Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems getting rid of cassiopesa malware


  • Please log in to reply
13 replies to this topic

#1 thedoctorsgirl

thedoctorsgirl

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 07 June 2015 - 02:37 PM

I have tried the conventional methods of getting rid of the malware. I downloaded Revo to try and find it's source, but it couldn't find it. What is the next best step to removing it and it's source?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:46 AM

Posted 07 June 2015 - 02:49 PM

Use AdwCleaner to cleanup browser shortcuts, find and remove other adware.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 thedoctorsgirl

thedoctorsgirl
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 07 June 2015 - 08:31 PM

Here is the logfile

 

# AdwCleaner v4.206 - Logfile created 07/06/2015 at 20:26:39
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : amy - K-9
# Running from : C:\Users\amy\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : C:\Users\amy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : C:\Users\amy\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
File Deleted : C:\Users\amy\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
File Deleted : C:\Users\amy\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.petango.com_0.localstorage
File Deleted : C:\Users\amy\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.petango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v43.0.2357.81
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [1580 bytes] - [07/06/2015 12:00:28]
AdwCleaner[R1].txt - [1639 bytes] - [07/06/2015 20:25:03]
AdwCleaner[S0].txt - [1578 bytes] - [07/06/2015 20:26:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1637  bytes] ##########


#4 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:46 AM

Posted 08 June 2015 - 07:04 AM

I'm waiting to see the results of the other two scans....MBAM and Junkware Remover Tool...before giving other instructions.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 thedoctorsgirl

thedoctorsgirl
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 11 June 2015 - 06:21 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/11/2015
Scan Time: 5:36:44 PM
Logfile: MAM results.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.11.05
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: amy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393169
Time Elapsed: 26 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Cassiopesa.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [74fdc1f8eaa01d199fbbf6f6fd06ec14], 
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-774311760-1360046139-2302560507-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [ef825e5b6327290d95c4d61648bbb050], 
 
Registry Values: 5
PUP.Optional.Cassiopesa.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_tight4_15_23&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzztByEtCyD0C0EyEtCzytN0D0Tzu0StCtByDtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtD0F0EyE0AzytGtC0EtCyEtGzy0E0E0CtGtDyD0CtBtG0DtD0EzzyD0F0C0EtAzzzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyCyBtAyDtDyBtGyC0EtByCtGyE0E0A0BtG0AzytByBtGzyyByBtAyCyDzy0A0D0A0ByC2QtN0A0LzuyE&cr=1613972274&ir=, , [74fdc1f8eaa01d199fbbf6f6fd06ec14]
PUP.Optional.Cassiopesa.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\amy\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, , [d0a19e1b73175adc9fbb618b57ac22de]
PUP.Optional.Cassiopesa.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Tny_Cassiopesa\\, , [e78abdfcf595e6504e51f495f11447b9]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-774311760-1360046139-2302560507-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_tight4_15_23&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzztByEtCyD0C0EyEtCzytN0D0Tzu0StCtByDtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtD0F0EyE0AzytGtC0EtCyEtGzy0E0E0CtGtDyD0CtBtG0DtD0EzzyD0F0C0EtAzzzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyCyBtAyDtDyBtGyC0EtByCtGyE0E0A0BtG0AzytByBtGzyyByBtAyCyDzy0A0D0A0ByC2QtN0A0LzuyE&cr=1613972274&ir=, , [ef825e5b6327290d95c4d61648bbb050]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-774311760-1360046139-2302560507-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Cassiopesa, , [6b0639802f5b1b1b0d4cdc10fd06fe02]
 
