Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a fishy program pretending to be Google Chrome when it's not.


  • Please log in to reply
21 replies to this topic

#1 Malware_Infested

Malware_Infested

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 July 2015 - 08:59 PM

So a couple of days ago, I was using Google Chrome when all of a sudden my extensions (AdBlock, Ghostery, etc.) started getting uninstalled by themselves. When I went to check the settings, I found that a bunch of random "coupon" type of extensions had installed themselves and my existing ones were gone. Chrome also gave me a notification saying it was running on Developer Mode then crashed a bunch of times. I don't remember what I did right after that but when I tried to uninstall it, I saw that the little Chrome icon was gone, the version number it showed was incorrect, and the uninstall wizard was completely different. Although my computer said the program was run by "Google, Inc." (note: the real Google Chrome seems to have "Google Inc." - without the comma - as the publisher) a "verified publisher," the program name it shows is "46611ff.msi" and I have no idea what that means. Too scared to uninstall it, I just tried re-installing Chrome but it just kept updating this one, causing multiple crashes and extension uninstallations.

 
Finally, I was able to manually remove a bunch of malware files and reinstalled a hopefully clean real version of Chrome. However, the weird program still exists and I'm still too afraid to uninstall it. What should I do? My laptop is less than a year old. :(
 
P.S. I tried adwcleaner and malwarebytes, neither could detect it.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 PM

Posted 24 July 2015 - 04:39 AM

Welcome to BC !

 

Not sure what the problem is caused by. When you uninstalled Chrome did you uninstall your Chrome profile, too?

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

After posting the logs for the above two programs, do this:

 

After running CCleaner...post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Malware_Infested

Malware_Infested
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 29 July 2015 - 04:16 PM

Thank you! Below are the lists that you wanted. I've italicized the masquerade Chrome for your convenience. Also, when I went to Startups on CCleaner, I noticed that it showed a Firefox tab along with the other stuff, but I don't have Firefox installed right now. (You'll see it's not on the Uninstall list either.) I clicked on it and saw a few extensions that I disabled, hope that was ok. Apart from that, I tried using Chrome again today, opened up a random website, and noticed that my adblocker extension wasn't working properly because I got a good number of ads and popups. Sorry for the delay, I'm just terrified of using my laptop. 

 

~~~ Services
 
Successfully deleted: [Service] vToolbarUpdater18.8.0 [Reboot required]
 
~~~ Tasks
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2257221798-4048994258-1779504190-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update ace race
 
~~~ Files
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar
 
~~~ Chrome
 
[C:\Users\Me\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Me\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Me\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Me\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/29/2015 at 16:18:20.70
 
XXX
Eset did not detect anything. Posted no log.
 
