Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about:blank


  • This topic is locked This topic is locked
41 replies to this topic

#1 Angel White

Angel White

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona Bay
  • Local time:02:53 AM

Posted 31 May 2015 - 03:13 PM

hi guys. well i looked thorough the board and did not find anything about "about:blank" so here goes..
 
Ive had this problem forever! with every computer or laptop ive ever had. I asked about it before and nobody seemed to know anything about it.  i looked it up again and finally someone had a blog about it.. that it wasnt a malware just a blank page microsoft or someone came up with and it was completely safe, it was default. whatever, i want it gone!  it slows down everything. when i go to anything, a webpage it hangs for a few seconds to a minute or so, sometimes. its not a homepage thing, it doesnt come up when i open a new tab or the bring the browser up, just when i go to a new webpage, so i think its just the internet.  like i said, supposedly its a default thing with microsoft i think, although when i google it, a bunch of stuff comes up about browser hijacks.. i dont think this is the case..
 
How do i get rid of this annoyance?  thank you so much in advance!! :)
 
Windows 8.1 64 bit
Google Chrome (up to date)
Avast avp
Malwarebytes

Edit: Topic moved from Windows 8 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 31 May 2015 - 05:53 PM

Hello Angel White, and welcome to the forum.

As you may notice Animal has relocated your post to AmI Infected area so we can deal with it.

 

About:blank is generally a variation of the CWS Cool Web Search hijacker.
CoolWebSearch (also known as CoolWWWSearch or abbreviated as CWS) is a spyware or virus program that installs itself on Microsoft Windows based computers. It first appeared in May 2003.

This was one of the early and interesting projects when I was at Malware School... but I was made to use Hijack This, a tool that will not apply to your system.
Our normal basic methods, plus you resetting Google Chrome to your Home page (and other browsers if infected) usually fixes this.

Download CWShredder by Trend Micro and Save to desktop.
Click Move CWS files found to Recycle bin > then Check For Update > then you can click Scan Only, (but it will not repair it).
You can click on Create Report that will produce a log, then Copy and Paste that log back here, and we can review it > last you will click on Fix ->
You can leave all the middle part out and just click Fix-> Save or close all other programs as CWShredder will shut down any open internet Explorer and Windows Media Player Windows.
You then Click OK to continue

The tool will then scan your system for any CWS items (that include About:blank)
You can Copy and Paste this log to post it back here.

If you wish to continut press Next, and it will also automatically send a report back to Trend Micro

 

Thank You -



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:53 AM

Posted 31 May 2015 - 07:13 PM

about:blank is just a blank page built into your browser settings based on an Internal URI scheme. Internet Explorer's Internet Options (and other browsers) have several choices for setting your Home Page under the General Tab: "Use current", "Use default", "Use blank". The "Use blank" page setting is exactly what it means...start Internet Explorer with a blank page.

aboutblank-600x165.jpg

This is beneficial for a variety of reasons to include opening the browser faster since there are no images, ads, etc which can impede the loading of a page. Various other web browsers use about:blank to display certain built-in functions or to display information about the browser.

Many years ago there was a CWS hijacker with the same about:blank name but that infection is no longer active...for more information, see The CoolWebSearch Chronicles by Metallica. This particular infection has not been seen for a long time but Google search results still exist with outdated information. Some folks today who inadvertently encounter that setting and do a Google Search erroneously believe they are infected. When conducting a Google search, it is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or removal tool. If you have recently been dealing with a malware infection, be aware that some security tools intentionally reset all installed browsers to default or the "about:blank" setting as part of their routine.

CWShredder was a tool created by Merijn (the original author of HijackThis) for dealing with CoolWebSearch (CWS), an older infection with many variants (i.e. CWS.Aboutblank, CWS.Smartsearch, CWS.Homesearch). This particular malware first appeared in 2003 and was known to hijack the browser, change the home page, install unwanted bookmarks, make changes to the registry and redirect to CoolWebSearch.com. TrendMicro obtained The rights to CWShredder and hosted the tool on their websites until it became so outdated, the vendor removed the links. That version (2.19) can still be download from MajorGeeks.com which also includes a link to the previous version. However, it was not as effective as the original version released by Merijn and there were many reports of it giving "false positives". Although CWShredder is still available, I would not recommend using it nor would I trust the scan results.

Have you tried to reset your browser hompage settings?