Registry Data: 1
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-774311760-1360046139-2302560507-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.cassiopesa.com/?f=1&a=csp_tight4_15_23&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzztByEtCyD0C0EyEtCzytN0D0Tzu0StCtByDtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtD0F0EyE0AzytGtC0EtCyEtGzy0E0E0CtGtDyD0CtBtG0DtD0EzzyD0F0C0EtAzzzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyCyBtAyDtDyBtGyC0EtByCtGyE0E0A0BtG0AzytByBtGzyyByBtAyCyDzy0A0D0A0ByC2QtN0A0LzuyE&cr=1613972274&ir=, Good: (www.google.com), Bad: (http://www.cassiopesa.com/?f=1&a=csp_tight4_15_23&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzztByEtCyD0C0EyEtCzytN0D0Tzu0StCtByDtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtD0F0EyE0AzytGtC0EtCyEtGzy0E0E0CtGtDyD0CtBtG0DtD0EzzyD0F0C0EtAzzzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyCyBtAyDtDyBtGyC0EtByCtGyE0E0A0BtG0AzytByBtGzyyByBtAyCyDzy0A0D0A0ByC2QtN0A0LzuyE&cr=1613972274&ir=),,[1859f2c70b7f360025ca1329c442e719]
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.OpenCandy, C:\Users\amy\Desktop\PhotoScape_V3.7.exe, , [dd94caefe5a52b0b2460036272946a96], 
PUP.Optional.Cassiopesa, C:\Users\amy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":5}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://www.tumblr.com/dashboard","http://www.outlook.com/","http://twitter.com/","https://www.facebook.com/","http://www.cassiopesa.com/?f=7&a=csp_tight4_15_23&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzztByEtCyD0C0EyEtCzytN0D0Tzu0StCtByDtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtD0F0EyE0AzytGtC0EtCyEtGzy0E0E0CtGtDyD0CtBtG0DtD0EzzyD0F0C0EtAzzzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyCyBtAyDtDyBtGyC0EtByCtGyE0E0A0BtG0AzytByBtGzyyByBtAyCyDzy0A0D0A0ByC2QtN0A0LzuyE&cr=1613972274&ir="]},"sync":{"remaining_rollback_tries":0}}), ,[3a37dedba1e9a88e9bf882fe26e0d729]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 8.1 x64
Ran by amy on Thu 06/11/2015 at 18:13:09.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_EC67B2ED551914E9AEA0EA8EE7EC5A11
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\amy\appdata\local\b69a49ee95bd765fecad519c77aeb8d5
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\amy\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Successfully deleted: [Folder] C:\Users\amy\appdata\local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
 
[C:\Users\amy\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\amy\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gkojfkhlekighikafcpjkiklfbnlmeio
pbjikboenpfhbbejgkoklgkhjpfogcam
 
[C:\Users\amy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\amy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  gkojfkhlekighikafcpjkiklfbnlmeio,
  pbjikboenpfhbbejgkoklgkhjpfogcam
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/11/2015 at 18:16:02.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

When I opened my Chrome browser a Cassiopesa search tap was still there. 



#6 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:46 AM

Posted 11 June 2015 - 07:51 PM

Did you do this in MBAM....If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.

The reason I ask is because the results of the MBAM scan do not show the items found as being removed or quarantined. It would of asked you to reboot to complete the

removal of what it found. If you are not sure, please run a new scan and post the results.

 

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

You can do a reset of Google Chrome...

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your Chrome browser settings
  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 thedoctorsgirl

thedoctorsgirl
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 11 June 2015 - 08:24 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/11/2015
Scan Time: 7:52:39 PM
Logfile: update.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.11.05
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: amy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393286
Time Elapsed: 25 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Cassiopesa, C:\Users\amy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":5}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://www.tumblr.com/dashboard","http://www.outlook.com/","http://twitter.com/","https://www.facebook.com/","http://www.cassiopesa.com/?f=7&a=csp_tight4_15_23&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzztByEtCyD0C0EyEtCzytN0D0Tzu0StCtByDtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtD0F0EyE0AzytGtC0EtCyEtGzy0E0E0CtGtDyD0CtBtG0DtD0EzzyD0F0C0EtAzzzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyCyBtAyDtDyBtGyC0EtByCtGyE0E0A0BtG0AzytByBtGzyyByBtAyCyDzy0A0D0A0ByC2QtN0A0LzuyE&cr=1613972274&ir="]},"sync":{"remaining_rollback_tries":0}}), ,[135ee3d6d3b7dc5a7221433d5fa74ab6]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
--------------------------------------
Should I delete what was moved to the history/quarantine? 


#8 thedoctorsgirl

thedoctorsgirl
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 11 June 2015 - 08:49 PM

 

Did you do this in MBAM....If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.

The reason I ask is because the results of the MBAM scan do not show the items found as being removed or quarantined. It would of asked you to reboot to complete the

removal of what it found. If you are not sure, please run a new scan and post the results.

 

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

You can do a reset of Google Chrome...