XXX
Startup:
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
No HKCU:Run Facebook Update Facebook Inc. "C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
No HKCU:Run RESTART_STICKY_NOTES Microsoft Corporation C:\Windows\system32\StikyNot.exe
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
Yes HKLM:Run GlobalProtect Palo Alto Networks "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe"
No HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
No HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
No HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
No HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
No HKLM:Run TCrdMain TOSHIBA Corporation C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
No HKLM:Run TecoResident TOSHIBA Corporation C:\Program Files\TOSHIBA\Teco\TecoResident.exe
Yes HKLM:Run TosWaitSrv TOSHIBA Corporation %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
Yes HKLM:Run TSSSrv TOSHIBA Corporation C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
Yes HKLM:Run vProt AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
Yes Startup Common ISCTSystray.lnk Intel Corporation C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
No Startup Common vpngui.exe.lnk C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
No Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Me\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
Uninstall:
Adobe Digital Editions 4.0 Adobe Systems Incorporated 1/17/2015 20.3 MB 4.0.2
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 7/19/2015 17.6 MB 18.0.0.209
Adobe Reader XI (11.0.12)  MUI Adobe Systems Incorporated 7/19/2015 699 MB 11.0.12
Apple Application Support (32-bit) Apple Inc. 3/20/2015 95.9 MB 3.1.2
Apple Application Support (64-bit) Apple Inc. 3/20/2015 109 MB 3.1.2
Apple Mobile Device Support Apple Inc. 3/20/2015 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 3/20/2015 2.38 MB 2.1.3.127
AVG 2015 AVG Technologies 7/23/2015 2015.0.6086
AVG PC TuneUp 2015 AVG Technologies 7/23/2015 15.0.1001.604
AVG Web TuneUp AVG Technologies 7/24/2015 4.1.5.143
Bonjour Apple Inc. 3/20/2015 2.00 MB 3.0.0.10
CCleaner Piriform 7/29/2015 5.08
Cisco Systems VPN Client 5.0.07.0440 Cisco Systems, Inc. 1/15/2015 10.6 MB 5.0.7
CMEDIA USB2.0 Audio Device C-Media Electronics, Inc. 9/12/2014 1.00.0003
Dropbox Dropbox, Inc. 7/22/2015 3.6.9
DTS Studio Sound DTS, Inc. 9/12/2014 4.09 MB 1.01.3700
Facebook Video Calling 3.1.0.521 Skype Limited 11/7/2014 12.4 MB 3.1.521
GlobalProtect Palo Alto Networks 12/8/2014 21.0 MB 2.1.0
Google Chrome Google Inc. 7/23/2015 44.0.2403.89
Google Chrome Google, Inc. 7/21/2015 42.5 MB 66.88.49241
IBM SPSS Statistics 22 IBM Corp 10/20/2014 941 MB 22.0.0.0
Intel® Management Engine Components Intel Corporation 9/12/2014 9.5.23.1766
Intel® Network Connections Drivers Intel 9/12/2014 916 KB 18.5
Intel® Processor Graphics Intel Corporation 9/12/2014 10.18.10.3345
Intel® Rapid Start Technology Intel Corporation 9/12/2014 3.0.0.1059
Intel® Rapid Storage Technology Intel Corporation 9/12/2014 12.8.3.1000
Intel® Smart Connect Technology Intel Corporation 9/12/2014 30.4 MB 4.2.40.2439
Intel® Wireless Bluetooth® 4.0 Intel Corporation 9/12/2014 2.99 MB 17.0.1414.03
Intel® PROSet/Wireless Software Intel Corporation 6/6/2015 278 MB 17.16.0
Microsoft Office 365 ProPlus - en-us Microsoft Corporation 7/21/2015 15.0.4737.1003
Microsoft Silverlight Microsoft Corporation 5/13/2015 100 MB 5.1.40416.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10/20/2014 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10/21/2014 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/13/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/13/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 6/6/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 6/6/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 Microsoft Corporation 9/12/2014 20.6 MB 12.0.20617.1
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 Microsoft Corporation 9/12/2014 17.3 MB 12.0.20617.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/12/2015 10.0.50903
PeaZip 5.4.1 Giorgio Tani 10/5/2014 24.5 MB
Pharos 10/12/2014
Realtek Card Reader Realtek Semiconductor Corp. 9/12/2014 6.2.9200.21234
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 9/12/2014 6.0.1.7318
Skype Click to Call Microsoft Corporation 7/23/2015 9.84 MB 7.4.0.9058
Skype™ 7.7 Skype Technologies S.A. 7/22/2015 69.3 MB 7.7.102
TOSHIBA Application Installer Toshiba Corporation 9/12/2014 3.77 MB 9.0.2.4
TOSHIBA eco Utility Toshiba Corporation 9/12/2014 25.1 MB 2.4.1.6404
TOSHIBA Face Recognition Toshiba Corporation 9/12/2014 85.4 MB 4.0.2.1
TOSHIBA Function Key Toshiba Corporation 9/12/2014 37.5 MB 1.1.04.6403
TOSHIBA Password Utility Toshiba Corporation 9/12/2014 7.50 MB 3.03.00.03
TOSHIBA PC Health Monitor Toshiba Corporation 9/12/2014 68.4 MB 1.10.1.6400
TOSHIBA Quality Application TOSHIBA 9/12/2014 1.0.9.3
TOSHIBA Recovery Media Creator Toshiba Corporation 9/12/2014 3.1.02.55065006
TOSHIBA Service Station Toshiba Corporation 9/12/2014 2.92 MB 2.6.13
TOSHIBA System Driver Toshiba Corporation 9/12/2014 5.72 MB 1.00.0033
TOSHIBA System Settings Toshiba Corporation 9/12/2014 3.73 MB 2.0.1.32003
TOSHIBA User's Guide TOSHIBA 9/12/2014 1.00.02
TOSHIBARegistration TOSHIBA 9/12/2014 1.1.6
Visual Studio 2012 x64 Redistributables AVG Technologies 7/23/2015 1.89 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 7/23/2015 1.69 MB 14.0.0.1
VLC media player VideoLAN 1/25/2015 2.1.5
µTorrent BitTorrent Inc. 7/24/2015 3.4.3.40760


#4 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 PM

Posted 29 July 2015 - 05:31 PM

Disable these Startups: (Use CCleaner by clicking on each item to highlight and then on the right choose Disable, Remove or Uninstall)

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKLM:Run vProt AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" (Remove...not just Disable...its junk ware)

 