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Angel White

Angel White
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona Bay
  • Local time:02:53 AM

Posted 31 May 2015 - 09:07 PM

hi. and thanks for the fast replies!  (Sorry, didnt think it was a malware/hijack problem)

 

i think ive tried this tool before and didnt have luck. but i was by myself in using it so maybe with a little help... also i cannot for the life of me figure out where i got a cool web search hijacker i already knew for a long time not to go there or use anything that said "cool" in it for search or products or anything else for that matter. Also use adblockplus and WOT for safer searching (i do a lot of research on the net).

 

anyway, downloaded the tool and checked for updates, got this message: "Unable to check for updates".  also, i had just cleaned my pc using System Mechanic(testing out this tool). and recently ran a scan using SUPERAntispyware. 



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:53 AM

Posted 31 May 2015 - 09:18 PM

Did you try the suggestions I provided to change your home page?

BTW...How do I clear my web browser's cache, cookies, and history?
https://kb.iu.edu/d/ahic

System Mechanic is a comprehensive optimization suite by iolo that purports to improve performance, make repairs and enhance the speed of a computer. It includes a registry cleaner, a registry revitalizer (to fix "so called problems"), system optimizer and several other features.

System Mechanic Pro incorporates the same optimization suite but also purports to plug security holes and protect privacy, and includes System Shield AntiVirus & AntiSpyware. There are several labs which test the effectiveness of major anti-virus programs to include AV-Comparatives.org, Virus Bulletin Comparative Tests, AV-Test.org, NSS Labs Consumer Anti-Malware Products Group Test Report, etc. I cannot find any which have tested System Shield AntiVirus & AntiSpyware. I would be skeptical of any vendor not participating in comparative testing. As such, I would recommend replacing System Shield with a more reputable anti-virus solution.

System Mechanic 14 also purports to repair Window's registry, fix common PC problems, and optimize setting as well as tweaking CPU and RAM usage. The program also includes a junk file cleaner which does not advise exactly what it is going to delete so you have no idea what is being removed.

The optimization and performance improvement claims made by such software vendors are borderline scams. There is no statistical evidence to back such claims. Advertisements to do so are a marketing ploy intended to goad users into using an unnecessary and potential dangerous product. I would not trust any results such programs detect as problematic or needing repair nor recommend using the options to fix them. I also would not trust any detection alerts for viruses or other malware.

Further, these types of junk optimization programs are often considered Potentially Unwanted Programs (PUPs) so they may be detected or even removed by some security scanners which specifically look for PUPs and adware.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.

Why you should not use Registry Cleaners and Optimization Tools


Be sure to read Microsoft's support policy for the use of registry cleaning utilities in that topic...Microsoft does not support the use of registry cleaners.

If you have been using this program routinely...there is no telling what damage it has already done to your registry and other areas it purports to clean. My personal recommendation would be to remove the program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Angel White

Angel White
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona Bay
  • Local time:02:53 AM

Posted 31 May 2015 - 09:36 PM

hi. My home page is Google. When i bring up a new tab/page, Google is set to come up and does, same as when i first start a browser session.. always Google.  As i said, its only when i search for something, like before it actually goes to that place it goes to about:blank first, and hangs for a bit before continuing, almost like a redirect.. thats why i was confused when you said it was a hijack. hmm..lol totally confused now.

 

Edited to add: lol thats actually why i mentioned the optimizer. to make sure it was an ok program. also does that mean NO Ccleaner? ive used for years instead of the cleaner that comes with windows.. i will check out that link about it. thanks for pointing it out. :)


Edited by Angel White, 31 May 2015 - 09:48 PM.


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 31 May 2015 - 10:30 PM

also does that mean NO Ccleaner? ive used for years instead of the cleaner that comes with windows

Many of us use CCleaner, but use it with the installed settings only, and when you open the program just hit Run Cleaner at the bottom Right side.

