Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers hi-jacked? and more problems


  • Please log in to reply
5 replies to this topic

#1 fmedwards3

fmedwards3

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 15 July 2015 - 11:09 AM

I posted this last night but got no replies -- maybe posted in wrong place??

*************

Running Win7, 64 bit,SERVICE PACKarrow-10x10.png 1

Don't know what I did, but computer may have been running slower the past few days -- but it really hit hard today.

BROWSERarrow-10x10.png status bar shows 'transfering ....', 'connecting ....', etc to strange sites.

Had to disable unknown proxy to connect yesterday and again today.

Also getting strange links with tip  "Click to continue > by Provider"

 

Please help



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:37 PM

Posted 15 July 2015 - 11:13 AM

Use the programs below to find and remove adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 16 July 2015 - 01:56 AM

I ran JRT twice but it did not display a log file, the file was not on my desktop and a windows search for the file returned nothing.

My laptop seems to be working.

 

 

 

 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 20:37:24
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : fme - LATITUDE13
# Running from : C:\Users\fme\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Live Malware Protection
Service Found : PrivoxyService

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml
File Found : C:\Users\fme\AppData\Roaming\SBAMWsc.log
File Found : C:\Users\fme\AppData\Roaming\SBAMWsc.log
File Found : C:\Users\fmeadmin\AppData\Roaming\SBAMWsc.log
File Found : C:\Users\fmeadmin\AppData\Roaming\SBAMWsc.log
File Found : C:\Windows\mlwps.exe
Folder Found : C:\Program Files (x86)\IT Viewer
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\fme\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogmhlelnjpjgahofccgbfnmojkmlfep
Folder Found : C:\Users\fme\AppData\Roaming\InetStat
Folder Found : C:\Users\fme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Found : C:\Users\fme\AppData\Roaming\Updater
Folder Found : C:\Users\fmeadmin\AppData\LocalLow\AskToolbar

***** [ Scheduled tasks ] *****

Task Found : Malware Cleaner
Task Found : IT Viewer Uninstaller

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{62B84FD6-65D1-4753-BC59-E1B39D6EEBDE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : [x64] HKCU\Software\InetStat
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{62B84FD6-65D1-4753-BC59-E1B39D6EEBDE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKLM\SOFTWARE\SecureWebChannel
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[dxm4wb9f.default] - Line Found : user_pref("browser.newtab.url", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");
[dxm4wb9f.default] - Line Found : user_pref("browser.startup.homepage", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");

-\\ Google Chrome v43.0.2357.132

[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4009 bytes] - [15/07/2015 20:37:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4068 bytes] ##########

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 20:49:31
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : fme - LATITUDE13
# Running from : C:\Users\fme\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : Live Malware Protection
[#] Service Deleted : PrivoxyService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\IT Viewer
Folder Deleted : C:\Users\fme\AppData\Roaming\InetStat
Folder Deleted : C:\Users\fme\AppData\Roaming\Updater
Folder Deleted : C:\Users\fme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Deleted : C:\Users\fmeadmin\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\fme\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogmhlelnjpjgahofccgbfnmojkmlfep
File Deleted : C:\Windows\mlwps.exe
File Deleted : C:\Users\fme\AppData\Roaming\SBAMWsc.log
File Deleted : C:\Users\fmeadmin\AppData\Roaming\SBAMWsc.log
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml

***** [ Scheduled tasks ] *****

Task Deleted : Malware Cleaner
Task Deleted : IT Viewer Uninstaller

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{62B84FD6-65D1-4753-BC59-E1B39D6EEBDE}
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKLM\SOFTWARE\SecureWebChannel
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[dxm4wb9f.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");
[dxm4wb9f.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");

-\\ Google Chrome v43.0.2357.132

[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4155 bytes] - [15/07/2015 20:37:24]
AdwCleaner[S0].txt - [3694 bytes] - [15/07/2015 20:49:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3753  bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/15/2015
Scan Time: 8:56 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.15.07
Rootkit Database: v2015.07.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: fme