Uninstall these programs:

AVG PC TuneUp 2015 AVG Technologies 7/23/2015 15.0.1001.604   Use Revo to uninstall
AVG Web TuneUp AVG Technologies 7/24/2015 4.1.5.143   Use Revo to uninstall
Google Chrome Google Inc. 7/23/2015 44.0.2403.89 (Be sure to uninstall your Chrome profile on both) Uninstall both using Download Revo Uninstaller Freeware in Advanced mode
Google Chrome Google, Inc. 7/21/2015 42.5 MB 66.88.49241
Skype Click to Call Microsoft Corporation 7/23/2015 9.84 MB 7.4.0.9058 (Unless you actually click on phone #s in ads...that is all it allows you to do...risky)
µTorrent BitTorrent Inc. 7/24/2015 3.4.3.40760 (high risk to use to download free stuff and is ad intensive....possible source of your problem)

 

Please post the Scheduled Tasks as requested....unless there are none...if so, let me know...thanks


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Malware_Infested

Malware_Infested
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 29 July 2015 - 07:46 PM

Hi again,

 

I did everything as you instructed, and noticed that when I uninstalled the fake Chrome, it removed the other version of Chrome as well as one of my Internet Explorer icons. Anyway, here's the scheduled tasks. Sorry if I forgot to post it last time.

 

This was before doing the uninstallments:

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
No Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
No Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
No Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
Yes Task FunFaces  c:\programdata\{27548a40-4375-17f7-2754-48a404372901}\2540350249331302743b.exe --startup=1 --single
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-1001  
Yes Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-500  
Yes Task {18EF95C3-62C6-4664-B0DD-4020E26FEAD1} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe"
http://ui.skype.com/ui/0/7.7.0.102/en/abandoninstall?source=lightinstaller&page=tsBing
Yes Task {3A2D1E10-912D-4721-811C-412E85EE7A08} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=6.20.0.104&LastError=12002
Yes Task {B1A0AF1C-390E-4808-9593-3FAD3BE7C9B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ActiveDeals\ActiveDeals.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Yes Task {FA15EAE2-2FF1-40BD-A5A4-61A17B1E4023} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe"
http://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsProgressBar

 

And this is after:

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c

Yes Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver

Yes Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler

Yes Task FunFaces  c:\programdata\{27548a40-4375-17f7-2754-48a404372901}\2540350249331302743b.exe --startup=1 --single

Yes Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-1001  

Yes Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-500  

Yes Task {18EF95C3-62C6-4664-B0DD-4020E26FEAD1}  "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.7.0.102/en/abandoninstall?source=lightinstaller&page=tsBing

Yes Task {3A2D1E10-912D-4721-811C-412E85EE7A08}  "c:\program files (x86)\google\chrome\application\chrome.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=6.20.0.104&LastError=12002

Yes Task {B1A0AF1C-390E-4808-9593-3FAD3BE7C9B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ActiveDeals\ActiveDeals.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""

Yes Task {FA15EAE2-2FF1-40BD-A5A4-61A17B1E4023}  "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsProgressBar

 

Thanks for your help! I haven't done anything else to my computer after this, including reinstalling Chrome.

 

I've also noticed another new problem, whereby the two short-cut functions on my laptop (Toshiba Portege Z30t-A) have suddenly stopped working since this morning. One of the functions activated/ deactivated the eco utility when I tapped it twice, the other froze the cursor. I've checked exhaustively on the Toshiba forum but can't seem to fix it. This might be the wrong thread for it, but I was wondering if you knew anything about it either way. My illumination functions are also not working.
 



#6 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 PM

Posted 29 July 2015 - 08:37 PM

Disable these tasks:

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c

Yes Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver

Yes Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler

Yes Task FunFaces  c:\programdata\{27548a40-4375-17f7-2754-48a404372901}\2540350249331302743b.exe --startup=1 --single

Yes Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-1001  

Yes Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-500 

 

Remove these Tasks:

 

Yes Task {18EF95C3-62C6-4664-B0DD-4020E26FEAD1}  "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.7.0.102/en/abandoninstall?source=lightinstaller&page=tsBing

Yes Task {3A2D1E10-912D-4721-811C-412E85EE7A08}  "c:\program files (x86)\google\chrome\application\chrome.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=6.20.0.104&LastError=12002

Yes Task {B1A0AF1C-390E-4808-9593-3FAD3BE7C9B5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ActiveDeals\ActiveDeals.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""

Yes Task {FA15EAE2-2FF1-40BD-A5A4-61A17B1E4023}  "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsProgressBar

 

 

I pretty sure I haven't asked you to do anything that would cause the new problems. Yes, it would be better to start a new topic in the appropriate forum. Is the computer still under warranty?

