13.0 HP 11/30/2009 13.0
HP Integrated Module with Bluetooth wireless technology Broadcom Corporation 8/25/2009 144 MB 6.2.0.9602
HP MediaSmart DVD Hewlett-Packard 8/31/2010 95.2 MB 3.0.3309
HP MediaSmart Internet TV Hewlett-Packard 8/25/2009 52.2 MB 3.0.1916
HP MediaSmart Live TV Hewlett-Packard 8/25/2009 77.6 MB 3.0.1924
HP MediaSmart Movie Themes Hewlett-Packard 8/25/2009 399 MB 3.0.3102
HP MediaSmart Music/Photo/Video Hewlett-Packard 8/25/2009 401 MB 3.0.3123
HP MediaSmart SmartMenu Hewlett-Packard 8/25/2009 1.85 MB 3.0.30.1
HP MediaSmart Software Notebook Demo Hewlett-Packard 8/25/2009 47.7 MB 1.00.0000
HP MediaSmart Webcam Hewlett-Packard 8/25/2009 81.7 MB 3.0.1913
HP Photosmart Essential 3.5 HP 11/30/2009 3.5
HP Quick Launch Buttons Hewlett-Packard Company 6/9/2010 6.50.16.1
HP Setup Hewlett-Packard 8/8/2009 1.2.3220.3079
HP Smart Web Printing 4.60 HP 12/18/2009 4.60
HP Solution Center 13.0 HP 11/30/2009 13.0
HP Support Assistant Hewlett-Packard Company 1/17/2014 80.8 MB 7.4.45.4
HP Update Hewlett-Packard 8/9/2009 2.96 MB 5.001.000.014
HP User Guides 0153 Hewlett-Packard 8/9/2009 177 MB 1.01.0000
HP Wireless Assistant Hewlett-Packard 8/3/2010 4.00 MB 3.50.12.1
IDT Audio IDT 4/17/2010 1.0.6230.0
Intel® Matrix Storage Manager Intel Corporation 4/17/2010
Interst Architect InnAnTech Industries Inc. 2/20/2015 1.0.0.4
Java 8 Update 31 Oracle Corporation 1/25/2015 74.0 MB 8.0.310
Jing TechSmith Corporation 1/19/2013 10.9 MB 2.8.13007.1
JMicron Flash Media Controller Driver JMicron Technology Corp. 8/25/2009 1.0.32.1
JVZoo Video Pro JVZoo.com 2/25/2015 70.8 MB 1.5.1
LAME v3.99.3 (for Windows) 2/22/2015 1.52 MB
LastPass (uninstall only) LastPass 2/9/2015
LG VZW United Drivers LG Electronics 10/30/2014 7.57 MB 2.16.1
Localizer Leads Tool Viper Consulting, LLC 2/1/2015 3.5.7
Logitech Webcam Software Logitech Inc. 3/10/2014 2.40
LSI HDA Modem LSI Corporation 8/25/2009 16.0 KB 2.1.94
Malwarebytes Anti-Malware version 2.1.6.1022 Malwarebytes Corporation 5/16/2015 57.5 MB 2.1.6.1022
ManyCam 4.0.97 Visicom Media Inc. 6/4/2014 4.0.97
MapSource Garmin Ltd. and its subsidiaries 9/3/2013 6.0
MapSource - US Topo v3.02 9/15/2010
Market Samurai Alliance Software Pty Ltd 12/3/2014 0.93.40
Microsoft .NET Framework 4.5.1 Microsoft Corporation 2/25/2014 38.8 MB 4.5.50938
Microsoft IntelliPoint 7.0 Microsoft 5/16/2010 30.1 MB 7.0.260.0
Microsoft Office 365 - en-us Microsoft Corporation 4/30/2015 15.0.4711.1003
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 5/15/2015 133 MB 12.0.6612.1000
Microsoft Office Professional Plus 2013 - en-us Microsoft Corporation 4/30/2015 15.0.4711.1003
Microsoft Silverlight Microsoft Corporation 5/15/2015 348 MB 5.1.40416.0
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2/22/2013 570 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2/22/2013 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 10/22/2014 1.41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 3/28/2013 600 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 3/29/2013 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/2/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 4/21/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 4/21/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 4/21/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 4/21/2015 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 4/21/2015 17.1 MB 12.0.21005.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 10/16/2014 10.0.50903
Microsoft Works Microsoft Corporation 10/11/2012 1.20 GB 9.7.0621
Mozilla Firefox 37.0.2 (x86 en-US) Mozilla 4/24/2015 84.3 MB 37.0.2
Mozilla Maintenance Service Mozilla 9/20/2014 331 KB 32.0.2
MPC-HC 1.6.5.6366 MPC-HC Team 1/23/2013 21.5 MB 1.6.5.6366
MPM Hewlett-Packard 11/30/2009 148 KB 1.00.0000
Norton AntiVirus Symantec Corporation 11/26/2013 21.7.0.11
OCR Software by I.R.I.S. 13.0 HP 11/30/2009 13.0
Officejet Pro 8500 A909 Series HP 11/30/2009 13.0
OpenOffice.org 3.4.1 Apache Software Foundation 12/3/2012 314 MB 3.41.9593
Qilio Jai Ganesh Venkateswaran 9/6/2014 1.0.7
RealPlayer Cloud RealNetworks 11/21/2014 91.7 MB 17.0.15
Realtek 8136 8168 8169 Ethernet Driver Realtek 8/25/2009 1.00.0007
Shop for HP Supplies HP 11/30/2009 13.0
Skype Click to Call Microsoft Corporation 3/15/2015 14.7 MB 7.3.16540.9015
Skype™ 7.4 Skype Technologies S.A. 5/4/2015 90.3 MB 7.4.102
Slack Slack Technologies 3/28/2015 52.2 MB 1.0.0
SmartSound Quicktracks for Premiere Elements 8.0 SmartSound Software Inc 11/30/2009 18.1 MB 3.11.3090
Social Post Browser AppBreed Software of InnAnTech Industries Inc. 2/20/2015 1.0.0.0
SocialFormula UNKNOWN 4/13/2015 0.0.0
Speed Typing 3/9/2011
Synaptics Pointing Device Driver Synaptics Incorporated 4/17/2010 14.0.0.3
Tee Inspector AppBreed Software of InnAnTech Industries Inc. 3/24/2015 1.0.1.2
The Logo Creator v5.2 4/26/2010
TubeDetective UNKNOWN 12/14/2012 1.0.4
TubeTracker UNKNOWN 6/27/2013 1.1.4
TubeViperX UNKNOWN 5/11/2015 1.5.0
