Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cassiopesa?


  • Please log in to reply
14 replies to this topic

#1 markus2482

markus2482

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 29 May 2015 - 05:11 PM

I recently downloaded a file for free word processing software and all of a sudden had this strange icon on my taskbar and a matching shortcut on the desktop. It gave me an option to make Chromium my default browser.  Now every time I open a browser it links me to this Cassiopesa site. Whatever it is it has co-opted my search engines and default browsers. 
 
Is this a virus? What do I do?

Edit: Topic moved from Windows 8 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 29 May 2015 - 06:07 PM

Welcome to BC !

 

Use Download Revo Uninstaller Freeware to uninstall Cassiopesa and Tny_Cassiopesa in Advanced Mode.

 

Use AdwCleaner to cleanup browser shortcuts, find and remove other adware.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by buddy215, 29 May 2015 - 06:08 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 markus2482

markus2482
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 03 June 2015 - 01:18 AM

Hello and thank you! Those downloads seemed most helpful. I have included logs as requested.
 
Thank you!
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 8.1 x64
Ran by Markus2482 on Fri 05/29/2015 at 18:52:34.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\knctr
Successfully deleted: [Folder] C:\Users\Markus2482\appdata\local\installer
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
~~~ Chrome
 
 
[C:\Users\Markus2482\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Markus2482\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Markus2482\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Markus2482\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/29/2015 at 18:57:17.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/29/2015
Scan Time: 6:21:45 PM
Logfile: MBAM1.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.29.07
Rootkit Database: v2015.05.24.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Markus2482
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349745
Time Elapsed: 24 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 11
PUP.Optional.Cassiopesa.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Tny_Cassiopesa, Quarantined, [bdaef3a6107a72c4f3040576c5400df3], 
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\Object Browser-nv-ie, Quarantined, [135880195b2f70c6aa9da8430ef5a957], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7bf07f1ae5a567cf58b0b42f2fd4f10f], 
PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BED67F4B-AD6C-4DE8-98F2-EFB5BE5AFE5A}, Quarantined, [bdae46536c1e0a2cabaa8bf11beaff01], 
PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv, Quarantined, [b3b82871800a82b4b790da1620e335cb], 
PUP.Optional.iWebar.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\iWebar-nv-ie, Quarantined, [2c3f7c1d38524ee81730a8480ef507f9], 
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\Object Browser-nv-ie, Quarantined, [442759406f1bea4c90b806e5f80b53ad], 
PUP.Optional.ProPCCleaner.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\ProPCCleanerLanguage, Quarantined, [77f4b3e6eb9fb383c63f4d2d0bfa0bf5], 
PUP.Optional.RapidMediaConverter.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\RapidMediaConverterApp, Quarantined, [8fdcc6d3f79389adc9b9ef8a9c698080], 
PUP.Optional.Cassiopesa.C, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\tny_cassiopesa, Quarantined, [165556435b2fe74f2ccf8eede52029d7], 
PUP.Optional.UpdateAdmin.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\DOWNLOADADMIN\UpdateAdmin, Quarantined, [e4870c8d96f450e629ebf6fab350fa06], 
 
Registry Values: 6
PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BED67F4B-AD6C-4DE8-98F2-EFB5BE5AFE5A}|DisplayName, Pro PC Cleaner, Quarantined, [bdae46536c1e0a2cabaa8bf11beaff01]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1D1688D8-E704-11E4-8266-F8A963EB21FB}|URL, http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_tight1_15_22&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0BtBtC0F0BtCzz0BtBtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0CyD0FzzyEtB0AtGyCyC0F0DtGyC0CtCtDtGtAyCzyyDtG0EtAtD0EyCyCyByE0EzyyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByDzytC0FtByD0FtGtD0BtDyBtGyE0E0F0FtGzztAyEzytGzzyC0A0ByBtC0CyDyCtCtA0A2QtN0A0LzuyE&cr=331737706&ir=, Quarantined, [c0ab2871cac057df144f0e6e39ccea16]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1D1688D8-E704-11E4-8266-F8A963EB21FB}|TopResultURLFallback, http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_tight1_15_22&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0BtBtC0F0BtCzz0BtBtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0CyD0FzzyEtB0AtGyCyC0F0DtGyC0CtCtDtGtAyCzyyDtG0EtAtD0EyCyCyByE0EzyyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByDzytC0FtByD0FtGtD0BtDyBtGyE0E0F0FtGzztAyEzytGzzyC0A0ByBtC0CyDyCtCtA0A2QtN0A0LzuyE&cr=331737706&ir=, Quarantined, [7af14653d5b557df441f90ecd72e3ec2]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1D1688D8-E704-11E4-8266-F8A963EB21FB}|FaviconPath, C:\Users\Markus2482\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, Quarantined, [da91d4c5f8921e18065dfb816e97e31d]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1D1688D8-E704-11E4-8266-F8A963EB21FB}, Cassiopesa, Quarantined, [17546138a7e3b5813330750730d55ba5]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1D1688D8-E704-11E4-8266-F8A963EB21FB}|DisplayName, Cassiopesa, Quarantined, [9bd009905139fc3a80e3423a4eb748b8]
 
Registry Data: 2
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~3\{5E59B~1\1172~1.1\faca.dll C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL, Good: (), Bad: (C:\PROGRA~3\{5E59B~1\1172~1.1\faca.dll),Replaced,[04676b2e098190a6d630215c5da88d73]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-3934674207-1368026408-355032992-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.cassiopesa.com/?f=1&a=csp_tight1_15_22&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0BtBtC0F0BtCzz0BtBtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0CyD0FzzyEtB0AtGyCyC0F0DtGyC0CtCtDtGtAyCzyyDtG0EtAtD0EyCyCyByE0EzyyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByDzytC0FtByD0FtGtD0BtDyBtGyE0E0F0FtGzztAyEzytGzzyC0A0ByBtC0CyDyCtCtA0A2QtN0A0LzuyE&cr=331737706&ir=, Good: (www.google.com), Bad: (http://www.cassiopesa.com/?f=1&a=csp_tight1_15_22&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0BtBtC0F0BtCzz0BtBtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0CyD0FzzyEtB0AtGyCyC0F0DtGyC0CtCtDtGtAyCzyyDtG0EtAtD0EyCyCyByE0EzyyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByDzytC0FtByD0FtGtD0BtDyBtGyE0E0F0FtGzztAyEzytGzzyC0A0ByBtC0CyDyCtCtA0A2QtN0A0LzuyE&cr=331737706&ir=),Replaced,[05669affdeac1e18d5dd47e651b58a76]
 
Folders: 12
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, Quarantined, [2f3c1e7b2f5b8da9ea5660849a690af6], 
PUP.Optional.ProPCCleaner.A, C:\Users\Markus2482\Documents\ProPCCleaner, Quarantined, [3f2cf3a6305aa195c63980f97a8ba25e], 
PUP.Optional.ProPCCleaner.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner, Quarantined, [91da1b7e4644e05601008eec4abb1de3], 
PUP.Optional.Cassiopesa.C, C:\Program Files (x86)\Tny_Cassiopesa, Quarantined, [bdaef3a6107a72c4f3040576c5400df3], 
PUP.Optional.ProPCCleaner.A, C:\Windows\Installer\{BED67F4B-AD6C-4DE8-98F2-EFB5BE5AFE5A}, Quarantined, [da917a1f088275c11b3814680cf95ba5], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro, Quarantined, [1655306985053ef8225f9548996a9b65], 
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver, Quarantined, [1655306985053ef8225f9548996a9b65], 
PUP.Optional.RapidMediaConverter.A, C:\Program Files (x86)\RapidMediaConverter, Quarantined, [e982d9c0b7d386b02f0124bc020151af], 
PUP.Optional.RapidMediaConverter.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter, Quarantined, [5a110b8e8a000a2ced4416ca0df643bd], 
PUP.Optional.RapidMediaConverter.A, C:\Users\Markus2482\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter, Quarantined, [6a014b4ed7b3b97d7db45a8630d3f40c], 
 
Files: 30
PUP.Optional.Nova.A, C:\Program Files (x86)\ac3656bb-7b73-4938-8188-427edd5fbfc1\978b63a1-999d-4e9c-825f-70c541dba9cc.dll, Quarantined, [0665a7f266243df9a02123f061a15aa6], 
PUP.Optional.Nova.A, C:\Program Files (x86)\ac3656bb-7b73-4938-8188-427edd5fbfc1\cd4271b2-0620-48ae-8f04-b67a5e504977.dll, Quarantined, [3635dabf0e7c66d0863b72a18b776e92], 