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your Chrome browser settings
  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

 

CC Cleaner
 
3DVIA Player Dassault Systemes 4/1/2015 10.4 MB 2.16.433
7-Zip 9.20 (x64 edition) Igor Pavlov 9/25/2014 4.53 MB 9.20.00.0
Adobe Creative Cloud Adobe Systems Incorporated 3/23/2015 201 MB 2.9.1.474
Adobe Photoshop CC 2014 Adobe Systems Incorporated 3/23/2015 1.76 GB 15.2.2
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 3/22/2015 12.0.4.144
Amazon Kindle Amazon 4/14/2015
Apple Application Support (32-bit) Apple Inc. 4/10/2015 94.2 MB 3.1.3
Apple Application Support (64-bit) Apple Inc. 4/10/2015 107 MB 3.1.3
Apple Mobile Device Support Apple Inc. 3/23/2015 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 3/23/2015 2.38 MB 2.1.3.127
Big Fish: Game Manager 4/11/2015 3.3.0.2
Bonjour Apple Inc. 9/25/2014 2.00 MB 3.0.0.10
CCleaner Piriform 6/7/2015 5.06
Chrome Remote Desktop Host Google Inc. 6/4/2015 16.9 MB 42.0.2311.39
Cisco EAP-FAST Module Cisco Systems, Inc. 9/25/2014 1.53 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 9/25/2014 632 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 9/25/2014 1.22 MB 1.1.6
CoreAAC 3/23/2015
CyberLink Media Suite 10 CyberLink Corp. 9/25/2014 25.0 MB 10.0.8.4420
Cyberlink PhotoDirector CyberLink Corp. 3/22/2015 439 MB 5.0.3.5715
CyberLink Power Media Player 12 CyberLink Corp. 9/25/2014 312 MB 12.0.5.4505
CyberLink Power2Go 8 CyberLink Corp. 9/25/2014 408 MB 8.0.8.4316
CyberLink PowerBackup 2.6 CyberLink Corp. 9/25/2014 69.1 MB 2.6.1.0903
CyberLink PowerDirector 12 CyberLink Corp. 3/22/2015 911 MB 12.0.2.3220
CyberLink YouCam CyberLink Corp. 9/25/2014 284 MB 5.0.5.4502
DivX Setup DivX, LLC 4/16/2015 2.7.0.64
Dropbox Dropbox, Inc. 5/11/2015 3.4.6
Dropbox 25 GB Dropbox, Inc. 9/25/2014 2.74 MB 0.9.0
Energy Star Hewlett-Packard Company 9/25/2014 3.39 MB 1.0.9
Evernote v. 5.5.3 Evernote Corp. 9/25/2014 217 MB 5.5.3.4236
f.lux 3/27/2015
Foxit PhantomPDF Foxit Corporation 9/25/2014 579 MB 6.0.33.715
GOM Picker Gretech Corporation 3/23/2015 1.0.0.7
GOM Video Converter Gretech Corporation 3/23/2015 1.1.1.69
Google Chrome Google Inc. 3/23/2015 43.0.2357.124
HP Documentation Hewlett-Packard 9/25/2014 30.5 MB 1.1.0.0
HP Registration Service Hewlett-Packard 9/25/2014 30.1 MB 1.2.7745.4851
HP Support Assistant Hewlett-Packard Company 9/25/2014 64.9 MB 7.7.34.34
HP System Event Utility Hewlett-Packard Company 9/25/2014 8.12 MB 1.2.6
HP Wireless Button Driver Hewlett-Packard Company 9/25/2014 765 KB 1.1.2.1
Intel® Management Engine Components Intel Corporation 3/23/2015 9.5.14.1724
Intel® Processor Graphics Intel Corporation 3/23/2015 10.18.10.3368
Intel® Rapid Storage Technology Intel Corporation 9/25/2014 12.9.4.1000
iTunes Apple Inc. 4/10/2015 233 MB 12.1.2.27
Malwarebytes Anti-Malware version 2.1.6.1022 Malwarebytes Corporation 6/7/2015 57.6 MB 2.1.6.1022
Microsoft Office 365 - en-us Microsoft Corporation 5/19/2015 15.0.4719.1002
Microsoft OneDrive Microsoft Corporation 5/21/2015 35.8 MB 17.3.5860.0512
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 9/25/2014 4.84 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 9/25/2014 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 3/23/2015 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9/25/2014 8.85 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9/25/2014 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 3/23/2015 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 3/23/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 3/23/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 3/23/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 3/23/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 3/23/2015 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 3/23/2015 17.1 MB 12.0.21005.1
MPEG2 Codec(libmpeg2/mad) 3/23/2015
PhotoDirector CyberLink Corp. 3/23/2015 439 MB 5.0.3.5715
PowerDirector CyberLink Corp. 3/23/2015 911 MB 12.0.2.3220
Realtek Card Reader Realtek Semiconductor Corp. 9/25/2014 6.3.273.59
Realtek Ethernet Controller Driver Realtek 9/25/2014 8.32.508.2014
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 9/25/2014 6.0.1.7335
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 9/25/2014 1.0.0.37
Revo Uninstaller Pro 3.1.2 VS Revo Group, Ltd. 6/7/2015 35.5 MB 3.1.2
Spotify Spotify AB 6/4/2015 1.0.5.186.ga9c24d6a
Stellarium 0.13.2 Stellarium team 3/23/2015 182 MB 0.13.2
Synaptics Pointing Device Driver Synaptics Incorporated 3/22/2015 46.4 MB 18.1.15.1
VLC media player VideoLAN 3/29/2015 2.2.0
WildTangent Games WildTangent 3/22/2015 1.0.4.0