 

You can try using Windows Repair (All In One) Download

If you do use it be sure to perform Option #4

 

Windows Repair can perform the following tasks:

  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Repair Internet Explorer
  • Repair MDAC & MS Jet
  • Repair Hosts File
  • Remove Policies Set By Infections
  • Repair Icons
  • Repair Winsock & DNS Cache
  • Remove Temp Files
  • Repair Proxy Settings
  • Unhide Non System Files
  • Repair Windows Updates
  • Repair CD/DVD Missing/Not Working

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Malware_Infested

Malware_Infested
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 29 July 2015 - 08:50 PM

Hi,

Thanks. I'll do that and get back to you. And of course I didn't mean to suggest that your instructions caused any problems. When I said "this morning" I meant before doing anything you'd suggested. I just logged in and noticed they weren't working. Should've been more clear about that, my bad. I just asked for help because, well, you seem to understand my computer a lot better than I do. :)

Yes, warranty expires in September.

#8 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 PM

Posted 29 July 2015 - 08:55 PM

Thanks....if and when you decide to install Chrome again, be sure you get it from the Google website....not some 3rd party download site.

 

It could be that after doing all of the cleanup that a reboot may fix the problem. I've seen that happen often. Be sure to cross your fingers while rebooting. :)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Malware_Infested

Malware_Infested
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 29 July 2015 - 09:15 PM

Thanks! Would you recommend I not use Chrome at all?

#10 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 PM

Posted 30 July 2015 - 07:07 AM

That's a users choice. Personally, I only use Firefox. Which reminds me, your Firefox profile is likely still on your computer. You can do a file search for Mozilla, Mozilla Firefox and/ or Firefox and delete all that is found. Some of the adware you removed may still be in that profile.

 

AVG installed its adware, too. It may attempt to do so again during an update/ upgrade of AVG....not their daily update of its lists of signatures.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Malware_Infested

Malware_Infested
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 31 July 2015 - 12:30 PM

Hi again,

 

So this is what my Scheduled Tasks looks like now:

No Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
No Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
No Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
No Task DropboxUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Dropbox, Inc. C:\Users\Me\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
No Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001Core Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
No Task FacebookUpdateTaskUserS-1-5-21-2257221798-4048994258-1779504190-1001UA Facebook Inc. C:\Users\Me\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-1001  (This one keeps enabling itself after each reboot, though.)
No Task Optimize Start Menu Cache Files-S-1-5-21-2257221798-4048994258-1779504190-500  

 

I also deleted both my Google and Mozilla profiles from the computer.

 

After some messing around with the Toshiba Utilities, I got my illumination keys to work again although the touchpad problem persists. I think I'll try the Window Repair you suggested. You said to do the "Repair WMI" thing, right?

 

And ok, I might just end up downloading Chrome again because I'm a lot more comfortable using it but I'll install the adblock and avast extensions before I do anything else (unless you'd recommend a better ad blocker or internet security extension?)
 

As for AVG, I'll keep my eye out for adware. A friend suggested I switch to Avira, though. What do you think?

 

Sorry for the myriad of questions! I don't get back on campus for another 3 weeks and without help of the IT Desk, I'm...well...helpless. You've been a great help, though. Thank you!!!

 



#12 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 PM

Posted 31 July 2015 - 01:08 PM

That was one of the repairs that the program will perform.

 

You said....I'll install the adblock and avast extensions....I think you meant AVG and I don't suggest intentionally installing any AVG browser extension/ add-on....not needed and adware.

 

I use Adblock Plus and it is compatible with Chrome. Once Adblock Plus is installed you should click on its ABP icon and choose FILTER PREFERENCES. Then UNcheck Allow Some Nonintrusive advertising.

 

I don't think there would be much difference in the protection offered between AVG and Avira.

 

Just about any free app, extension, program you install will either ask to install its adware or will install it without your permission.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Malware_Infested

Malware_Infested
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 31 July 2015 - 03:18 PM

Okay! Thank you! And this IS the right place to download Chrome from, right? http://www.google.com/chrome/



#14 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:51 PM

Posted 31 July 2015 - 03:48 PM

Yes it is...and....Adblock Plus - Chrome Web Store


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Malware_Infested

Malware_Infested
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 31 July 2015 - 04:10 PM

Awesome, thanks! Am I supposed to get an "Application Run - Security warning" when I try to download Chrome? Says:

Name: Google Installer

From: dl.google.com

Publisher: Google Inc

 

Sorry if I'm being paranoid, I just don't want any more of those pesky ad things.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users