PUP.Optional.SpeedBit, C:\Users\Markus2482\AppData\Local\Installer\Install_12059\DCytdieair_airdc_setup.exe, Quarantined, [d4971f7aa6e4df5745f8d87837cbdf21], 
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, Quarantined, [2f3c1e7b2f5b8da9ea5660849a690af6], 
PUP.Optional.Winsock.HijackBoot, C:\Users\Markus2482\AppData\Local\Temp\VOTPrxr.log, Quarantined, [8ae16f2a4e3cdc5aea7383f3fb0a9c64], 
PUP.Optional.RapidMediaConverter.A, C:\Users\Public\Desktop\Rapid Media Converter.lnk, Quarantined, [c0ab4e4be7a39a9c3c42f089768f4eb2], 
PUP.Optional.RapidMediaConverter.A, C:\Users\Markus2482\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk, Quarantined, [c6a5eaaf7812a78f077a8ced16ef9868], 
PUP.Optional.ProPCCleaner.A, C:\Users\Markus2482\Documents\ProPCCleaner\log.txt, Quarantined, [3f2cf3a6305aa195c63980f97a8ba25e], 
PUP.Optional.ProPCCleaner.A, C:\Users\Markus2482\Documents\ProPCCleaner\errors, Quarantined, [3f2cf3a6305aa195c63980f97a8ba25e], 
PUP.Optional.ProPCCleaner.A, C:\Users\Markus2482\Documents\ProPCCleaner\errors_data, Quarantined, [3f2cf3a6305aa195c63980f97a8ba25e], 
PUP.Optional.ProPCCleaner.A, C:\Users\Markus2482\Documents\ProPCCleaner\fileerrors, Quarantined, [3f2cf3a6305aa195c63980f97a8ba25e], 
PUP.Optional.ProPCCleaner.A, C:\Users\Markus2482\Documents\ProPCCleaner\fileerrors_data, Quarantined, [3f2cf3a6305aa195c63980f97a8ba25e], 
PUP.Optional.ProPCCleaner.A, C:\Users\Markus2482\Documents\ProPCCleaner\logerror.txt, Quarantined, [3f2cf3a6305aa195c63980f97a8ba25e], 
PUP.Optional.ProPCCleaner.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner\Pro PC Cleaner.lnk, Quarantined, [91da1b7e4644e05601008eec4abb1de3], 
PUP.Optional.Cassiopesa.C, C:\Program Files (x86)\Tny_Cassiopesa\config.dat, Quarantined, [bdaef3a6107a72c4f3040576c5400df3], 
PUP.Optional.Cassiopesa.C, C:\Program Files (x86)\Tny_Cassiopesa\Sqlite3.dll, Quarantined, [bdaef3a6107a72c4f3040576c5400df3], 
PUP.Optional.Cassiopesa.C, C:\Program Files (x86)\Tny_Cassiopesa\uninst.dat, Quarantined, [bdaef3a6107a72c4f3040576c5400df3], 
PUP.Optional.Cassiopesa.C, C:\Program Files (x86)\Tny_Cassiopesa\uninstall.exe, Quarantined, [bdaef3a6107a72c4f3040576c5400df3], 
PUP.Optional.Cassiopesa.C, C:\Windows\Tasks\Tny_cassiopesa.job, Quarantined, [2c3faaefcfbb80b607f3a8d39b6ad42c], 
PUP.Optional.ProPCCleaner.A, C:\Windows\Installer\{BED67F4B-AD6C-4DE8-98F2-EFB5BE5AFE5A}\Pro_PC_Cleaner_Icon.exe, Quarantined, [da917a1f088275c11b3814680cf95ba5], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\Sqlite3.dll, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\dExtent, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\extent, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\faca.dll, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\fiber.js, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\hdat1, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.Amonetize.A, C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\hdat2, Quarantined, [04676b2e098190a6d630215c5da88d73], 
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml, Quarantined, [1655306985053ef8225f9548996a9b65], 
PUP.Optional.RapidMediaConverter.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter\Rapid Media Converter.lnk, Quarantined, [5a110b8e8a000a2ced4416ca0df643bd], 
PUP.Optional.RapidMediaConverter.A, C:\Users\Markus2482\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter\Uninstall RapidMediaConverter.lnk, Quarantined, [6a014b4ed7b3b97d7db45a8630d3f40c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v4.205 - Logfile created 02/06/2015 at 22:14:36
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Markus2482 - MARK
# Running from : C:\Users\Markus2482\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\Markus2482\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Markus2482\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
[C:\Users\Markus2482\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [16524 bytes] - [29/05/2015 17:49:47]
AdwCleaner[R1].txt - [14322 bytes] - [29/05/2015 18:00:08]
AdwCleaner[R2].txt - [1121 bytes] - [29/05/2015 18:15:08]
AdwCleaner[R3].txt - [1473 bytes] - [02/06/2015 22:08:02]
AdwCleaner[R4].txt - [1334 bytes] - [02/06/2015 22:14:36]
AdwCleaner[S0].txt - [13646 bytes] - [29/05/2015 18:01:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1453 bytes] ##########
 