Video Ads Academy UNKNOWN 1/26/2015 1.0.0
VideoMakerFX Webvati 5/8/2015 1.1
VideoMakerFX Anniversary Bonus Slides Webvati 5/8/2015 11.5 MB 1.00
Viewlio Web1 Syndication, Inc. 2/3/2015 1.2.1
VLC media player VideoLAN 12/4/2014 2.1.5
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) Garmin 9/3/2013 06/03/2009 2.3.0.0
Windows Media Player Firefox Plugin Microsoft Corp 2/19/2010 296 KB 1.0.0.8
Wireless Transfer App for Windows 1.31 SocuSoft Co.,Ltd 2/12/2014 3.13 MB 1.31
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by James on Sat 05/16/2015 at 14:32:29.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update webget
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{05388A4B-7D0B-44A3-93C0-08860BD850D7}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{053E2E27-2B13-4227-AE08-50796DB84B93}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{220B1751-C191-459F-848B-D69ECD4A9C80}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{294C2405-37B8-4C6C-88C5-993742055413}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{34DCB5DD-A354-4EA4-8A24-60583FFDC879}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{357A6153-C530-475F-91FC-072FCA87C2FA}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4D4A25CF-3982-4438-902A-2C39C783492F}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{547D81E8-0566-4FB5-A021-4FA291FFDAEE}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{5C80E9F8-DA7E-4472-855D-F8E283B1344E}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{61F19B65-25E3-4CD8-9946-4198EC01B884}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{6DB33389-4B8E-4CA3-BCBD-BF6A7E4802BB}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{6F6BCD81-D3DE-4924-A21F-E343AFBDA861}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{85DD9C76-0C09-430E-B9E8-BCA1590A29DA}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{9226F4E2-2E57-4A06-A87D-4B0AD82868F2}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{93DB2251-A6CC-459A-81C8-EEBC050569B7}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{94C3C9D7-9F90-4CDD-B5BC-F5AC527A97B1}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{9E7E7AA9-3275-4850-B718-9A4E4C7AD272}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{A3BAC94F-D91A-46F3-9191-309832902193}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{BC80C506-CB9D-40E2-AC65-4E25D5C80B32}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{C2E81611-B96A-441E-8153-C1E9850AAAE6}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{C58E63C8-0EEA-4E34-B071-2D2C6A7C4C19}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{CD177B14-D22F-4250-BF64-EBC39C97BEE9}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{D0FB509A-49A3-494C-9E5F-44D94CCB02D5}
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/16/2015 at 14:37:29.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad\Updater.bak.vir a variant of Win32/BrowseFox.AU potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad\Updater.exe.vir a variant of Win32/BrowseFox.AU potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\2\Plugin.exe.vir a variant of Win32/BrowseFox.AP potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\2bak\Plugin.exe.vir a variant of Win32/BrowseFox.AP potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\3\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\3bak\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\4\Plugin.exe.vir a variant of Win32/BrowseFox.AT potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\4bak\Plugin.exe.vir a variant of Win32/BrowseFox.AT potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\8\Plugin.exe.vir a variant of Win32/BrowseFox.AT potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\8bak\Plugin.exe.vir a variant of Win32/BrowseFox.AT potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugincontainer.bak.vir a variant of Win32/BrowseFox.AU potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugincontainer.exe.vir a variant of Win32/BrowseFox.AU potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\7zip\7zip-setup.exe Win32/DownloadAdmin.A.Gen potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\paint\DriverPerformer_V15.exe a variant of Win32/TrojanDownloader.Whizelown.I trojan cleaned by deleting - quarantined
C:\Users\James\Downloads\paint\gimp_31.exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\popup domination\popup-domination-standalone-2.0.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\wordpress\plugins\plugin-bot-V.1.3.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\wordpress\plugins\popup-domination-2.0.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\Tobri.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\James\Downloads\YontooClientSetup.exe multiple threats cleaned by deleting - quarantined
D:\tshirt business\tools\FreeMP3CutterUltimate.exe a variant of Win32/InstallCore.YV potentially unwanted application deleted - quarantined