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 573474
Time Elapsed: 35 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Ask.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8E04692B-D429-44B0-B85A-7BA73BFB2BB7}, Quarantined, [5cb79949e2a866d00516355db450bc44],
PUP.Optional.Ask.A, HKU\S-1-5-21-963752047-1521292436-1757112234-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5AF7F683-FB11-40A6-82D5-D658F4AF63A3}, Quarantined, [b85bb42ee2a8a98d41da603209fbbd43],

Registry Values: 2
PUP.Optional.Ask.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8E04692B-D429-44B0-B85A-7BA73BFB2BB7}|URL, http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=1D6EFD4D-68C8-4CCC-B583-C358E51CE6B4&apn_sauid=564CBAE7-D6E8-48B6-AD49-033D84594CDF&, Quarantined, [5cb79949e2a866d00516355db450bc44]
PUP.Optional.Ask.A, HKU\S-1-5-21-963752047-1521292436-1757112234-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5AF7F683-FB11-40A6-82D5-D658F4AF63A3}|URL, http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1D6EFD4D-68C8-4CCC-B583-C358E51CE6B4&apn_sauid=564CBAE7-D6E8-48B6-AD49-033D84594CDF&, Quarantined, [b85bb42ee2a8a98d41da603209fbbd43]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\c56506a748e98a2baeb872654fcb9c75\content, Quarantined, [7f94f0f2afdb45f1d4af0661cd38c43c],
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\c56506a748e98a2baeb872654fcb9c75, Quarantined, [7f94f0f2afdb45f1d4af0661cd38c43c],

Files: 7
Trojan.Downloader, C:\Users\fme\AppData\Roaming\E9AD.tmp.exe, Quarantined, [c94a6f7327630630a9f3a2d4c141da26],
PUP.Optional.SimpleFiles.A, C:\Users\fme\Downloads\the_forrest_mims_circuit_scrapbook_vol_1_rapidshare_downloader (1).exe, Quarantined, [779cbb27e6a4d165ac3ae67d7f8658a8],
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\c56506a748e98a2baeb872654fcb9c75\content\load.js, Quarantined, [7f94f0f2afdb45f1d4af0661cd38c43c],
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\c56506a748e98a2baeb872654fcb9c75\content\overlay.xul, Quarantined, [7f94f0f2afdb45f1d4af0661cd38c43c],
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\c56506a748e98a2baeb872654fcb9c75\chrome.manifest, Quarantined, [7f94f0f2afdb45f1d4af0661cd38c43c],
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\c56506a748e98a2baeb872654fcb9c75\install.rdf, Quarantined, [7f94f0f2afdb45f1d4af0661cd38c43c],
PUP.Optional.GoSearch.C, C:\Users\fme\AppData\Roaming\Mozilla\Firefox\Profiles\dxm4wb9f.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename.US", "GoSearch");), Replaced,[37dc1ac8e6a4a98d42d9df8d4abbab55]

Physical Sectors: 0
(No malicious items detected)


(end)
 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 20:37:24
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : fme - LATITUDE13
# Running from : C:\Users\fme\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Live Malware Protection
Service Found : PrivoxyService

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml
File Found : C:\Users\fme\AppData\Roaming\SBAMWsc.log
File Found : C:\Users\fme\AppData\Roaming\SBAMWsc.log
File Found : C:\Users\fmeadmin\AppData\Roaming\SBAMWsc.log
File Found : C:\Users\fmeadmin\AppData\Roaming\SBAMWsc.log
File Found : C:\Windows\mlwps.exe
Folder Found : C:\Program Files (x86)\IT Viewer
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\fme\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogmhlelnjpjgahofccgbfnmojkmlfep
Folder Found : C:\Users\fme\AppData\Roaming\InetStat
Folder Found : C:\Users\fme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Found : C:\Users\fme\AppData\Roaming\Updater
Folder Found : C:\Users\fmeadmin\AppData\LocalLow\AskToolbar