#4 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 03 June 2015 - 06:26 AM

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

 


Download Windows Repair (all in one) from here

  • install and then run the program
  • at the top, click on the Repairs button & make sure that “Automatically Do a Registry Backup” is checked. When it is finished you will see a message saying that the Registry is backed up
  • click the Open Repairs button
  • on the “Start Repairs” tab click Start


    DwysfIW.jpg
     

  • at the “Repair Options” screen, be sure the following are selected:


    Reset Registry Permissions
    Remove Policies Set By Infections
    Repair Winsock and DNS cache

     

  • also check Restart System When Finished.
  • now press Start.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 markus2482

markus2482
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 03 June 2015 - 05:02 PM

Windows
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run UpdateAdmin C:\Users\Markus2482\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\Markus2482\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKCU:Run Web Companion Lavasoft C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run KeNotify TOSHIBA CORPORATION "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
Yes HKLM:Run mcpltui_exe McAfee, Inc. "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run TCrdMain TOSHIBA Corporation C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
Yes HKLM:Run TecoResident TOSHIBA Corporation C:\Program Files\TOSHIBA\Teco\TecoResident.exe
Yes HKLM:Run TSSSrv TOSHIBA Corporation C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
Yes HKLM:Run TSVU TOSHIBA "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
Yes Startup User OpenOffice.org 3.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
 
 
Scheduled Tasks
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Cassiopesa faca "C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\fiber.js" "433a2f50726f6772616d446174612f7b35453539423639412d304544422d363731432d424635442d3137394536464446433431307d2f312e31372e322e312f666163612e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk"
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-3934674207-1368026408-355032992-1001
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3934674207-1368026408-355032992-500
Yes Task Resolution+ Setting Task TOSHIBA Corporation C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
Yes Task RTKCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes Task Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
Yes Task UpdateAdmin C:\Users\Markus2482\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
Yes Task {774C356D-F7B0-427E-840C-3613BBE948A3} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\ -c /AUTORUN
 


#6 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 03 June 2015 - 05:28 PM

I don't see the list of installed programs....

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 03 June 2015 - 05:46 PM

Disable these Windows Startups: (Use CCleaner by clicking on each item and choose Disable, Remove or Uninstall)

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run UpdateAdmin C:\Users\Markus2482\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN (Adware...Remove..not just diable)
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\Markus2482\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED (dangerous to use to download free stuff)
Yes HKCU:Run Web Companion Lavasoft C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Remove..not just diable)
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes Startup User OpenOffice.org 3.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
If Mcafee is not your active antivirus program, disable the Startup for it.
 
Disable these Scheduled Tasks:
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Cassiopesa faca "C:\ProgramData\{5E59B69A-0EDB-671C-BF5D-179E6FDFC410}\1.17.2.1\fiber.js" "433a2f50726f6772616d446174612f7b35453539423639412d304544422d363731432d424635442d3137394536464446433431307d2f312e31372e322e312f666163612e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk" (Adware...Remove..not just diable)