#4 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 PM

Posted 17 May 2015 - 09:21 AM

Eset found and removed/ quarantined some malware. Rerun AdwCleaner. Post the results of what it finds....if anything.

 

I don't see the list of Scheduled Tasks as requested. Please post those using CCleaner's Tools.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 mtnjim

mtnjim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 17 May 2015 - 09:50 AM

scheduled tasks from ccleaner:

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-James-PC-James Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task Apple Diagnostics C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task G2MUpdateTask-S-1-5-21-3271777147-391010560-2698729403-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\James\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-3271777147-391010560-2698729403-1001Core Google Inc. C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-3271777147-391010560-2698729403-1001UA Google Inc. C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForJames Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForJames (null)
Yes Task Microsoft Office 15 Sync Maintenance for James-PC-James James-PC Microsoft Corporation C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
Yes Task RealDownloader Update Check RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler
Yes Task RealDownloaderDownloaderScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes Task RealDownloaderRealUpgradeLogonTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
Yes Task RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task RealUpgradeLogonTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealUpgradeScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes Task {3003C9C0-4326-4472-9255-9456F36EF1FA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32.exe -c C:\Program Files (x86)\The Logo Creator v5\uninstal.log
Yes Task {3516F4D7-4566-49F3-A28D-C3F978F4BDF9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Research In Motion\BlackBerry Administration Service 1.0.1\Setup.exe" -d "C:\Research In Motion\BlackBerry Administration Service 1.0.1"
Yes Task {B087DF37-3B08-4358-BB9A-C974BF0A07BA} Skype Technologies S.A. C:\Program Files (x86)\Skype\Phone\Skype.exe
Yes Task {DC008571-7AF3-4C67-B4EB-F45E75A3E9AB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
  
 
running AdwCleaner again...
 
# AdwCleaner v4.204 - Logfile created 17/05/2015 at 08:55:39
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\adwcleaner_4.204.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17356
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.152
 
 
-\\ Chromium v
 
[C:\Users\James\AppData\Local\Chromium\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_ir_15_18&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EyDyB0ByEyD0FzyzyzyyEtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0CtA0C0CyDtCtG0FyByBzytGtDyC0DyEtGtBzz0AzytGyC0EyEzz0AtDyB0FtA0CyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtByB0EtBtC0DyCtG0FzzyCyDtGyEzyyB0AtGzy0AtBtCtG0E0FyCyCyEyE0AyB0FtBtAyB2QtN0A0LzutB&cr=727818688&ir=&uref=chmm
[C:\Users\James\AppData\Local\Chromium\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : id":1001,"keyword":"Dregol
 
*************************
 
AdwCleaner[R0].txt - [16744 bytes] - [15/05/2015 12:44:18]
AdwCleaner[R1].txt - [1559 bytes] - [17/05/2015 08:53:03]
AdwCleaner[S0].txt - [16116 bytes] - [15/05/2015 12:46:22]
AdwCleaner[S1].txt - [1488 bytes] - [17/05/2015 08:55:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1547  bytes] ##########
 
 
from security check:
 

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton AntiVirus Online   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (37.0.2) 
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
 Norton AntiVirus Engine 21.7.0.11 NAV.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

Edited by mtnjim, 17 May 2015 - 10:13 AM.