***** [ Scheduled tasks ] *****

Task Found : Malware Cleaner
Task Found : IT Viewer Uninstaller

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{62B84FD6-65D1-4753-BC59-E1B39D6EEBDE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : [x64] HKCU\Software\InetStat
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{62B84FD6-65D1-4753-BC59-E1B39D6EEBDE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKLM\SOFTWARE\SecureWebChannel
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[dxm4wb9f.default] - Line Found : user_pref("browser.newtab.url", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");
[dxm4wb9f.default] - Line Found : user_pref("browser.startup.homepage", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");

-\\ Google Chrome v43.0.2357.132

[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4009 bytes] - [15/07/2015 20:37:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4068 bytes] ##########
 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 20:49:31
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : fme - LATITUDE13
# Running from : C:\Users\fme\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : Live Malware Protection
[#] Service Deleted : PrivoxyService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\IT Viewer
Folder Deleted : C:\Users\fme\AppData\Roaming\InetStat
Folder Deleted : C:\Users\fme\AppData\Roaming\Updater
Folder Deleted : C:\Users\fme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Deleted : C:\Users\fmeadmin\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\fme\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogmhlelnjpjgahofccgbfnmojkmlfep
File Deleted : C:\Windows\mlwps.exe
File Deleted : C:\Users\fme\AppData\Roaming\SBAMWsc.log
File Deleted : C:\Users\fmeadmin\AppData\Roaming\SBAMWsc.log
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml

***** [ Scheduled tasks ] *****

Task Deleted : Malware Cleaner
Task Deleted : IT Viewer Uninstaller

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{62B84FD6-65D1-4753-BC59-E1B39D6EEBDE}
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKLM\SOFTWARE\SecureWebChannel
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[dxm4wb9f.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");
[dxm4wb9f.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://gosearch.me/?u=c56506a748e98a2baeb872654fcb9c75&c=up1&src=hp&inst=1436853492");

-\\ Google Chrome v43.0.2357.132

[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4155 bytes] - [15/07/2015 20:37:24]
AdwCleaner[S0].txt - [3694 bytes] - [15/07/2015 20:49:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3753  bytes] ##########
 



#4 buddy215

buddy215

  • Moderator
  • 13,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:37 PM

Posted 16 July 2015 - 06:26 AM

I don't see the Eset Online scan results.

 

I'm not sure why JRT did not leave a log if it completed its scan and removal. Try removing JRT and reinstalling. Be sure to allow it time to update and run.

 

After running CCleaner...post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 16 July 2015 - 09:56 PM

Thanks for your continued assistance.

 

I ran JRT several times and can find no log file.  It runs in a DOS window, and the window closes so quickly that I can't read the last message displayed.  The last readable message may be 'checking registry', then 'checking browser', then ???????? and the window closes.  You mentioned uninstalling and reinstalling JRT.  I dont think it installs as it appears to run as an executable from the desktop - but I did delete it and re-download, but still no log file or any indication it terminatred normally.

 