#9 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:46 AM

Posted 11 June 2015 - 08:53 PM

You can...I saw nothing but adware files. I see MBAM found more of Cassiopesa. It is likely that more will be needed to be remove once you post the 3 lists I asked for 

using CCleaner's Tools.

 

You posted the Uninstall list while I was writing this. Be sure to post the other two lists.....Windows Startups and Scheduled Tasks


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 thedoctorsgirl

thedoctorsgirl
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 June 2015 - 04:29 PM

Windows startup
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run f.lux Flux Software LLC "C:\Users\amy\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
Yes HKCU:Run GoogleChromeAutoLaunch_EC67B2ED551914E9AEA0EA8EE7EC5A11 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKCU:Run RESTART_STICKY_NOTES Microsoft Corporation C:\Windows\System32\StikyNot.exe
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run DivXMediaServer DivX, LLC C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Yes HKLM:Run DivXUpdate DivX, LLC "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\amy\AppData\Roaming\Dropbox\bin\Dropbox.exe
Scheduled tasks
Yes Task AdobeAAMUpdater-1.0-MicrosoftAccount-thedoctorsgirl@hotmail.com Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForamy Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForamy (null)
Yes Task Microsoft Office 15 Sync Maintenance for K-9-amy K-9 Microsoft Corporation C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
Yes Task Microsoft OneDrive Auto Update Task-S-1-5-21-774311760-1360046139-2302560507-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDrive.exe
No Task Optimize Start Menu Cache Files-S-1-5-21-774311760-1360046139-2302560507-1001
 


#11 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:46 AM

Posted 12 June 2015 - 06:27 PM

Suggest Disabling these Startups:

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run f.lux Flux Software LLC "C:\Users\amy\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
Yes HKCU:Run GoogleChromeAutoLaunch_EC67B2ED551914E9AEA0EA8EE7EC5A11 Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKCU:Run RESTART_STICKY_NOTES Microsoft Corporation C:\Windows\System32\StikyNot.exe
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run DivXMediaServer DivX, LLC C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Yes HKLM:Run DivXUpdate DivX, LLC "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\amy\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
Suggest Disabling These Tasks:
Yes Task AdobeAAMUpdater-1.0-MicrosoftAccount-thedoctorsgirl@hotmail.com Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForamy Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForamy (null)
Yes Task Microsoft Office 15 Sync Maintenance for K-9-amy K-9 Microsoft Corporation C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
 
Did you reset Google Chrome?
 
Is the computer performing up to par.....are there any problems...especially with ads/ popups/ misdirects of searches, etc?
 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 thedoctorsgirl

thedoctorsgirl
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 June 2015 - 07:03 PM

Disabled the ones you suggested. Computer is working fine. Haven't noticed any misdirects other than a small blip in tumblr that disappears after a few seconds. I just reset Google chrome and made sure that I deselected Cassiopesa from my tabs to open upon startup. 



#13 thedoctorsgirl

thedoctorsgirl
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 June 2015 - 07:06 PM

I just closed and reopened Chrome and it seems to be gone now. Thanks for the help. I will let you know if anything else pops up.  :thumbup2:



#14 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:46 AM

Posted 12 June 2015 - 07:36 PM

Good....If cassiopesa shows up again in Google Chrome you will need to do a clean uninstall....that means removing everything including your Chrome profile.

Sometimes even resetting just doesn't do it. Uninstall Google Chrome - Chrome Help

 

You're welcome...happy surfin' !


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users