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3934674207-1368026408-355032992-500
Yes Task UpdateAdmin C:\Users\Markus2482\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN (Adware...Remove..not just diable)
Yes Task {774C356D-F7B0-427E-840C-3613BBE948A3} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\ -c /AUTORUN
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 markus2482

markus2482
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 04 June 2015 - 12:10 AM

Adobe Flash Player 14 Plugin Adobe Systems Incorporated 12/10/2014 6.00 MB 14.0.0.179
Adobe Reader XI (11.0.07)  MUI Adobe Systems Incorporated 11/17/2014 603 MB 11.0.07
Amazon 1Button App Amazon 12/10/2014 6.39 MB 1.0.8
Apple Application Support (32-bit) Apple Inc. 4/16/2015 95.9 MB 3.1.3
Apple Application Support (64-bit) Apple Inc. 4/16/2015 109 MB 3.1.3
Apple Mobile Device Support Apple Inc. 4/16/2015 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 4/16/2015 2.38 MB 2.1.3.127
ArcadeTwist ArcadeTwist 5/29/2015
Atheros Driver Installation Program Atheros 12/10/2014 10.0
Bonjour Apple Inc. 4/16/2015 2.00 MB 3.0.0.10
CCleaner Piriform 5/29/2015 5.06
CyberLink PhotoDirector 3 CyberLink Corp. 11/17/2014 201 MB 3.0.1.5524
CyberLink PowerDirector 10 CyberLink Corp. 12/10/2014 687 MB 10.0.0.4220
CyberLink PowerDVD 12 CyberLink Corp. 12/10/2014 221 MB 12.0.3920.05
Google Chrome Google Inc. 4/16/2015 43.0.2357.81
Intel® Management Engine Components Intel Corporation 12/10/2014 9.5.23.1766
Intel® Processor Graphics Intel Corporation 12/10/2014 10.18.10.3412
Intel® Rapid Storage Technology Intel Corporation 12/10/2014 12.9.0.1001
iTunes Apple Inc. 4/16/2015 233 MB 12.1.2.27
KNCTR Itibiti Inc. 5/29/2015 9.81 MB
Malwarebytes Anti-Malware version 2.1.6.1022 Malwarebytes Corporation 5/29/2015 57.6 MB 2.1.6.1022
McAfee LiveSafe - Internet Security McAfee, Inc. 4/16/2015 13.6.1529
McAfee WebAdvisor McAfee, Inc. 6/2/2015 4.0.314
Microsoft Office Microsoft Corporation 12/10/2014 321 MB 15.0.4641.1005
Microsoft Office Standard Edition 2003 Microsoft Corporation 4/14/2015 448 MB 11.0.5614.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/17/2014 4.89 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 11/17/2014 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12/10/2014 9.63 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11/17/2014 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/10/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/10/2014 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 12/10/2014 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 12/10/2014 17.3 MB 11.0.61030.0
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 11/17/2014 9.44 MB 4.0.20823.0
MyMusicCloud Sync Agent TriPlay 11/17/2014 68.1 MB 3.3.285.4991
OpenOffice.org 3.1 OpenOffice.org 5/29/2015 356 MB 3.1.9399
PowerDirector CyberLink Corp. 12/10/2014 687 MB 10.0.0.4220
Pro PC Cleaner 11/17/2014
RapidMediaConverter RapidMediaConverter 5/29/2015 700 KB 1.0.1.16
Realtek Card Reader Realtek Semiconductor Corp. 12/10/2014 6.2.9600.29073
Realtek Ethernet Controller Driver Realtek 12/10/2014 8.24.1218.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/10/2014 6.0.1.7195
Revo Uninstaller Pro 3.1.2 VS Revo Group, Ltd. 5/29/2015 35.5 MB 3.1.2
Skype™ 6.18 Skype Technologies S.A. 12/10/2014 26.3 MB 6.18.105
Spotify Spotify AB 11/17/2014 0.9.10.14.g578d350b
Synaptics Pointing Device Driver Synaptics Incorporated 12/10/2014 46.4 MB 18.1.3.0
TOSHIBA Application Installer Toshiba Corporation 11/17/2014 4.01 MB 9.0.2.6
TOSHIBA Audio Enhancement Toshiba Corporation 12/10/2014 2.14 MB 2.0.17.3
TOSHIBA Display Utility Toshiba Corporation 12/10/2014 32.1 MB 1.1.17.0
TOSHIBA eco Utility Toshiba Corporation 12/10/2014 25.1 MB 2.4.2.6403
TOSHIBA Flash Cards Support Utility TOSHIBA CORPORATION 12/10/2014 16.0 KB 1.51.81.2C
TOSHIBA Function Key Toshiba Corporation 12/10/2014 37.5 MB 1.1.5.6402
TOSHIBA Password Utility 12/10/2014
TOSHIBA Password Utility Toshiba Corporation 12/10/2014 3.15 MB 2.0.0.20C
TOSHIBA Recovery Media Creator Toshiba Corporation 11/17/2014 3.2.00.56006005
TOSHIBA Service Station Toshiba Corporation 12/10/2014 2.92 MB 2.6.13
TOSHIBA System Driver Toshiba Corporation 12/10/2014 5.72 MB 1.00.0033