ESET results

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=89728d693a0eab44871778328046ef8c
# end=init
# utc_time=2015-07-16 03:11:28
# local_time=2015-07-15 10:11:28 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24821
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=89728d693a0eab44871778328046ef8c
# end=updated
# utc_time=2015-07-16 03:14:27
# local_time=2015-07-15 10:14:27 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=89728d693a0eab44871778328046ef8c
# engine=24821
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-16 05:41:22
# local_time=2015-07-16 12:41:22 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188568732 0 0
# scanned=215538
# found=14
# cleaned=14
# scan_time=8815
sh=BB5260311D84A367FE98DD13F29C43205FAA58CF ft=1 fh=a6caf9f7a027628c vn="a variant of Win32/RiskWare.Astori.C application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\fme\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=8BCB68B7790325A2C90D0FCB4BD01895C753485B ft=1 fh=e9ef22c53a4c5acf vn="a variant of Win32/Techsnab.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\mlwps.exe.vir"
sh=15D1B9BDB73D0D2B9202439ADB44E2B6426E12B7 ft=1 fh=7c7ae2cf5a2afb43 vn="a variant of Win32/OpenCandy.C potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\fme\AppData\Roaming\uTorrent\uTorrent.exe"
sh=15D1B9BDB73D0D2B9202439ADB44E2B6426E12B7 ft=1 fh=7c7ae2cf5a2afb43 vn="a variant of Win32/OpenCandy.C potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\fme\AppData\Roaming\uTorrent\updates\3.4.2_38758.exe"
sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\fme\Desktop\ccsetup507.exe"
sh=19200FBB398BFC110A3F8E360802A3F22720B0FC ft=0 fh=0000000000000000 vn="a variant of Win32/Techsnab.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\fme\Downloads\Build Your Own CNC Machine pdf.zip"
sh=8B47F8F9C0CB46B01F19259C99F08D57223581C9 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\fme\Downloads\Hirens.BootCD.15.2.zip"
sh=F076ABF742F94554B2D932021A1D031545A30901 ft=1 fh=f9a0377df65ae757 vn="a variant of Win32/TFTPD32.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\fme\Downloads\tb_free.exe"
sh=613BDCDC4B16EB466124A549D021646EAFB70B7C ft=1 fh=9de8d346ff807dc8 vn="Win32/Bundled.Toolbar.Ask potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\fmeadmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\269KLT4D\ApnToolbarInstaller[1].exe"
sh=4907ADEB74AA33DDAD164B84BC26F26D1C703E24 ft=1 fh=9c8f5f5a896f0190 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\fmeadmin\AppData\Local\Temp\ApnStub.exe"
sh=6846A2F81389B7C2A61509D795CE6B6B16E7297F ft=1 fh=1a23ae1e279c7a5f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\fmeadmin\AppData\Local\Temp\ASKAA71.tmp"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\fmeadmin\AppData\Local\Temp\AskSLib.dll"
sh=DEAD469FFF7CE0F1BE574947EDFFA13AB6254BB3 ft=1 fh=a553c6fac1ec1496 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\fmeadmin\AppData\Local\Temp\is1598539481\9146986_Setup.DAT"
sh=DEAD469FFF7CE0F1BE574947EDFFA13AB6254BB3 ft=1 fh=a553c6fac1ec1496 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\fmeadmin\Downloads\FoxitReader510.1021_enu_Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=89728d693a0eab44871778328046ef8c
# end=init
# utc_time=2015-07-16 10:59:59
# local_time=2015-07-16 05:59:59 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24839
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=89728d693a0eab44871778328046ef8c
# end=updated
# utc_time=2015-07-16 11:01:05
# local_time=2015-07-16 06:01:05 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=89728d693a0eab44871778328046ef8c
# engine=24839
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-17 02:02:37
# local_time=2015-07-16 09:02:37 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188642006 0 0
# scanned=214384
# found=0
# cleaned=0
# scan_time=10891
 

cccleaner startups

No    HKCU:Run    Akamai NetSession Interface        "C:\Users\fme\AppData\Local\Akamai\netsession_win.exe"
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\fme\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes    HKCU:Run    SandboxieControl        "C:\Program Files\Sandboxie\SbieCtrl.exe"
Yes    HKLM:Run    DBRMTray    Dell Computer Corporation    C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
Yes    HKLM:Run    EaseUs Tray    CHENGDU YIWO Tech Development Co., Ltd    "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
Yes    HKLM:Run    EaseUs Watch    CHENGDU YIWO Tech Development Co., Ltd    "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes    HKLM:Run    SynTPEnh    Synaptics Incorporated    %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes    HKLM:Run    USCService    Broadcom Corporation    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
Yes    HKLM:Run    vmware-tray.exe    VMware, Inc.    "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
Yes    HKLM:RunOnce    DBRMTray    Microsoft    C:\Dell\DBRM\Reminder\TrayApp.exe
Yes    Startup Common    Bluetooth.lnk    Broadcom Corporation.    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
No    Startup Common    TdmNotify.lnk    Wave Systems Corp.    C:\PROGRA~1\WAVESY~1\TRUSTE~1\TDMNOT~1.EXE
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\fme\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