 

Can we just check a few programs on your system, and see if they need updating

 

Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
 * List content of Hosts
 * List last 10 Event Viewer log
 * List Installed Programs
 * List Users, Partitions and Memory size
 Click Go and Copy / Paste the result. (result.txt)

 

Also -

Download Screen317 Security Check   and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do

 

Last -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only Copy / Paste the link)
 

Thank You -

EDIT - It may be 8.30 there but it is 1.30 in Aussie, so I have a bit of time if that suits you


Edited by noknojon, 31 May 2015 - 10:34 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:53 AM

Posted 31 May 2015 - 10:51 PM

If resetting the home page does not resolve the problem, then most likely the issue is a result of a bad extension or piece of adware/PUP...but it is not the result of a CWS infection. noknojon can help you investigate that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Angel White

Angel White
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona Bay
  • Local time:02:53 AM

Posted 31 May 2015 - 11:27 PM

Thank you. i have all the time in the world atm. let me know if you need to continue tomorrow (or in aussie-later today). Not a problem for me.
 
I will stop using the 'registry' part on Ccleaner then, thanks. 
 
I downloaded the MiniToolbox and my Avast picked up -- Malware Detected: filerepmetagen. sorry if im being a pain.. lol really, its my pc that's the pain. but maybe this is a false pos or my pc is blocking it?
 
and then all of a sudden an object pops up on my taskbar "Get Windows 10" which wasnt there before.. i dont know if that has anything to do with what we're doing..just thought i would mention it.
 
The download for MiniToolbox failed btw.
 
 
 
Performed the  "security Check here are the results:
 
 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 80  
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox 35.0.1 Firefox out of Date!
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
*The Avast tells me when to update any programs/software ; also i dont use Firefox, so its set to "ignore updates"
 

 

 

http://speccy.piriform.com/results/C26CI2Qha31PxNUuJF3U3BK


Edited by Angel White, 31 May 2015 - 11:29 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 31 May 2015 - 11:45 PM

Technically Malware Detected: filerepmetagen. is not a F/P as I am asking to look at your computer programs and errors, this depends on your Antivirus..

Many tools will give this type of response. Usually Security Check is the main one

Delete any copy that you downloaded and be sure to Save To Desktop,, as this usually over rides any reaction.



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 01 June 2015 - 12:26 AM

Your Updates =

Latest installed 5/21/2015 <= You are up to date with all Microsoft updates
HP v216 Wide LCD Monitor as  well as your extras

 

Hard Drive seems OK
Hard drives : WDC WD50 00AAKX-60U6AA0 SATA Disk Device
Status: Good
Temperature: 33 °C
Temperature Range: OK (less than 50 °C)

I would open Control panel, and remove (delete) Java 7 Update 80 as it is now out dated.

 

The  Mozilla Firefox 35.0.1 Firefox out of Date! seems incorrect, as of this week, so ignore it.

 

then all of a sudden an object pops up on my taskbar "Get Windows 10" which wasn't there before.

Advertising by Microsoft, or others, (I have never seen that one) as the program has not yet been officially released


Edited by noknojon, 01 June 2015 - 12:31 AM.


#12 Angel White

Angel White
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona Bay
  • Local time:02:53 AM

Posted 01 June 2015 - 12:30 AM

ok, i just disabled the Avast and re-downloaded, it worked, here are the results

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by pam (administrator) on 31-05-2015 at 22:28:46
Running from "C:\Users\pam\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Model: 400-314 Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/31/2015 06:30:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234750
 
Error: (05/31/2015 06:30:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234750
 
Error: (05/31/2015 06:30:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2015 06:30:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2232704
 
Error: (05/31/2015 06:30:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2232704
 
Error: (05/31/2015 06:30:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2015 06:30:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2229891
 
Error: (05/31/2015 06:30:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2229891
 
Error: (05/31/2015 06:30:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2015 06:30:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2228063
 
 
System errors:
=============
Error: (05/31/2015 07:56:55 PM) (Source: Service Control Manager) (User: )
Description: The iolo System Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/31/2015 11:24:40 AM) (Source: DCOM) (User: MINE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
 
Error: (05/31/2015 02:02:23 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GMA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0AC277F-5897-47E0-81AD-1ED090AE6CC3}.
The master browser is stopping or an election is being forced.
 
Error: (05/30/2015 11:21:49 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GMA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0AC277F-5897-47E0-81AD-1ED090AE6CC3}.
The master browser is stopping or an election is being forced.
 
Error: (05/30/2015 03:45:54 PM) (Source: DCOM) (User: MINE)
Description: App
 
Error: (05/30/2015 03:18:50 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GMA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0AC277F-5897-47E0-81AD-1ED090AE6CC3}.
The master browser is stopping or an election is being forced.
 
