Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware...please help with your best for cleaning and deterrence


  • Please log in to reply
10 replies to this topic

#1 carbon29094

carbon29094

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 22 August 2015 - 07:25 PM

I am running Malwarebytes Premium and Windows Defender.   I have an HP laptop with Intel i7 processor and just fired Chrome browser.  I now have Firefox which gave me fits before, but is better than the collusion Chrome has with its contracted advertisors to post advertising too frequently.  Did Chrome leave a legacy for me ... a residual that keeps the ads coming, or is it something else or is it both ?    But first my computer needs a scrub.

 

Where is the problem ?  Adware or  the former Chrome I had?    Chrome tracked my every move on the web and customizes ads based on where I have been with their paying advertisors. 

 

Chrome was listed many places in my task manager tracking me and matching up my supposed interests with Chrome's contracted advertisors who best match my interests when I don't want to buy any thing.  The ads interfrere with my reading placed inside the text I read some times, having to leapfrog over the ads.  I get numerous pop ups also.

 

Please have me administer the very best in your opinion of applications to clean this stuff out and to keep ads and pop ups out. 

 

 



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 23 August 2015 - 01:12 PM

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 


  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 auklet

auklet

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:washington state and Ecuador
  • Local time:05:13 PM

Posted 27 August 2015 - 11:16 PM

Buddy...

 

AdwCleaner found in the registry HKCU/Software/Distromatic

 

I cleaned it.  It was the only finding. (I researched to find it is adware related, I believe.)

 

The computer rebooted, but a log did not appear.

 

I must have done something I should not have to not have a log appear ?   Will that be a show stopper for me ?  I ran the adware again just to try to get a log.  The search came up empty, of course.  But again I did not get a log when I rebooted. However there is a log tab and there is a log there. I would not save to my computer, but I can copy the contents and put on a notepad, but that would be rather useless anyway because it is not a log of my first scan which it had the findings I cited above. 

 

So I am confused and would like you to reply to my few questions.  Do I continue on ?    (I am glad the application did find something and that i did relate to Adware and I did clean it.)  While I wait for your reply, I will continue on with the other applications your recommended.



#4 carbon29094

carbon29094
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 28 August 2015 - 12:02 AM

Scan Results   of     Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by ADMIN 25 july 2015 on Thu 08/27/2015 at 23:49:46.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\ADMIN 25 july 2015\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\ADMIN 25 july 2015\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\ADMIN 25 july 2015\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\ADMIN 25 july 2015\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/27/2015 at 23:51:46.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 buddy215

buddy215

  • BC Advisor
  • 12,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 28 August 2015 - 11:50 AM

auklet aka carbon29094....you were being given the best help in the Malware Removal forum. It would be against the BC's rules for 

me to respond to this topic further. If you need help with following the instructions in the Malware Removal forum....just ask for it there. They are very friendly and

won't bite.


Edited by buddy215, 28 August 2015 - 11:51 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 carbon29094

carbon29094
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 28 August 2015 - 06:40 PM

I purposely used two user names to distinguish without any possibility of mistake between my first computer, a Lenovo, and this one I am working on my HP computer. 

 

Do you continue to suggest I go to the Removal forum at this time ?

 

ESET scan results:

 

C:\$Recycle.Bin\S-1-5-21-2534670495-1677873791-10830635-1001\$RVSQF44.exe  

 Win32/MyPCBackup.B potentially unwanted application    deleted - quarantined
 



#7 buddy215

buddy215

  • BC Advisor
  • 12,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 29 August 2015 - 06:19 AM

I suggested you finish up at the Malware Removal Forum with the Lenovo. Using two BC accounts caused confusion....did not simplify. I'll let the admins decide what

to do about that.

 

Concerning the HP computer ONLY:

Post the three lists mentioned below using CCleaner.

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 29 August 2015 - 06:20 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 carbon29094

carbon29094
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 30 August 2015 - 01:34 PM

CCleaner, sections separated by big space:

 

startup

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    cdloader    magicJack L.P.    "C:\Users\USER\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
No    HKCU:Run    DAEMON Tools Lite    Disc Soft Ltd    "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Yes    HKCU:Run    WordWeb    WordWeb Software    "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
Yes    HKLM:Run    Apoint    Alps Electric Co., Ltd.    C:\Program Files\Apoint2K\Apoint.exe
Yes    HKLM:Run    ISCT Tray    Intel Corporation    C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
No    HKLM:Run    PowerDVD14Agent    CyberLink Corp.    "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
Yes    HKLM:Run    QuickTime Task    Apple Inc.    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes    Startup User    Send to OneNote.lnk    Microsoft Corporation    C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

 

 

scheduled tasks

 

No    Task    Optimize Start Menu Cache Files-S-1-5-21-2534670495-1677873791-10830635-1001

 

 

