Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Artemis!9A3A331881A1 virus


  • Please log in to reply
9 replies to this topic

#1 nyctwingles01

nyctwingles01

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 03 August 2015 - 10:08 PM

I am running Windows 7 Home Premium with Service Pack 1 (64-bit OS).  My son was using my computer and downloadedarrow-10x10.png some games and my computer started acting funny.

 

I have McAfeearrow-10x10.png, Malwarebytes and CCleaner running. Malwarebytes found tons of stuff and quarantined it which I then deleted.  Same with McAfeearrow-10x10.png which is how I found the name of the virus.  I uninstalled the items through CCleaner.  Every time I try to delete it with McAfee, it doesn't work.  I have also tried doing a system restore back to prior to the problems showing up and, not only did it fail, but it deleted all my system restores prior to the problems beginning.

 

Please help me.

 

Teresaarrow-10x10.png



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 04 August 2015 - 12:35 AM

My name is Bezukhov. Let us try a couple of other tools.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

To err is Human. To blame it on someone else is even more Human.

#3 nyctwingles01

nyctwingles01
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 04 August 2015 - 02:12 AM

Here are the logs.

 

For AdwCleaner:

 

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 02:50:22
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Teresa - TERESA-PC
# Running from : C:\Users\Teresa\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : netfilter64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\prefs.js
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Found : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
File Found : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
File Found : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\ProgramData\27906ae800001815
Folder Found : C:\ProgramData\39ad83800000052a
Folder Found : C:\ProgramData\6cb816e200005733
Folder Found : C:\ProgramData\7484804c0000545e
Folder Found : C:\ProgramData\7f5cccbc00001e9a
Folder Found : C:\ProgramData\EmailNotifier
Folder Found : C:\Users\Teresa\AppData\Local\globalUpdate
Folder Found : C:\Users\Teresa\AppData\Roaming\musicloud

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Max Computer Cleaner
Key Found : HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Max Computer Cleaner
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\7e96f697-4439-2caa-05a2-ab41c739487c
Key Found : HKLM\SOFTWARE\a5b4d4c1-9e2e-7aa7-038a-151e26a88382
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\dbdd445f-65f4-443e-a92a-abfd54bdabec
Key Found : HKLM\SOFTWARE\de71599e-61e3-4bf1-b822-8ce090456cd4
Key Found : HKLM\SOFTWARE\Email Notifier
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v44.0.2403.125

[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=M44C18509-9908-411B-8306-4F56D47E6241&SearchSource=58&CUI=&UM=8&UP=SPCDBE97EA-D0A4-4C05-9B3F-6F44DDAA1354&D=070615&q={searchTerms}&SSPV=SPJSB3TB_sp_ch
[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.iminent.com/?appId=5bc3e057-82d0-4fbd-805b-64def10710ed&ref=toolbox&q={searchTerms}

*************************

AdwCleaner[R0].txt - [6071 bytes] - [04/08/2015 02:50:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6130 bytes] ##########
 

And for Junkware:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Teresa on Tue 08/04/2015 at  2:57:45.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] netfilter64 [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\ISTJFARXNJFTYCTM



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CAD117E250D09666E1B69FB66CE31409



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\ProgramData\O142inGn.dat
Successfully deleted: [File] C:\Users\Teresa\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage



~~~ Folders

Failed to delete: [Folder] C:\ProgramData\AlawarEntertainment
Successfully deleted: [Folder] C:\Program Files (x86)\globalupdate
Successfully deleted: [Folder] C:\Program Files (x86)\predm
Successfully deleted: [Folder] C:\ProgramData\emailnotifier
Successfully deleted: [Folder] C:\Users\Teresa\Appdata\Local\globalupdate
Successfully deleted: [Folder] C:\Users\Teresa\AppData\Roaming\AlawarEntertainment
Successfully deleted: [Folder] C:\Windows\provider32
Successfully deleted: [Folder] C:\ProgramData\27906ae800001815
Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Successfully deleted: [Folder] C:\ProgramData\39ad83800000052a
Successfully deleted: [Folder] C:\ProgramData\6cb816e200005733
Successfully deleted: [Folder] C:\ProgramData\7484804c0000545e
Successfully deleted: [Folder] C:\ProgramData\7f5cccbc00001e9a



~~~ Chrome


[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/04/2015 at  3:09:40.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 04 August 2015 - 06:03 AM

We'll have a go with AdwCleaner again, this time to clean
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Let me know if there is any improvement.
To err is Human. To blame it on someone else is even more Human.

#5 nyctwingles01

nyctwingles01
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 04 August 2015 - 10:49 PM

Done and here's the log:

 

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 23:38:32
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Teresa - TERESA-PC
# Running from : C:\Users\Teresa\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Teresa\AppData\Roaming\musicloud
File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\prefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\7e96f697-4439-2caa-05a2-ab41c739487c
Key Deleted : HKLM\SOFTWARE\a5b4d4c1-9e2e-7aa7-038a-151e26a88382
Key Deleted : HKLM\SOFTWARE\dbdd445f-65f4-443e-a92a-abfd54bdabec
Key Deleted : HKLM\SOFTWARE\de71599e-61e3-4bf1-b822-8ce090456cd4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Max Computer Cleaner
Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v44.0.2403.125

[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=M44C18509-9908-411B-8306-4F56D47E6241&SearchSource=58&CUI=&UM=8&UP=SPCDBE97EA-D0A4-4C05-9B3F-6F44DDAA1354&D=070615&q={searchTerms}&SSPV=SPJSB3TB_sp_ch
[C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.iminent.com/?appId=5bc3e057-82d0-4fbd-805b-64def10710ed&ref=toolbox&q={searchTerms}

*************************

AdwCleaner[R0].txt - [6245 bytes] - [04/08/2015 02:50:22]
AdwCleaner[R1].txt - [5566 bytes] - [04/08/2015 23:37:08]
AdwCleaner[S0].txt - [5304 bytes] - [04/08/2015 23:38:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5363  bytes] ##########
 

 

Thus far, it seems to be working well.  I don't get the annoying pop-up from hell or the page changing every time I click on the screen.



#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 05 August 2015 - 01:24 AM

Thus far, it seems to be working well.  I don't get the annoying pop-up from hell or the page changing every time I click on the screen.

Excellent! One more scan, if you don't mind. A second opinion never hurts.

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by Bezukhov, 05 August 2015 - 01:32 AM.

To err is Human. To blame it on someone else is even more Human.

#7 nyctwingles01

nyctwingles01
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 07 August 2015 - 01:02 AM

Ok so I got this:

 

C:\Users\Teresa\AppData\Local\Video Call\Bin\VideoCall.dll    a variant of Win32/Toolbar.CrossRider.CY potentially unwanted application
C:\Users\Teresa\AppData\Roaming\7EoyIcR85gpPaE5IVzYCG    JS/Toolbar.Crossrider.I potentially unwanted application
 



#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 07 August 2015 - 05:30 PM

Those two that ESET found appears to be left overs. Everything else is in order, but if you want you could run ESET again.
To err is Human. To blame it on someone else is even more Human.

#9 nyctwingles01

nyctwingles01
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 07 August 2015 - 11:34 PM

I think I'm good now. Thank you so much for your help.  I'll probably be posting soon enough when I try to fix my son's computer.



#10 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 08 August 2015 - 12:50 AM

Your welcome. When you're ready to start on your son's computer start another topic.
To err is Human. To blame it on someone else is even more Human.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users