Error: (05/29/2015 10:09:54 PM) (Source: DCOM) (User: MINE)
Description: App
 
Error: (05/29/2015 00:20:24 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GMA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0AC277F-5897-47E0-81AD-1ED090AE6CC3}.
The master browser is stopping or an election is being forced.
 
Error: (05/27/2015 03:56:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.
 
Error: (05/27/2015 03:56:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/31/2015 06:30:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234750
 
Error: (05/31/2015 06:30:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234750
 
Error: (05/31/2015 06:30:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2015 06:30:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2232704
 
Error: (05/31/2015 06:30:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2232704
 
Error: (05/31/2015 06:30:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2015 06:30:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2229891
 
Error: (05/31/2015 06:30:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2229891
 
Error: (05/31/2015 06:30:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/31/2015 06:30:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2228063
 
 
=========================== Installed Programs ============================
 
4 Elements II (HKLM-x32\...\WTA-f1e2b79d-7179-4c08-b42f-0fd6a7f03050) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
AMD Catalyst Install Manager (HKLM\...\{1FFAF315-ADDB-013D-0A76-7783A203E02D}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-a93ce661-c895-40ed-beab-b69aa4450d08) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (HKLM-x32\...\WTA-7d56487f-ca3e-47b1-9356-d568ee252355) (Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-a36df27e-75f9-48c3-b612-030e635c8db0) (Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Curse at Twilight (HKLM-x32\...\WTA-7420aa73-51ee-4a3c-8be7-7ac0ac1ea956) (Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3625 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3626 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
FarmVille 2 (HKCU\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-1c6f5315-0bce-4d25-b4da-54c418bc59a9) (Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (HKLM-x32\...\WTA-c5b8ffa3-03ff-4f00-b4d1-1016926c15b6) (Version: 3.0.2.51 - WildTangent) Hidden
GamesBar 2.0.1.55 (HKLM-x32\...\GamesBar) (Version: 2.0.1.55 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKCU\...\Pokki) (Version: 0.269.7.638 - Pokki)
Hotel (HKLM-x32\...\Hotel) (Version: 1.1.0.0 - MumboJumbo)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.06 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.06 - Softex Inc.) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lost in Reefs 2 (HKLM-x32\...\WTA-206967df-5956-4aa4-9090-128084e5732d) (Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-ca93bbf2-d7ed-41eb-8118-9a058119342c) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Midnight Mysteries The Edgar Allan Poe Conspiracy (HKLM-x32\...\Midnight Mysteries The Edgar Allan Poe Conspiracy) (Version: 1.1.0.0 - MumboJumbo)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-82ac6325-56d9-4885-a085-7c831302baf3) (Version: 2.2.0.98 - WildTangent) Hidden
NASA (HKCU\...\Pokki_ab985add4fe7314c3accc4d7eb2b180847b269ba) (Version: 1.0.0.53390 - Pokki)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Peggle Nights (HKLM-x32\...\WTA-9cd4dc61-c293-462a-b719-0c4bd6799702) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-ad33b847-8c2f-4809-b4bb-baad7975123a) (Version: 2.2.0.98 - WildTangent) Hidden
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30175 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7135 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RegiStax 6 (HKCU\...\RegiStax 6) (Version:  - )
RegiStax 6.1.0.8 update (HKCU\...\RegiStax 6.1.0.8 update) (Version:  - )
Roads of Rome 3 (HKLM-x32\...\WTA-dd3fdeb1-864a-4f86-b255-4f3e72dd2ce9) (Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-8871a069-6e29-4c28-9c44-32eb69650a13) (Version: 3.0.2.51 - WildTangent) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Start Menu (HKCU\...\Pokki_Start_Menu) (Version: 0.269.7.638 - Pokki)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Tales of Lagoona (HKLM-x32\...\WTA-858b9946-e9df-47fa-931a-d2e105a06ec6) (Version: 2.2.0.110 - WildTangent) Hidden
The Legend of Crystal Valley (HKLM-x32\...\The Legend of Crystal Valley) (Version: 1.1.0.0 - MumboJumbo)
The Secret of Margrave Manor (HKLM-x32\...\The Secret of Margrave Manor) (Version: 1.1.0.0 - MumboJumbo)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Viking Saga (HKLM-x32\...\WTA-2611f190-a1ea-43f4-b2c7-19a3f02b233b) (Version: 3.0.2.48 - WildTangent) Hidden
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 53%
Total physical RAM: 3517.38 MB
Available physical RAM: 1642.63 MB
Total Pagefile: 7613.38 MB
Available Pagefile: 3513.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.14 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:450.22 GB) (Free:359.06 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:14.06 GB) (Free:1.77 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\MINE
 
Administrator            Guest                    pam                      
 
 
**** End of log ****
 
 
 
 
 
yeah, this object must be fake because it only gives you the option to take it or explore it (Windows 10) it doesnt let you decline the offer. kinda suspicious.  But it says its to "Reserve" your free upgrade to Windows 10 and will download once available. lol still do not trust, since i didnt ask for it. hmm..