cccleaner scheduled tasks

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskUserS-1-5-21-963752047-1521292436-1757112234-1006Core    Dropbox, Inc.    C:\Users\fme\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-963752047-1521292436-1757112234-1006UA    Dropbox, Inc.    C:\Users\fme\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskMachineCore        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    Windows Software        C:\Users\fme\AppData\Roaming\Updater\winupd.exe
 

 

cccleaner programs installed

7-Zip 9.38 beta        2/2/2015        
Adobe Flash Player 18 ActiveX    Adobe Systems Incorporated    7/16/2015    17.1 MB    18.0.0.209
Adobe Flash Player 18 NPAPI    Adobe Systems Incorporated    7/16/2015    17.6 MB    18.0.0.209
Bitnami Precurio Stack    Bitnami    6/9/2015    393 MB    4.3-0
Broadcom NetXtreme-I Netlink Driver and Management Installer    Broadcom Corporation    8/29/2011        12.54.02
CCleaner    Piriform    7/15/2015        5.07
Dell Backup and Recovery Manager    Dell Inc.    8/29/2011        1.3.1
Dell ControlPoint Security Manager    Dell Inc.    8/29/2011        1.6.468.86
Dell Security Device Driver Pack    Dell Inc.    8/29/2011        1.4.056
Dell System Detect    Dell    6/14/2015        3.3.2.1
Dell System Detect - 1    Dell    6/14/2015        6.2.0.5
Dell Touchpad    Synaptics Incorporated    8/29/2011        14.0.19.0
DeskNow        5/17/2015        
Dropbox    Dropbox, Inc.    7/12/2015        3.6.8
EaseUS Todo Backup Free 4.0    CHENGDU YIWO Tech Development Co., Ltd    4/13/2012    159 MB    4.0.0.5
ESET Online Scanner v3        7/15/2015        
Foxit Cloud    Foxit Software Inc.    12/19/2014    6.73 MB    2.3.25.1124
Foxit Reader    Foxit Software Inc.    12/19/2014    124 MB    7.0.6.1126
Gemalto        8/29/2011        
Git version 1.9.5-preview20150319    The Git Development Community    4/19/2015    100 MB    1.9.5-preview20150319
GitHub    GitHub, Inc.    4/23/2015        2.13.2.4
Google Chrome    Google Inc.    2/2/2013        43.0.2357.132
Google Earth    Google    12/19/2014    180 MB    7.1.2.2041
HDSDR 2.62    DG0JBJ    7/11/2013    2.72 MB    
Intel® Graphics Media Accelerator Driver    Intel Corporation    8/29/2011    54.2 MB    8.15.10.1883
Intel® PROSet/Wireless WiFi Software    Intel Corporation    8/29/2011    96.0 MB    13.00.0000
Java 7 Update 71    Oracle    10/25/2014    119 MB    7.0.710
Java™ 6 Update 45 (64-bit)    Oracle    12/19/2014    92.3 MB    6.0.450
Malwarebytes Anti-Malware version 2.1.8.1057    Malwarebytes Corporation    7/15/2015    64.5 MB    2.1.8.1057
Microsoft .NET Framework 4.5    Microsoft Corporation    4/19/2015    38.8 MB    4.5.50709
Microsoft Office 365 - en-us    Microsoft Corporation    6/23/2015        15.0.4727.1003
Microsoft Silverlight    Microsoft Corporation    5/14/2015    100 MB    5.1.40416.0
Microsoft SQL Server 2005    Microsoft Corporation    7/14/2015        
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    8/29/2011    1.69 MB    3.1.0000
Microsoft SQL Server Native Client    Microsoft Corporation    3/13/2015    5.83 MB    9.00.5000.00
Microsoft SQL Server Setup Support Files (English)    Microsoft Corporation    7/15/2015    25.1 MB    9.00.5000.00
Microsoft SQL Server VSS Writer    Microsoft Corporation    3/13/2015    1.10 MB    9.00.5000.00
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    3/13/2015    300 KB    8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    8/29/2011    620 KB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    6/14/2015    784 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    6/16/2015    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    6/8/2015    1.42 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    7/11/2013    596 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    6/14/2015    228 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    3/13/2015    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    3/13/2015    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    3/13/2015    11.1 MB    10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    3/13/2015        10.0.50903
Mozilla Firefox 39.0 (x86 en-US)    Mozilla    7/15/2015    84.7 MB    39.0
Mozilla Maintenance Service    Mozilla    12/19/2014    326 KB    34.0.5
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    11/4/2011    1.27 MB    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    11/4/2011    1.33 MB    4.20.9876.0
NirSoft ProduKey        1/7/2015        
Preboot Manager        8/29/2011        
R for Windows 3.2.0    R Core Team    4/20/2015    149 MB    3.2.0
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    8/29/2011        6.0.1.6015
RStudio    RStudio    4/20/2015        0.98.1103
Rtools 3.2    The R Foundation    4/20/2015    253 MB    
VMware Workstation    VMware, Inc    6/14/2015    3.25 GB    11.1.0
WIDCOMM Bluetooth Software    Broadcom Corporation    8/29/2011    144 MB    6.2.1.100
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)    Dell Inc.    8/29/2011        09/11/2009 1.0.1.6
Windows Live Essentials    Microsoft Corporation    8/29/2011        15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections    Microsoft Corporation    8/29/2011    5.57 MB    15.4.5722.2
µTorrent    BitTorrent Inc.    5/14/2015        3.4.2.38758
 