TOSHIBA System Settings Toshiba Corporation 12/10/2014 4.03 MB 2.0.1.32003
TOSHIBA User's Guide TOSHIBA 12/10/2014 1.00.02
TOSHIBARegistration TOSHIBA 11/17/2014 1.1.6
Tweaking.com - Windows Repair (All in One) Tweaking.com 6/3/2015 3.0.0
UpdateAdmin DownloadAdmin 5/29/2015 211 KB 2.0.1885
Web Companion Lavasoft 4/16/2015 17.7 MB 1.1.922.1860
WildTangent Games WildTangent 11/17/2014 1.0.4.0
WinZip 18.5 WinZip Computing, S.L. 11/17/2014 217 MB 18.5.11111
ZUUS Music Video Player ZUUS Media, Inc. 12/10/2014 40.9 MB 1.0.0
µTorrent BitTorrent Inc. 5/29/2015 3.4.3.40298


#9 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 04 June 2015 - 06:23 AM

Uninstall these programs:  (use Revo Free Uninstaller in Advanced Mode)

ArcadeTwist ArcadeTwist 5/29/2015 

KNCTR Itibiti Inc. 5/29/2015 9.81 MB

McAfee WebAdvisor McAfee, Inc. 6/2/2015 4.0.314

Pro PC Cleaner 11/17/2014

RapidMediaConverter RapidMediaConverter 5/29/2015 700 KB 1.0.1.16

UpdateAdmin DownloadAdmin 5/29/2015 211 KB 2.0.1885

Web Companion Lavasoft 4/16/2015 17.7 MB 1.1.922.1860
WildTangent Games WildTangent 11/17/2014 1.0.4.0
µTorrent BitTorrent Inc. 5/29/2015 3.4.3.40298
 
After uninstalling those programs run a scan using Eset Online Scanner. It will take more than hour for it to complete but is well worth it.
 
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 thedoctorsgirl

thedoctorsgirl

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 07 June 2015 - 12:33 PM

I am having a very similar problem with Cassiopesa. I downloaded Revo and it found nothing. What is my next step?



#11 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 07 June 2015 - 02:11 PM

thedoctorsgirl.....Welcome to BC !

It would be best if you started a new topic in this forum. Though the OP hasn't responded in a few days it would get too confusing if he did. But as you can see from

the scans the OP ran, the programs all found and removed adware including Cassiopesa.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 markus2482

markus2482
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 13 June 2015 - 02:44 PM

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir a variant of Win32/SpeedBit.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu64.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\42726760-d767-49c2-863f-1fa16187b639.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\PC-Mechanic\thirdpartyinstaller.exe.vir Win32/UniBlue.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Markus2482\AppData\Local\ArcadeTwist\uninstaller.exe.vir a variant of Win32/ArcadeParlor.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Markus2482\AppData\Local\ArcadeTwist\updater.exe.vir a variant of Win32/ArcadeParlor.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Markus2482\AppData\Local\ArcadeTwist\cat\VOTCerInst.dll.vir a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Markus2482\AppData\Local\ArcadeTwist\cat\VOTPrx.dll.vir a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Markus2482\AppData\Local\ArcadeTwist\cat\VOTPrx.exe.vir a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting - quarantined
C:\Users\Markus2482\Downloads\openofficesuite-setup.exe a variant of Win32/DownloadAdmin.L potentially unwanted application cleaned by deleting - quarantined
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting - quarantined


#13 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 13 June 2015 - 04:05 PM

Is the computer performing up to par.....any problems?....such as popups, ads, search redirects, etc.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 markus2482

markus2482
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 24 June 2015 - 11:03 PM

Everything seems to be running pretty well. Especially after all the bloatware has been deleted. It does look like when I start typing things in to my url bar the Cassiopesa search option still shows up on the drop down. It does not redirect unless I choose that option. 



#15 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:49 PM

Posted 25 June 2015 - 08:25 AM

Reset Chrome browser settings

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your Chrome browser settings
  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users