Edited by Angel White, 01 June 2015 - 03:32 AM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 01 June 2015 - 01:27 AM

Sorry for the wait, but those errors are "going round in circles".

 

Application errors: all over a matter of 7 seconds .........
(Source: Bonjour Service) (User: ) Do you often use iTunes ?? A typical error from them.

System errors:
Description: The iolo System Service service terminated unexpectedly.  It has done this 1 time(s)
Do you know if you have or had iolo System Service or iolo System Mechanics installed at all ??

System errors:
The master browser has received a server announcement from the computer GMA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0AC277F-5897-47E0-81AD-1ED090AE6CC3}.

Still working on this one, and have you had a chance to Reset Chrome and Internet Explorer (as this is a part of Windows programs) even if not used ..

Microsoft Office Sessions:
Task Scheduling Error: m->NextScheduledEvent 2232704 (also related to iTunes program)

 

I would Reset or Reinstall iTunes, as this is causing many problems.

 

EDIT - Going to grab a coffee, back in 10 minutes :)


Edited by noknojon, 01 June 2015 - 01:30 AM.


#14 Angel White

Angel White
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Arizona Bay
  • Local time:02:53 AM

Posted 01 June 2015 - 01:47 AM

ok i get updates for iTunes al the time. i dont use it only when someone wants me to listen to their music, and it requires that program. so i keep it update. i will reinstall the program. 

 

"System errors:
Description: The iolo System Service service terminated unexpectedly.  It has done this 1 time(s)
Do you know if you have or had iolo System Service or iolo System Mechanics installed at all ?? "  i just uninstalled that program, as it was just something i was testing out since my memory supposedly was low and connection really extremely slow, someone else mentioned the program to me. anyway, someone mentioned earlier not to use registry cleaners, and not that one.. doesnt really do what it claims. so i uninstalled. like an hour ago. 

 

 

ok so i thought you just wanted me to reset my home page. you want me to reset my chrome settings? lol sorry for the misunderstanding. and i hate resetting chrome settings as its almost impossible to sign back into it, unless they have fixed that issue. although there's a work-around for it. lol ok here goes...

 

i'll have to search for IE 


Edited by Angel White, 01 June 2015 - 03:33 AM.


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:53 PM

Posted 01 June 2015 - 04:36 AM

ok so i thought you just wanted me to reset my home page. you want me to reset my chrome settings?

Personally only, for some of the reasons that you mention, I do not use Chrome as my browser, as it was always "tricky" but many people always do use it.

 

Sorry, I have been talking to others about how easy / hard it can be to reset Google Chrome.

Internet Explorer is always the first one that I use (and reset) if there are problems.. as the home page is very easy to set.

 

Is I.E. your second browser and are you comfortable using it for a while,

 

We should look for any minor infections first that are preventing these problems from clearing.

 

RKill -

Please download RKill by Grinler to your desktop

  • If you have an old version, please delete it first
  • Right click on the new Red icon and select Run as Administrator
  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes
  • Please Copy and Paste the small log back here.

 

 

AdwCleaner -

Now :

  • Download AdwCleaner by Xplode from Here or Here
     and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button only once
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.
     Next
  • Click on the Cleaning button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
  • **Copy and Paste the contents of that log in your next reply.**
  • To restore an item that has been deleted by accident : Open the program again,
  • Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.

 

Malwarebytes -

You have a recentt version installed, Please update it

  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Run ESET Online Scanner -.

  • For Internet Explorer users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button. Temporarily Disable your Antivirus
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives and Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (NOTE : 2 hours is not unusual for a first scan, so you can just let it run).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • You do not need to Uninstall the program when it is finished

NOTE:Sometimes if ESET finds no infections it will not create a log.
We can see if there is any other problems ..

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users