#6 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 PM

Posted 17 May 2015 - 11:50 AM

You should update Java or as most users have found out...they don't use or need it. Be sure the old Java is uninstalled as older versions are malware magnets like old Flash are.

Update IE, too.

 

Disable these Tasks: (use CCleaner by clicking on each Task to highlight and choosing Disable on the right)

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-James-PC-James Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task Apple Diagnostics C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task G2MUpdateTask-S-1-5-21-3271777147-391010560-2698729403-1001 Citrix Online, a division of Citrix Systems, Inc. C:\Users\James\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-3271777147-391010560-2698729403-1001Core Google Inc. C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-3271777147-391010560-2698729403-1001UA Google Inc. C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForJames Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForJames (null)
Yes Task RealDownloader Update Check RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler
Yes Task RealDownloaderDownloaderScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes Task RealDownloaderRealUpgradeLogonTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
Yes Task RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task RealUpgradeLogonTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealUpgradeScheduledTaskS-1-5-21-3271777147-391010560-2698729403-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes Task {3003C9C0-4326-4472-9255-9456F36EF1FA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32.exe -c C:\Program Files (x86)\The Logo Creator v5\uninstal.log
Yes Task {3516F4D7-4566-49F3-A28D-C3F978F4BDF9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Research In Motion\BlackBerry Administration Service 1.0.1\Setup.exe" -d "C:\Research In Motion\BlackBerry Administration Service 1.0.1"
Yes Task {DC008571-7AF3-4C67-B4EB-F45E75A3E9AB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
 
Consider getting rid of Real Player....unless you absolutely need it. I consider it spyware and adware intensive and almost impossible to keep from adding itself back into startup and tasks.
 
Is adware still appearing? If so, in which browser(s)?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 mtnjim

mtnjim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 17 May 2015 - 01:22 PM

I got rid of Java and RealPlayer, and updated IE.  I disabled all those tasks in ccleaner.

 

And yes, "sale charger" adware is still showing up in Chrome.

 

What now?



#8 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 PM

Posted 17 May 2015 - 01:31 PM

Try resetting Chrome. If that doesn't get rid of Sale Charger then you will need to delete your Chrome profile...do a clean uninstall.

 

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your Chrome browser settings
  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 mtnjim

mtnjim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 17 May 2015 - 01:48 PM

resetting Chrome did not work.  how do I delete my Chrome profile...do a clean uninstall?



#10 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 PM

Posted 17 May 2015 - 02:02 PM

I think when you attempt to uninstall in the Add/ Remove listings of programs, Chrome will ask if you want to remove the profile or not. If that is not the case then use

Revo Uninstaller Free in Advanced Mode to uninstall Chrome....that is likely your best bet for a clean uninstall.

Download Revo Uninstaller Freeware

 

Let me know if that works. If not, I've done all I can do in this forum and will give you instructions for starting a new topic in the Malware Removal Forum.

 

 

EDIT: From the horse's mouth....Google:

 

ou can remove Google Chrome like any other Windows program.

Uninstall Chrome in Windows XP

  1. Close all Chrome windows and tabs.
  2. Go to the& Start menu > Control Panel.
  3. Click Add or Remove Programs.
  4. Double-click Google Chrome.
  5. Click Remove.
  6. Click Uninstall from the confirmation dialog. If you want to delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

Uninstall Chrome in Windows Vista/ Windows 7/ Windows 8

  1. Close all Chrome windows and tabs.
  2. Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  3. Click Programs and Features.
  4. Double-click Google Chrome.
  5. Click Uninstall from the confirmation dialog. If you want to delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

Did the browser come packaged with other software on your computer? If so, your version of Google Chrome may be installed system-wide and you'll need to log in to a user account with administrative rights on your computer to uninstall the browser. Uninstalling a system-wide version of Google Chrome removes the browser for all user accounts on your computer.


Edited by buddy215, 17 May 2015 - 02:07 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 mtnjim

mtnjim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 17 May 2015 - 02:27 PM

I used control panel to uninstall chrome, then downloaded and installed chrome again...and it seems to have worked!  No "sale charger" showing up in Chrome now!

 

Thanks a bunch for your help, but would this have worked right from the start without going thru all that other stuff?  The friggin' eset thing alone took over 6 hours...

 

Jim



#12 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 PM

Posted 17 May 2015 - 03:06 PM

No.  Eset removed trojan downloaders responsible for downloading other adware and possibly the one giving you so much trouble. Those trojans and adware come piggy backed

onto free stuff among other ways such as just visiting an infected site or opening an email attachment.

 

If the crapware comes back, let me know. Crapware has been known to creep back in.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users