#6 buddy215

buddy215

  • Moderator
  • 13,516 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:37 PM

Posted 16 July 2015 - 11:08 PM

Disable these Windows Startups: (Use CCleaner by clicking on each item to highlight and then choose Disable, Remove or Uninstall)

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\fme\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes    HKLM:Run    DBRMTray    Dell Computer Corporation    C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
Yes    HKLM:Run    EaseUs Tray    CHENGDU YIWO Tech Development Co., Ltd    "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
Yes    HKLM:Run    EaseUs Watch    CHENGDU YIWO Tech Development Co., Ltd    "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:RunOnce    DBRMTray    Microsoft    C:\Dell\DBRM\Reminder\TrayApp.exe
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\fme\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

Disable these tasks:

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskUserS-1-5-21-963752047-1521292436-1757112234-1006Core    Dropbox, Inc.    C:\Users\fme\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-963752047-1521292436-1757112234-1006UA    Dropbox, Inc.    C:\Users\fme\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskMachineCore        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    Windows Software        C:\Users\fme\AppData\Roaming\Updater\winupd.exe (Remove...not just Disable...Adware)

 

Uninstall these programs:

Java 7 Update 71    Oracle    10/25/2014    119 MB    7.0.710  (Old Java programs are malware magnets)
Java™ 6 Update 45 (64-bit)    Oracle    12/19/2014    92.3 MB    6.0.450
 µTorrent    BitTorrent Inc.    5/14/2015        3.4.2.38758 (Adware intensive and dangerous to download free stuff....which often contains dangerous malware)

 

After doing the above....let me know if there are problems...especially adware, popups, browser redirects, etc.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users