 

uninstall

Adobe Flash Player 18 NPAPI    Adobe Systems Incorporated    8/16/2015    17.8 MB    18.0.0.232
Adobe Reader XI (11.0.12)    Adobe Systems Incorporated    7/15/2015    187 MB    11.0.12
AIMP3    AIMP DevTeam    8/13/2014        v3.55.1345, 26.03.2014
ALPS Touch Pad Driver    Alps Electric    5/20/2015        8.1202.1711.102
Apple Application Support (32-bit)    Apple Inc.    6/17/2015    94.2 MB    3.1.3
Apple Application Support (64-bit)    Apple Inc.    6/17/2015    109 MB    3.1.3
Apple Mobile Device Support    Apple Inc.    6/17/2015    27.9 MB    8.1.1.3
Apple Software Update    Apple Inc.    9/4/2014    2.38 MB    2.1.3.127
Bonjour    Apple Inc.    9/4/2014    2.00 MB    3.0.0.10
CCleaner    Piriform    8/15/2015        5.08
CyberLink PowerDVD 14    CyberLink Corp.    8/13/2014    440 MB    14.0.3917.58
DAEMON Tools Lite    Disc Soft Ltd    8/13/2014        4.49.1.0356
HP Support Solutions Framework    Hewlett-Packard Company    4/13/2015    8.16 MB    11.51.0049
HP Wireless Button Driver    Hewlett-Packard Company    12/30/2014    733 KB    1.0.6.1
Intel® Processor Graphics    Intel Corporation    8/29/2015        10.18.14.4264
Intel® Smart Connect Technology    Intel Corporation    9/3/2014    31.1 MB    5.0.10.2850
IrfanView (remove only)    Irfan Skiljan    8/25/2015    3.00 MB    4.40
iTunes    Apple Inc.    6/17/2015    233 MB    12.1.2.27
KMSpico v9.1.3        8/13/2014    19.2 MB    9.1.3
magicJack    magicJack L.P.    9/11/2014        4.1.7574.5297
Malwarebytes Anti-Malware version 2.1.8.1057    Malwarebytes Corporation    8/28/2015    64.6 MB    2.1.8.1057
MBT Desktop Pro    MB Trading, Inc.    1/29/2015        2.2.0.72
Microsoft Office Professional Plus 2013    Microsoft Corporation    8/14/2014        15.0.4569.1506
Microsoft Silverlight    Microsoft Corporation    8/12/2015    150 MB    5.1.40728.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    8/14/2014    4.84 MB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    8/13/2014    10.2 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    8/13/2014    10.1 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    8/14/2014    10.1 MB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    2/13/2015    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    2/13/2015    11.1 MB    10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    2/13/2015        10.0.50903
Mozilla Firefox 40.0.3 (x86 en-US)    Mozilla    8/27/2015    85.0 MB    40.0.3
Mozilla Maintenance Service    Mozilla    8/27/2015    233 KB    40.0.3.5716
MSXML 4.0 SP3 Parser    Microsoft Corporation    8/13/2014    2.86 MB    4.30.2100.0
Nero 2014    Nero AG    8/13/2014    1.14 GB    15.0.02200
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN    Microsoft Corporation    2/13/2015        10.0.50903
QuickTime 7    Apple Inc.    6/17/2015    70.2 MB    7.76.80.95
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    8/13/2014        6.0.1.7285
Remo Recover FREE Edition 1.0    Remo Software    1/25/2015    61.6 MB    1.0.0.15
Revo Uninstaller Pro 3.1.4    VS Revo Group, Ltd.    8/3/2015    37.0 MB    3.1.4
SoftPerfect WiFi Guard version 1.0.5    SoftPerfect Research    3/23/2015    4.83 MB    1.0.5
thinkorswim    thinkorswim, Inc    9/2/2014        desktop
VLC media player 2.1.3    VideoLAN    8/13/2014        2.1.3
WinRAR 5.01 (64-bit)    win.rar GmbH    8/13/2014        5.01.0
WordWeb    WordWeb Software    10/14/2014        7
 

 

 

 



#9 buddy215

buddy215

  • BC Advisor
  • 12,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 30 August 2015 - 03:03 PM

Disable these Startups: Use CCleaner by clicking on each item to highlight and then choosing Disable, Remove or Uninstall on the right

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    cdloader    magicJack L.P.    "C:\Users\USER\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"

Yes    HKLM:Run    QuickTime Task    Apple Inc.    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

Yes    Startup User    Send to OneNote.lnk    Microsoft Corporation    C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

 

That should do it.

Question...do you actually use MagicJack day to day? I've never read anything good about that product.....almost all credible reviews are bad.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 carbon29094

carbon29094
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 03 September 2015 - 10:00 AM

"That should do it."      Do you recommend I go to the removal forum ?  .........   FRST search, etc.  ?

 

re.  Magic Jack:   Disclosure:  Even though I have used it extensively since early 2009, I have limited myself to using only its original product; I still use its MJ orginal [basic] device extensively and am completely dependent on it.  I have had a few issues with it, but support (chat) support was excellent.  It has a large FAQ resource that is broken pretty well into categories allowing a quick reach for answers generally.  Having said that, I have gone into chat a number of times which was quick to get someone and on a scale to 10 has been at least an 8 experience.  I have traveled a lot with it overseas, and it has not failed me.   I am not an expatriate, but when I go into those communities, I find MJ and SKYPE extensively used with the exception that MJ is not video capable (that I am aware of).  In these communities, a MJ "common" phone book of sorts is used, and folks love it.  

   I carry when I travel a back up.  I have MJ + in the event my original fails.  MJ+ has even more capability suitable for the traveler, but I continue to use the original which is a testimonial, I suppose, for how easily it works for me.  I have come across in the web a discouraging word once, maybe twice about MJ's mobile application.  I hope when I find its use applicable for me some day, the bugs will be worked out.  

 

"That should do it."      Do you recommend I go to the removal forum ?  .........   FRST search, etc.  ?



#11 buddy215

buddy215

  • BC Advisor
  • 12,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 03 September 2015 - 11:24 AM

Thanks for the MJ info.

 

No, I see no need for further assistance at this time......happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users